Discover Your Network

Discovery overview

The Discovery feature scans the devices in your network and sends the list of discovered devices to inventory.

The Discovery feature also works with the Device Controllability feature to configure the required network settings on devices, if these settings are not already present on the devices.

There are four ways for you to discover devices:

  • Use Cisco Discovery Protocol (CDP) and provide a seed IP address.

  • Specify a range of IP addresses. (A maximum range of 4096 devices is supported.)

  • Use Link Layer Discovery Protocol (LLDP) and provide a seed IP address.

  • Use Classless Inter-Domain Routing (CIDR) and provide a seed IP address.

When configuring the Discovery criteria, remember that there are settings that you can use to help reduce the amount of time it takes to discover your network:

  • CDP Level and LLDP Level: If you use CDP or LLDP as the Discovery method, you can set the CDP or LLDP level to indicate the number of hops from the seed device that you want to scan. The default, level 16, might take a long time on a large network. So, if fewer devices have to be discovered, you can set the level to a lower value.

  • Prefix Length: If you use CIDR as a discovery method, you can set the prefix length value ranging from 20 to 30. The default value is 30.

  • Subnet Filters: If you use an IP address range, you can specify devices in specific IP subnets for Discovery to ignore.

  • Preferred Management IP: Whether you use CDP, LLDP, CIDR, or an IP address range, you can specify whether you want Catalyst Center to add any of the device's IP addresses or only the device loopback address.


    Note


    For Cisco SD-Access Fabric and Cisco Catalyst Assurance, we recommend that you specify the device loopback address.


Regardless of the method you use, you must be able to reach the device from Catalyst Center and configure specific credentials and protocols in Catalyst Center to discover your devices. These credentials can be configured and saved in the Design > Network Settings > Device Credentials window or on a per-job basis in the Discovery window.


Note


If a device uses a first hop resolution protocol, such as Hot Standby Router Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP), the device might be discovered and added to the inventory along with its floating IP address. Later, if HSRP or VRRP fails, the IP address might be reassigned to a different device. This situation can cause issues with the data that Catalyst Center retrieves for analysis.


Discovery Dashboard

From the main menu, choose Tools > Discovery to view the Discovery Dashboard. The Discovery Dashboard shows the inventory overview, latest discovery, discovery type, discovery status, and recent discoveries.

Discovery prerequisites

Before you run Discovery, complete these minimum prerequisites:

  • Understand what devices will be discovered by Catalyst Center by viewing the Cisco Catalyst Center Compatibility Matrix.

  • Understand that the preferred network latency between Catalyst Center and devices is 100 ms round-trip time (RTT). (The maximum latency is 200 ms RTT.)

  • Ensure that at least one SNMP credential is configured on your devices for use by Catalyst Center. At a minimum, this configuration can be an SNMPv2C read credential. For more information, see Discovery credentials.

  • Configure SSH credentials on the devices you want Catalyst Center to discover and manage. Catalyst Center discovers and adds a device to its inventory if at least one of these criteria is met:

    • The account that is being used by Catalyst Center to SSH into your devices has privileged EXEC mode (level 15).

    • You configure the device’s enable password as part of the CLI credentials configured in the Discovery job. For more information, see Discovery configuration guidelines and limitations.

Discovery credentials

Discovery credentials are the CLI, SNMPv2c, SNMPv3, HTTP, HTTPS, and NETCONF configuration values for the devices that you want to discover. You must specify the credentials based on the types of devices you are trying to discover:

  • Network devices: CLI and SNMP credentials.


    Note


    For NETCONF-enabled devices such as embedded wireless controllers, you must specify SSH credentials with admin privilege and select the NETCONF port.


  • Compute devices (NFVIS): CLI, SNMP, HTTP, and HTTPS credentials.

Because the various devices in a network can have different sets of credentials, you can configure multiple sets of credentials in Catalyst Center. The discovery process iterates through all sets of credentials that are configured for the Discovery job until it finds a set that works for the device.

