The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The process of finding network devices and hosts is known as discovery. The Discovery function scans the devices and hosts in your network and populates the Cisco APIC-EM database with the information that it retrieves. To discover devices and hosts, you need to provide the controller with information about the devices so that the Discovery function can reach as many of the devices in your network as possible and gather as much information as it can.
The Discovery function uses the following protocols and methods to retrieve device information, such as hosts IP addresses, MAC addresses, and network attachment points:
Cisco Discovery Protocol (CDP)
Community-based Simple Network Management Protocol Version 2 (SNMPv2c)
Simple Network Management Protocol version 3 (SNMPv3)
Link Layer Discovery Protocol (LLDP)
IP Device Tracking (IPDT) (For Discovery to collect host information, you must manually enable IPDT on devices. After IPDT is enabled, Discovery collects host information on a best-effort basis, because in addition to IPDT, Discovery relies on ARP entries for host information.)
LLDP Media Endpoint Discovery (LLDP-MED) (IP phones and some servers are discovered using LLDP-MED).
For information about the required protocol configuration for your devices, see Device Configuration Prerequisites.
The process of finding network devices and hosts is known as discovery. You populate the Cisco APIC-EM database by discovering the devices and hosts in your network. To discover network devices, you need to provide the Cisco APIC-EM with discovery credentials for the devices in your network in the form of SNMP settings and CLI credentials. When you perform a discovery, the Cisco APIC-EM scans the network and attempts to log in to newly found devices by presenting these credentials.
The Cisco APIC-EM uses the CDP, LLDP and wireless controller databases on the network devices to discover hosts, such as wireless laptops, handheld devices, printers, and IP phones. To discover wired laptops, the Cisco APIC-EM uses the IP Device Tracking database, which needs to be enabled on some switches. (This feature is enabled by default on some switches.)
Wireless LAN Controllers (WLCs) have additional setup requirements in order to be discovered. For more information, see Wireless LAN Controller Configuration.
The following are caveats for the Cisco APIC-EM discovery credentials:
If a device credential changes in a network device or devices after Cisco APIC-EM discovery is completed for that device or devices, any subsequent polling cycles for that device or devices will fail. To correct this situation, an administrator has following options:
If the ongoing discovery fails due to a device authentication failure (for example, the provided discovery credential is not valid for the devices discovered by current discovery), then the administrator has following options:
Stop or delete the current discovery. Create one or more new network discovery jobs (either a CDP or Range discovery type) with a job specific credential that matches the device credential.
Create a new global credential and execute a new discovery selecting the correct global credential.
Edit an existing global credential and re-run the discovery.
Deleting a global credential does not affect already discovered devices. These already discovered devices will not report an authentication failure.
The Cisco APIC-EM provides a REST API which allows the retrieval of the list of managed network devices in the Cisco APIC-EM inventory. The purpose of this API is to allow an external application to synchronize its own managed device inventory with the devices that have been discovered by the Cisco APIC-EM. For example, for Cisco IWAN scenarios, Prime Infrastructure makes use of this API in order to populate its inventory with the IWAN devices contained in the Cisco APIC-EM inventory in order to provide monitoring of the IWAN solution.
Note | Only the username is provided in clear text. SNMP community strings and passwords are not provided in cleartext for security reasons. |
To access the Discovery function, from the Navigation pane, click Discovery.
Name |
Description |
---|---|
Discoveries pane |
Lists the names of the discovery jobs that have been created, along with the method and IP addresses used for discovery. The list is divided between active and inactive discoveries. A successful scan (one with discovered and authenticated devices) has the number of discovered devices indicated to the right of the discovery name. An unsuccessful scan shows no box or number of devices discovered. From the Discoveries pane, clicking a discovery name displays information about the discovery in the Discovery Results pane. For information about the Discovery Results pane, see Understanding the Discovery Results. If you cannot find the discovery job that you want, enter an IP address used in the discovery job in the Search by Device IP field that is above the list of discovery jobs. |
New Discovery |
Displays a pane for configuring and starting new discovery jobs. For information, see Performing Discovery Using CDP and Performing Discovery Using an IP Address Range. |
Performing Discovery
You can discover devices and hosts using CDP.
You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.
CDP must be enabled on the devices in order for them to be discovered.
Your devices must have the required device configurations, as described in Device Configuration Prerequisites.
You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.
Your devices must have the required device configurations, as described in Device Configuration Prerequisites.
Step 1 | From the Navigation pane, click Discovery. | ||||||||||||||||||||||||||||||||||||||||||
Step 2 | From the Discovery window, click + New Discovery.
The New Discovery pane appears. | ||||||||||||||||||||||||||||||||||||||||||
Step 3 | In the Discovery Name field, enter a unique name for the discovery job. | ||||||||||||||||||||||||||||||||||||||||||
Step 4 | If the Discovery Details pane does not appear, click Add New. | ||||||||||||||||||||||||||||||||||||||||||
Step 5 | In the Discovery Name field, enter a unique name for this discovery. | ||||||||||||||||||||||||||||||||||||||||||
Step 6 | In the
IP
Ranges area, do the following:
| ||||||||||||||||||||||||||||||||||||||||||
Step 7 | Open the Credentials area and configure the credentials that you want to use for the discovery job.
You can configure credentials to be used for the current discovery job, or you can check the Save as global settings checkbox to save the credentials for future discovery jobs.
| ||||||||||||||||||||||||||||||||||||||||||
Step 8 | Click Start Discovery.
The Discoveries window displays the results of your scan. The Discovery Details pane shows the status (active or inactive) and the discovery configuration. The Discovery Devices pane displays the host names, IP addresses, and status of the discovered devices for the selected discovery. | ||||||||||||||||||||||||||||||||||||||||||
Step 9 | (Optional)To configure the protocols to be used to connect with devices, open the Advanced area and do the following: |
You can copy a discovery job and retain all of the information defined for the job, except the SNMP and CLI credentials. The SNMP and CLI credentials are included in the copy only if you used global credentials (saved in Settings) for the original job. If you defined specific (one-time only) SNMP and CLI credentials for the original job, the credentials are not copied.
You have created at least one discovery scan.
Step 1 | From the Navigation pane, click Discovery. |
Step 2 | From the Discoveries pane, select the discovery job. |
Step 3 | From the Discovery Details pane, click Copy.
The discovery job is copied, and the new job is named Copy of Discovery_Job. |
Step 4 | (Optional)Change the name of the discovery job. |
Step 5 | Define or update the SNMP and CLI credentials and any other parameters for the discovery job. |
You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.
You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.
The Discovery Results pane provides information about the selected scan.
To access the Discovery Results pane, do the following:
From the Navigation pane, click Discovery.
From the Discoveries pane, select the discovery job that you want to display.
The Discovery Results pane appears. See the following figures and table for information.
Name |
Description |
---|---|
Discovery Identification and Action Area |
Displays the following information:
From this area, you can delete, clone, edit, or start a discovery job. |
Discovery Details area |
Open this area to display detailed information about the parameters that were used to perform the discovery, including the CDP level (if used), protocol order, retry count, timeout value, IP address (seed) or range of IP addresses used, and IP address filter list. |
Credentials area |
Open this area to display the credentials used in the discovery job and identifies them as either global or job-specific. |
Last Runs area |
Open this area to display a table showing information about each iteration of the discovery job, including the job number, its status, an option to view the devices discovered, and the duration of the job. Clicking the View link in the Devices column opens the Devices pane. |
Devices pane |
(Shown when you open the Last Runs area and click the View link in the Devices column.) The devices pane displays the results of the device discovery in two forms:
|