Discovery credentials are the CLI, SNMPv2c, SNMPv3, HTTP(S), and NETCONF configuration values for the devices that you want
to discover. You must specify the credentials based on the types of devices you are trying to discover:
-
Network devices: CLI and SNMP credentials.
Note
|
For NETCONF-enabled devices such as embedded wireless controllers, you must specify SSH credentials with admin privilege and
select the NETCONF port.
|
-
Compute devices (NFVIS): CLI, SNMP, and HTTP(S) credentials.
Because the various devices in a network can have different sets of credentials, you can configure multiple sets of credentials
in Catalyst Center. The discovery process iterates through all sets of credentials that are configured for the Discovery job until it finds
a set that works for the device.
If you use the same credential values for the majority of devices in your network, you can configure and save them to reuse
in multiple Discovery jobs. To discover devices with unique credentials, you can add job-specific Discovery credentials when
you run Discovery jobs. You can configure up to 10 global credentials for each credential type and define any five of them.
If you need to define a job-specific credential, you can define five global credentials and one job-specific credential for
each credential type.
To define credentials for a Discovery, click the menu icon and choose
. To continue, use the following procedures and discovery credential information:
Table 1. CLI Credentials
Field |
Description |
Name/Description |
Name or phrase that describes the CLI credentials.
If authentication fails for CLI, Catalyst Center retries the authentication process for 300 seconds (5 minutes).
|
Username |
Name that is used to log in to the CLI of the devices in your network.
|
Password |
Password that is used to log in to the CLI of the devices in your network.
For security reasons, re-enter the password as confirmation.
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Enable Password |
Password used to move to a higher privilege level in the CLI. Configure this password only if your network devices require
it.
For security reasons, re-enter the enable password.
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 2. SNMPv2c Credentials
Field |
Description |
Read
|
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Write
|
Note
|
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 3. SNMPv3 Credentials
Field |
Description |
Name/Description
|
Name or description of the SNMPv3 settings that you are adding.
|
Username |
Name associated with the SNMPv3 settings.
|
Mode
|
Security level that an SNMP message requires. Choose one of the following modes:
-
Authentication and Privacy: Provides both authentication and encryption.
-
Authentication, No Privacy: Provides authentication, but does not provide encryption.
-
No Authentication, No Privacy: Does not provide authentication or encryption.
|
Auth. Type
|
Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Choose one of the following authentication types:
Note
|
Catalyst Center does not support device discovery if only MD5 authentication type is configured on the device for software image version
17.14.1 and later.
If you wish to use MD5 authentication, it is recommended to configure SHA authentication as well for Catalyst Center to discover and manage devices running on software image 17.14.1 and later.
|
|
Auth. Password
|
SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must
be at least eight characters in length.
Note
|
-
Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum
password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords
results in devices not being discovered, monitored, or managed by Catalyst Center.
-
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Privacy Type
|
Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of the following privacy types:
-
AES128: 128-bit CBC mode AES for encryption.
-
CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.
-
CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.
|
Privacy Password
|
SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that
support encryption standards. Passwords (or passphrases) must be at least eight characters long.
Note
|
-
Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum
password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords
results in devices not being discovered, monitored, or managed by Catalyst Center.
-
Passwords are encrypted for security reasons and are not displayed in the configuration.
|
|
Table 4. SNMP Properties
Field |
Description |
Retries |
Number of times Catalyst Center tries to communicate with network devices using SNMP.
|
Timeout (in Seconds) |
Amount of time, in seconds, between retries. |
Table 5. HTTP(S) Credentials
Field |
Description |
Read
|
You can configure up to 10 HTTPS read credentials:
-
Name/Description: Name or description of the HTTPS credentials that you are adding.
-
Username: Name that is used to authenticate the HTTPS connection.
-
Password: Password that is used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in
the configuration.
The password cannot contain spaces or angle brackets (< >). Note that some Cisco IOS XE devices do not allow a question mark
(?).
-
Port: Number of the TCP/UDP port that is used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).
|
Write
|
You can configure up to 10 HTTPS write credentials:
-
Name/Description: Name or description of the HTTPS credentials that you are adding.
-
Username: Name that is used to authenticate the HTTPS connection.
-
Password: Password that is used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in
the configuration.
The password cannot contain spaces or angle brackets (< >). Note that some Cisco IOS XE devices do not allow a question mark
(?).
-
Port: Number of the TCP/UDP port that is used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).
|
Table 6. NETCONF Setting
Field |
Description |
Port
|
Port on the device. You can use one of the following ports:
-
Port 830 (default).
-
Any other port that is available on the device.
-
A custom port that Catalyst Center configures. (You can use a custom port only if Device Controllability is enabled. For more information, see the Device Controllability
section in the Cisco Catalyst Center Administrator Guide.)
If authentication fails for NETCONF, Catalyst Center retries the authentication process for 300 seconds (5 minutes).
Discovery accepts and validates multiple credentials and only adds devices with working credentials to your inventory. So,
if a NETCONF connectivity failure occurs during the discovery process, Catalyst Center adds the device without a NETCONF port. However, if you add a device (that’s not NETCONF enabled) manually to your inventory
with the NETCONF credential, Catalyst Center displays the error “Managed: Netconf Connection Failure” if there’s no response to the RPC request on the NETCONF port. In
both cases, if the device is added without the NETCONF port and if any application uses only NETCONF to collect data, Catalyst Center displays the missing NETCONF port error. If any application uses the CLI credentials when NETCONF is not configured, Catalyst Center displays the device in the managed state because the device is using the CLI credentials.
|