If you use the same credential values for the majority of devices in your network, you can configure and save them to reuse in multiple Discovery jobs. To discover devices with unique credentials, you can add job-specific Discovery credentials when you run Discovery jobs. You can configure up to 10 global credentials for each credential type and define any five of them. If you need to define a job-specific credential, you can define five global credentials and one job-specific credential for each credential type.

To define credentials for a Discovery, click the menu icon and choose Tools > Discovery > Add Discovery. To continue, use these procedures and discovery credential information:

Table 1. CLI credentials
Field Description
Name/Description

Name or phrase that describes the CLI credentials.

If authentication fails for CLI, Catalyst Center retries the authentication process for 300 seconds (5 minutes).

Username

Name that is used to log in to the CLI of the devices in your network.

Password

Password that is used to log in to the CLI of the devices in your network.

For security reasons, re-enter the password as confirmation.

Note

 

Passwords are encrypted for security reasons and are not displayed in the configuration.

Enable Password

Password used to move to a higher privilege level in the CLI. Configure this password only if your network devices require it.

For security reasons, re-enter the enable password.

Note

 

Passwords are encrypted for security reasons and are hidden in the configuration.

Table 2. SNMPv2c credentials
Field Description

Read

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Read Community: Read-only community string password used only to view SNMP information on the device.

Note

 

Passwords are encrypted for security reasons and are hidden in the configuration.

Write

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Write Community: Write community string used to make changes to the SNMP information on the device.

Note

 

Passwords are encrypted for security reasons and are hidden in the configuration.

Table 3. SNMPv3 credentials
Field Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.

Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Select one of these modes:

  • Authentication and Privacy: Provides both authentication and encryption.

  • Authentication, No Privacy: Provides authentication, but does not provide encryption.

  • No Authentication, No Privacy: Does not provide authentication or encryption.

Auth. Type

Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Select one of these authentication types:

  • SHA: Authentication based on HMAC-SHA.

  • MD5 (not recommended): Authentication based on HMAC-MD5.

Auth. Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note

 
  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.

  • Passwords are encrypted for security reasons and are hidden in the configuration.

Privacy Type

Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Select one of these privacy types:

  • AES128: 128-bit CBC mode AES for encryption.

  • CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.

  • CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support encryption standards. Passwords (or passphrases) must be at least eight characters long.

Note

 
  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.

  • Passwords are encrypted for security reasons and are hidden in the configuration.

Table 4. SNMP properties
Field Description
Retries Number of times Catalyst Center tries to communicate with network devices using SNMP.
Timeout (in Seconds) Amount of time, in seconds, between retries.
Table 5. HTTP and HTTPS credentials
Field Description

Type

Specifies the kind of HTTPS credentials you are configuring. Valid types are Read or Write.

Read

You can configure up to 10 HTTPS read credentials:

  • Name/Description: Name or description of the HTTPS credentials that you are adding.

  • Username: Name used to authenticate the HTTPS connection.

  • Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.

  • Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).

The password must contain between 7 and 128 characters, including at least one of these characters:

  • Lowercase letter (a to z)

  • Uppercase letter (A to Z)

  • Number (0 to 9)

  • Special character: # _ * ? –

Note

 

The password cannot contain spaces or angle brackets (< >). Some Cisco IOS XE devices do not allow a question mark (?).

Write

You can configure up to 10 HTTPS write credentials:

  • Name/Description: Name or description of the HTTPS credentials that you are adding.

  • Username: Name used to authenticate the HTTPS connection.

  • Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.

  • Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).

The password must contain between 7 and 128 characters, including at least one of these characters:

  • Lowercase letter (a to z)

  • Uppercase letter (A to Z)

  • Number (0 to 9)

  • Special character: # _ * ? –

Note

 

The password cannot contain spaces or angle brackets (< >). Some Cisco IOS XE devices do not allow a question mark (?).

