Switches
Role
The manage_switches role is required to use this feature.
The switches page provides an overview of all switches in the network. It shows these switches independent of their respective groups and provides another perspective on the switches that are configured in the site.
Adding switches
Switches can be added to the site via a group or directly from the switches screen. In this section the fields that can be utilized when adding a switch from the switches page will be explained.
Group
Enter the group of which the switch should be a member. It is not possible to add a switch without a group membership.
Name
The name of the switch. It is recommended to keep this in sync with the hostname of the switch.
MAC address
The chassis MAC address of the switch.
Serial number
The serial number of the switch.
Monitoring profile
The identifier of the profile to be used with a third-party monitoring provider such as Zabbix.
Hardware
Type
The type of the switch, C1000-16P-2G-L for example. If the switch is present in our database, PoE budget and port definition are automatically configured correctly when you finish typing the hardware identifier or click one from the drop-down list of suggestions.
PoE Budget
The total PoE budget that the switch can provide to devices. This is used to calculate available PoE budget and suggest device placement.
Port definition
A single physical switch can have a variety of port (ranges) with indices combined with string prefixes such that all ports on a single hardware unit are always uniquely identified. Each port or array of ports has a PoE rating and type designation. Indices are not necessarily contiguous when multiple ranges are defined.
For example, a switch may have 28 total ports, where the first 24 are device ports (copper) with a PoE rating of 30000 mw ports ranging from Gi1/0/1 to Gi1/0/24, and the last four ports are non device ports designated for connecting the switch to other switches (i.e. for the network "topology"), identified as (ranging from) "Gi1/1/1" to "Gi1/1/4".
In order to define the ports on the above switch as such, the following notation is used:
[P2] [ND] Gi1/0/1-24 ; [ND] Gi1/1/1-4
See Port definition notation for a more in-depth explanation of how the port definition notation works.
Ignore
When checked, the switch is hidden from the dashboard and most inspections will not generate alerts for this switch.
Cold spare
When checked, the switch is designated as a cold spare. It is no longer available in the admin console and not shown on the dashboard.
SNMP
In order for ZEM to function correctly, SNMP connectivity with the switch is required. ZEM supports SNMP v1 and v3. Currently ZEM only supports AES128 and MD5 for SNMPv3.
Access
The access section determines how ZEM contacts the switch. If the switch is part of a stack, you can select an already configured member as the existing point of access. There is no need to apply additional configuration after that.
IP address
The IP address where the ZEM OSA can reach the switch.
Protocol
ZEM supports the following protocols to connect with switches:
| Authentication mode | Encryption | Host Key Algorithm | Key Exchange Algorithm | Macs |
|---|---|---|---|---|
| ssh_weak | aes128-cbc, 3des-cbc, aes256-ctr | ssh-rsa, ssh-dss | diffie-hellman-group1-sha1 | hmac-md5 |
| ssh | default | default | default | default |
| ssh_strong | default | ssh-rsa | diffie-hellman-group14-sha1, diffie-hellman-group14-sha256 | default |
| telnet | N/A | N/A | N/A | N/A |
Username
The username for the switch.
Current password
The password for the switch.
High-security
When this is checked, after successfully connecting to the switch, ZEM will generate a password on the OSA and overwrite the current password. During this process the password is never transmitted over the internet and is unknown to users, thereby enhancing the security of the environment.