Table 6. NETCONF setting
Field Description

Port

Port on the device. You can use one of these ports:

  • Port 830 (default).

  • Any other port that is available on the device.

  • A custom port that Catalyst Center configures. (You can use a custom port only if Device Controllability is enabled. For more information, see the Device Controllability section in the Cisco Catalyst Center Administrator Guide.)

If authentication fails for NETCONF, Catalyst Center retries the authentication process for 300 seconds (5 minutes).

Discovery credentials and Cisco ISE

If you are using Cisco ISE as an authentication server, the Discovery feature authenticates devices using Cisco ISE as part of the discovery process. To make sure that your devices are discovered properly, follow these guidelines:

  • Do not use Discovery credentials that have fewer than 4 alphanumeric characters. Although devices may have credentials with fewer than 4 alphanumeric characters, Cisco ISE allows 4 alphanumeric characters as the minimum username and password length. If the device credentials have fewer than 4 characters, Catalyst Center cannot collect the device’s inventory data, and the device will go into a partial collection state.

  • Do not use credentials that have the same username, but different passwords (cisco/cisco123 and cisco/pw123). While Catalyst Center allows the discovery of devices with the same username but different passwords, Cisco ISE does not allow that kind of discovery. If a duplicate username is used, Catalyst Center cannot authenticate the device and collect its inventory data, and the device will go into a partial collection state.

For information on how to define Cisco ISE as a AAA server, see Add Cisco ISE or other AAA servers.

Guidelines and limitations for Discovery credentials

Here are the guidelines and limitations for the Catalyst Center Discovery credentials:

  • To change the device credentials used in a Discovery job, you need to edit the Discovery job and deselect the credentials that you no longer want to use. Then, you need to add the new credentials and start the discovery. For more information, see Change credentials in a Discovery job.

  • If you change a device's credential after successfully discovering the device, subsequent polling cycles for that device fail. To correct this situation, use one of these options:

    • Use the Discovery tool to:

      • Run a new Discovery job with job-specific credentials that match the device's new credential.

      • Edit the existing Discovery job and rerun the Discovery job.

    • Use the Design tool to:

      • Create a new global credential and run a new Discovery job using the correct global credential.

      • Edit an existing global credential and use Copy & Edit to recreate the Discovery job. Alternatively, create a new Discovery job.

  • If an ongoing Discovery polling cycle fails because of a device authentication failure, you can correct the situation using one of these options:

    • Use the Discovery tool to:

      • Stop or delete the current Discovery job and run a new Discovery job with job-specific credentials that match the device's credential.

      • Stop or delete the current Discovery job, edit the existing Discovery job, and rerun the Discovery job.

    • Use the Design tool to:

      • Create a new global credential and run a new Discovery job using the correct global credential.

      • Edit an existing global credential and use Copy & Edit to recreate the Discovery job. Alternately, create a new Discovery job.

  • Deleting a global credential does not affect previously discovered devices. The status of the previously discovered devices does not indicate an authentication failure. However, the next Discovery job that tries to use the deleted credential will fail. The Discovery job will fail before it tries to contact any devices.

Discovery credentials example

The devices that form a typical network can have widely varying Discovery requirements. Catalyst Center lets you create multiple Discovery jobs to support these varying requirements. For example, assume that a network has 200 devices that form a Cisco Discovery Protocol (CDP) neighborhood. In this network, 190 devices share a global credential (Credential 0) and the remaining devices each have their own unique credential (Credential-1 through Credential-10).

For FIPS mode deployment, the discovery password must contain at least 8 characters.

To discover all the devices in this network using Catalyst Center, do this procedure:

Procedure


Step 1

Configure the CLI global credentials as Credential-0.

Step 2

Configure the SNMP (v2c or v3) global credentials.

Step 3

Run a Discovery job using one of the 190 device IP addresses (190 devices that share the global credentials) and the global Credential-0.

Step 4

Run 10 separate Discovery jobs for each of the remaining 10 devices using the appropriate job-specific credentials, such as Credential-1, Credential-2, Credential-3, and so on.

Step 5

Review the results in the Inventory window.


Preferred management IP address

When Catalyst Center discovers a device, it uses one of the device's IP addresses as the preferred management IP address. The IP address can be that of a built-in management interface of the device, another physical interface, or a logical interface such as Loopback0. You can configure Catalyst Center to use the device's loopback IP address as the preferred management IP address, provided the IP address is reachable from Catalyst Center.

When you select Use Loopback IP as the preferred management IP address, Catalyst Center determines the preferred management IP address as described in this table:

Table 7. Preferred management IP address determination criteria

If

Then

If the device has one loopback interface

Catalyst Center uses that loopback interface IP address.

If the device has multiple loopback interfaces

Catalyst Center uses the loopback interface with the highest IP address.

If there is no loopback interface

Catalyst Center uses the Ethernet interface with the highest IP address. (Subinterface IP addresses are not considered.) uses the loopback interface with the highest IP address.

If there are no Ethernet interfaces

Catalyst Center uses the serial interface with the highest IP address.

After a device is discovered, you can update the management IP address from the Inventory window. For more information, see Update a device management IP address.

Discovery configuration guidelines and limitations

This section describes the limitations and guidelines of device discovery.

  • These are the guidelines and limitations for Catalyst Center to discover your Cisco Catalyst 3000 Series Switches and Catalyst 6000 Series Switches:

    • Configure the CLI username and password with privileged EXEC mode (level 15). These credentials are the same CLI username and password that you configure in Catalyst Center for the Discovery function. Catalyst Center requires the highest access level to the device.

    • Explicitly specify the transport protocols allowed on individual interfaces for both incoming and outgoing connections. Use the transport input and transport output commands for this configuration. For information about these commands, see the command reference document for the specific device type.

    • Don’t change the default login method for a device's console port and the VTY lines. If a device is already configured with a AAA (TACACS) login, make sure that the CLI credential defined in the Catalyst Center is the same as the TACACS credential defined in the TACACS server.

  • These are the guidelines and limitations for Catalyst Center to discover your wireless controllers and APs:

    • Cisco Wireless Controllers must be discovered using the management IP address instead of the service port IP address. If not, the related wireless controller 360 and AP 360 windows won’t display any data.

    • After the wireless controllers are discovered, Catalyst Center displays the list of associated APs in the inventory. The listed APs are connected to the wireless controller either during the discovery or through inventory sync.


      Note


      For any new APs that join the wireless controller after the inventory sync:

      • If the wireless controller isn't assigned to a site or provisioned in Catalyst Center, you must do a manual resync.

      • If the wireless controller is assigned to a site, when a new AP joins the wireless controller, an SNMP trap is triggered. Using this SNMP trap, Catalyst Center discovers the newly joined AP. A manual resync isn't necessary.

      • If the wireless controller is assigned to a site, Device Controllability must be enabled. If Device Controllability is disabled during the site assignment and later enabled, you must manually sync new APs.


  • Third-party devices can’t be discovered with the Catalyst Center discovery feature. You must add the third-party devices manually to your network. For more information, see Add a third-party device.

Do Discovery

You can discover devices using Link Layer Discovery Protocol (LLDP), CDP, CIDR, or an IP address range.

Your devices must have the required device configurations, as described in Discovery prerequisites.

  • For IP address range discovery, only ping-reachable devices are included in the list of discovered devices. Ping-unreachable devices are ignored and aren't included in the list of discovered devices.

  • For CDP-, CIDR- and LLDP-based discovery, because CDP, CIDR and LLDP protocols respond to even ping-unreachable IPs, ping-unreachable devices are included in the list of discovered devices.

  • For CDP-, CIDR- and LLDP-based discovery, configure your network device's host IP address as the client IP address. (A host is an end-user device, such as a laptop computer or mobile device.)

  • The Discovery function requires the correct SNMP read-only community string. If an SNMP read-only community string is not provided, as a best effort, the Discovery function uses the default SNMP read-only community string, public.

  • During discovery, devices that are already discovered and associated with a site are skipped for site assignment.

  • CLI credentials are not required to discover hosts; hosts are discovered through the network devices to which they are connected.

  • During discovery using SNMPv3 credentials, Catalyst Center pushes the SNMPv3 credentials with the default SNMP user group to the devices ignoring the existing user group on the device.

  • If you choose Discover new devices only, the discovery adds only the new devices to the inventory. The discovery doesn’t update anything for existing devices in the inventory.

Discover your network using CDP

You can discover devices using Cisco Discovery Protocol (CDP), an IP address range, CIDR, or LLDP. This procedure shows you how to discover devices and hosts using CDP. For more information about the other discovery methods, see Discover your network using an IP address range or CIDR and Discover your network using LLDP.


Note


  • The Discovery function requires the correct SNMP Read Only (RO) community string. If an SNMP RO community string is not provided, as a best effort, the Discovery function uses the default SNMP RO community string, public.

  • CLI credentials are not required to discover hosts; hosts are discovered through the network devices to which they are connected.


Before you begin

  • Enable CDP on your network devices.

  • Configure your network devices, as described in Discovery prerequisites.

  • Configure your network device's host IP address as the client IP address. (A host is an end-user device, such as a laptop computer or mobile device.)

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

In the Discovery window, click Add Discovery.

Step 3

In the Discover Devices window, complete these fields:

  1. Enter a name for the discovery job.

  2. Under Discovery Type, select CDP.

  3. In the IP Address field, enter a seed IP address for Catalyst Center to start the Discovery scan.

  4. (Optional) In the Subnet Filter field, enter an IP address or subnet to exclude from the Discovery scan.

    You can enter addresses either as an individual IP address (x.x.x.x ) or as a classless inter-domain routing (CIDR) address (x.x.x.x/y) , where x.x.x.x refers to the IP address and y refers to the subnet mask. The subnet mask can be a value from 20 to 32.

  5. Click .

    Repeat Step d and Step e to exclude multiple subnets from the Discovery job.

  6. (Optional) In the CDP Level field, enter the number of hops from the seed device that you want to scan.

    Valid values are from 1 to 16. The default value is 16. For example, CDP level 3 means that CDP will scan up to three hops from the seed device.

  7. For Preferred Management IP, select one of these options:

    Option

    Description

    None

    Allows the device to use any of its IP addresses.

    Use Loopback IP

    Specify the device's loopback interface IP address.

    Note

     

    If you select Use Loopback IP and the device does not have a loopback interface, Catalyst Center selects a management IP address using the logic described in Preferred management IP address.

    Note

     

    To use the loopback interface IP address as the preferred management IP address, make sure that the CDP neighbor's IP address is reachable from Catalyst Center.

Step 4

In the Provide Credentials window, configure the discovery credentials and other settings as required.

Enter at least one CLI credential and one SNMP credential that Catalyst Center will configure for the devices it discovers. You can have a maximum of five global credentials and one task-specific credential for each type. For more details, see Discovery credentials.

  1. In the left pane, click CLI to add CLI credentials.

  2. Expand SNMP to add SNMP credentials.

  3. Expand Advanced Settings and configure these settings:

    Setting

    Task

    Protocol Order

    Select SSH or Telnet. If you select both, you can specify the order in which they are used by dragging the protocols up or down.

    SNMP Polling Properties

    Use the global SNMP polling properties defined in the Network Settings > Device Credentials window or modify for this discovery instance.

    Note

     

    You can configure other credentials such as, NETCONF, HTTP, and HTTPS, if required.

Step 5

In the Schedule Job window, do these steps:

  1. Click Now to start device discovery immediately or click Later to schedule device discovery at a specific time.

    If you select the Daily or Weekly recurrence option, the Discover new devices only option is disabled.

  2. Click the toggle button to enable or disable the Discover new devices only option.

  3. Click the Assign devices to an existing site link.

    The Visibility and Control of Configurations dialog box appears with information about the settings that will be enabled on the devices during site assignment. If Visibility of Configurations is enabled and a site is assigned during discovery, a configuration preview will not be generated.

    During the discovery workflow, devices can be assigned to existing sites only, new site creation is not supported.

    In the dialog box, select any one of these options:

    Option

    Task

    Assign to site without Configuration Preview

    Use the Search Hierarchy search field or the filter icon to find a site, building, or area. For more details, see Search the network hierarchy.

    Skip site assignment for now

    Use this option if you want the devices to be assigned to sites later from inventory.

Step 6

In the Summary window, review the configuration settings. (To make any changes, click Edit.)

Step 7

Click Start Discovery.

You can view the status of the task in the Activities > Tasks window.


What to do next

The Device Discovery window displays an option to view the discovered devices based on the site assignment. Use this option to view devices assigned to a site or a network or the unassigned devices in the inventory.

Discover your network using an IP address range or CIDR

You can discover devices using an IP address range, CIDR, CDP, or LLDP. This procedure shows you how to discover devices and hosts using an IP address range, or CIDR. For more information about the other Discovery methods, see Discover your network using CDP, and Discover your network using LLDP.

Before you begin

Your devices must have the required device configurations, as described in Discovery prerequisites.

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

In the Discovery window, click Add Discovery.

Step 3

In the Discover Devices window, complete these fields:

  1. Enter a name for the discovery job.

  2. Under Discovery Type, choose IP Address/Range, or CIDR.

  3. If you choose IP Address/Range discovery type, do these steps:

    1. In the From and To fields, enter the beginning and ending IP addresses (IP address range) for Catalyst Center to scan, and click .

      You can enter a single IP address range or multiple IP addresses for the discovery scan.

      Note

       

      Cisco Wireless Controllers must be discovered using the Management IP address instead of the Service Port IP address. If not, the related wireless controller 360 and AP 360 pages will not display any data.

    2. (Optional) Repeat the previous step to enter additional IP address ranges.

  4. If you choose CIDR discovery type, do these steps:

    1. In the IP Address field, enter a seed IP address for Catalyst Center to start the Discovery scan.

    2. In the Subnet Filter field, enter an IP address or subnet to exclude from the Discovery scan.

      You can enter addresses either as an individual IP address (x.x.x.x ) or as a classless inter-domain routing (CIDR) address (x.x.x.x/y) , where x.x.x.x refers to the IP address and y refers to the subnet mask. The subnet mask can be a value from 20 to 32.

    3. Click .

      (Optional) Repeat the previous steps to exclude multiple subnets from the Discovery job.

    4. In the Prefix Length field, enter the value of prefix length. The valid value ranges from 20 to 30.

  5. For Preferred Management IP Address, choose one of these options:

    • None: Allows the device to use any of its IP addresses.

    • Use Loopback IP: Specify the device's loopback interface IP address.

      Note

       

      If you choose Use Loopback IP and the device does not have a loopback interface, Catalyst Center chooses a management IP address using the logic described in Preferred management IP address.

Step 4

In the Provide Credentials window, configure the discovery credentials and other settings as required.

Enter at least one CLI credential and one SNMP credential that Catalyst Center will configure for the devices it discovers. You can have a maximum of five global credentials and one task-specific credential for each type. For more details, see Discovery credentials.

  1. In the left pane, click CLI to add CLI credentials.

  2. Expand SNMP to add SNMP credentials.

  3. Expand Advanced Settings and configure these settings:

    Setting

    Task

    Protocol Order

    Select SSH or Telnet. If you select both, you can specify the order in which they are used by dragging the protocols up or down.

    SNMP Polling Properties

    Use the global SNMP polling properties defined in the Network Settings > Device Credentials window or modify for this discovery instance.

    Note

     

    You can configure other credentials such as, NETCONF, HTTP, and HTTPS, if required.

Step 5

In the Schedule Job window, do these steps:

  1. Click Now to start device discovery immediately or click Later to schedule device discovery at a specific time.

    If you select the Daily or Weekly recurrence option, the Discover new devices only option is disabled.

  2. Click the toggle button to enable or disable the Discover new devices only option.

  3. Click the Assign devices to an existing site link.

    The Visibility and Control of Configurations dialog box appears with information about the settings that will be enabled on the devices during site assignment. If Visibility of Configurations is enabled and a site is assigned during discovery, a configuration preview will not be generated.

    During the discovery workflow, devices can be assigned to existing sites only, new site creation is not supported.

    In the dialog box, select any one of these options:

    Option

    Task

    Assign to site without Configuration Preview

    Use the Search Hierarchy search field or the filter icon to find a site, building, or area. For more details, see Search the network hierarchy.

    Skip site assignment for now

    Use this option if you want the devices to be assigned to sites later from inventory.

Step 6

In the Summary window, review the configuration settings. (To make any changes, click Edit.)

Step 7

Click Start Discovery.

You can view the status of the task in the Activities > Tasks window.


What to do next

The Device Discovery window displays an option to view the discovered devices based on the site assignment. Use this option to view devices assigned to a site or a network or the unassigned devices in the inventory.

Discover your network using LLDP

You can discover devices using Link Layer Discovery Protocol (LLDP), CDP, CIDR, or an IP address range. This procedure shows you how to discover devices and hosts using LLDP. For more information about the other discovery methods, see Discover your network using CDP and Discover your network using an IP address range or CIDR.


Note


  • The Discovery function requires the correct SNMP Read Only (RO) community string. If an SNMP RO community string is not provided, as a best effort, the Discovery function uses the default SNMP RO community string, public.

  • CLI credentials are not required to discover hosts; hosts are discovered through the network devices to which they are connected.


Before you begin

  • Enable LLDP on your network devices.

  • Configure your network devices, as described in Discovery prerequisites.

  • Configure your network device's host IP address as the client IP address. (A host is an end-user device, such as a laptop computer or mobile device.)

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

In the Discovery window, click Add Discovery.

Step 3

In the Discover Devices window, complete these fields:

  1. Enter a name for the discovery job.

  2. Under Discovery Type, select LLDP.

  3. In the IP Address field, enter a seed IP address for Catalyst Center to start the Discovery scan.

  4. (Optional) In the Subnet Filter field, enter an IP address or subnet to exclude from the Discovery scan.

    You can enter addresses either as an individual IP address (x.x.x.x ) or as a classless inter-domain routing (CIDR) address (x.x.x.x/y) , where x.x.x.x refers to the IP address and y refers to the subnet mask. The subnet mask can be a value from 20 to 32.

  5. Click .

    Repeat Step c and Step d to exclude multiple subnets from the Discovery job.

  6. (Optional) In the LLDP Level field, enter the number of hops from the seed device that you want to scan.

    Valid values are from 1 to 16. The default value is 16. For example, LLDP level 3 means that LLDP will scan up to three hops from the seed device.

  7. For Preferred Management IP, select one of these options:

    • None: Allows the device use any of its IP addresses.

    • Use Loopback IP: Specify the device's loopback interface IP address.

      Note

       

      If you select this option and the device does not have a loopback interface, Catalyst Center selects a management IP address using the logic described in Preferred management IP address.

      Note

       

      To use the loopback interface IP address as the preferred management IP address, make sure that the LLDP neighbor's IP address is reachable from Catalyst Center.

Step 4

In the Provide Credentials window, configure the discovery credentials and other settings as required.

Enter at least one CLI credential and one SNMP credential that Catalyst Center will configure for the devices it discovers. You can have a maximum of five global credentials and one task-specific credential for each type. For more details, see Discovery credentials.

  1. In the left pane, click CLI to add CLI credentials.

  2. Expand SNMP to add SNMP credentials.

  3. Expand Advanced Settings and configure these settings:

    Setting

    Task

    Protocol Order

    Select SSH or Telnet. If you select both, you can specify the order in which they are used by dragging the protocols up or down.

    SNMP Polling Properties

    Use the global SNMP polling properties defined in the Network Settings > Device Credentials window or modify for this discovery instance.

    Note

     

    You can configure other credentials such as, NETCONF, HTTP, and HTTPS, if required.

Step 5

In the Schedule Job window, do these steps:

  1. Click Now to start device discovery immediately or click Later to schedule device discovery at a specific time.

    If you select the Daily or Weekly recurrence option, the Discover new devices only option is disabled.

  2. Click the toggle button to enable or disable the Discover new devices only option.

  3. Click the Assign devices to an existing site link.

    The Visibility and Control of Configurations dialog box appears with information about the settings that will be enabled on the devices during site assignment. If Visibility of Configurations is enabled and a site is assigned during discovery, a configuration preview will not be generated.

    During the discovery workflow, devices can be assigned to existing sites only, new site creation is not supported.

    In the dialog box, select any one of these options:

    Option

    Task

    Assign to site without Configuration Preview

    Use the Search Hierarchy search field or the filter icon to find a site, building, or area. For more details, see Search the network hierarchy.

    Skip site assignment for now

    Use this option if you want the devices to be assigned to sites later from inventory.

Step 6

In the Summary window, review the configuration settings. (To make any changes, click Edit.)

Step 7

Click Start Discovery.

You can view the status of the task in the Activities > Tasks window.


What to do next

The Device Discovery window displays an option to view the discovered devices based on the site assignment. Use this option to view devices assigned to a site or a network or the unassigned devices in the inventory.

Manage Discovery jobs

These sections provide information about how to manage the Discovery jobs.

Stop and start a Discovery job

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

To stop an active Discovery job, hover your cursor over the ellipsis icon () in the Actions column and select Stop Discovery.

Step 3

To restart an inactive Discovery job, hover your cursor over the ellipsis icon in the Actions column and select Re-discover.


Change credentials in a Discovery job

You can change the credentials used in a Discovery job and then rerun the Discovery job.

Before you begin

You should have created at least one Discovery job.

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

To copy a Discovery job, hover your cursor over the ellipsis icon () in the Actions column and choose Copy & Edit.

Catalyst Center creates a copy of the Discovery job, named Clone of Discovery_Job .

Step 3

(Optional) To change the name of the Discovery job, replace the default name in the Discovery Name field with a new name.

Step 4

In the New Discovery window, expand the Credentials area and choose any of the global credentials that have already been created, or configure your own.

If you want to use existing credentials, make sure that to select them. If you don't want to use a credential, deselect it.

Step 5

To configure your own credentials, click Add Credentials.

You must configure CLI and SNMPv2c credentials. All other credentials are optional. For field information, see Discovery credentials.

To save credentials for only the current job, click Save. To save them for the current job and future jobs, check the Save as global settings check box and then click Save.

Step 6

Click Discover.


Clone a Discovery job

You can clone a Discovery job and retain all the information defined for that job.

Before you begin

Run at least one Discovery job.

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

To copy a Discovery job, hover your cursor over the ellipsis icon () in the Actions column and select Copy & Edit.

Catalyst Center creates a copy of the Discovery job, named Clone of Discovery_Job .

Step 3

(Optional) To change the name of the Discovery job, replace the default name in the Discovery Name field with a new name.

Step 4

Define or update the parameters for the new Discovery job.


Delete a Discovery job

You can delete a Discovery job whether it is active or inactive.

Procedure


Step 1

From the main menu, choose Tools > Discovery.

Step 2

To delete a Discovery job, hover your cursor over the ellipsis icon () in the Actions column and select Delete.

Step 3

Click OK to confirm.