The IoT application provides a detailed view of all endpoint devices connected to AOS Switches and APs (e.g., PCs, Tablets, Smartphones). OmniVista used information received from AOS Switches and APs to track and categorize these devices and presents detailed information for the devices on the Inventory Screen. The application can also be configured to integrate with Google Workspace to collect device information and provide network security for Chrome devices; and can discover, enable/disable, and provide information on Zigbee devices. An overview of IoT functionality, as well as troubleshooting tips are provided below.
Important Note: Certain prerequisites (detailed below) must be met to use the IoT application. Verify that all prerequisites have been met before using IoT.
Note: IoT is supported on AOS 8.x Switches (AOS 8.6R1 and higher) and APs (3.0.7.xx and higher), and provides information on IPv4 endpoint devices.
The IoT application is configured using the following screens:
When a client/endpoint is connected to an AOS Switch/AP, the switch/AP sends MQTT messages to OmniVista in real-time. This information includes the device MAC address, DHCP fingerprint, User-Agent, TCP signatures, network behavior, and more. Once the device is learned, OmniVista connects to a cloud-based Device Fingerprinting Service to categorize the device.
Device category information is populated based on Device Fingerprinting Service query results. The initial category is usually more broad or generic. As data transfer occurs between device endpoints and switches/APs, OmniVista monitors network packets and uses the additional information to query the Device Fingerprinting Service Database and arrive at a more specific category. Over time, the category for each endpoint device can change as more fingerprints are received. For example, a device may initially be categorized as "Phone, Tablet or Wearable". As more fingerprints are received, the device may next be categorized as an "Apple Mobile Device", and then an "Apple iPhone".
Note that OmniVista automatically connects to a cloud-based Device Fingerprinting Service to categorize devices. No configuration is required on OmniVista to make this connection. However, you must have an Internet connection that allows OmniVista to connect to the service. See the Internet Requirements below for more information.
IoT must be enabled on individual AOS Switches and APs. The IoT application also requires an NTP Server to sync the time for OmniVista and switches/APs, as well as an Internet connection to connect to the Device Fingerprinting Service and the Zigbee Device Server at the Customer Site (e.g., Hotel).
IoT is disabled on AOS Switches and APs by default. To enabled IoT on a switch/AP, go to the Managed Devices Screen (Network - Discovery - Managed Devices), select the switch(es)/AP(s) in the Managed Devices List, click on the Features drop-down, and select Enable IoT. The switches/APs will appear in the "Enable IoT - Confirm" switch picker window. (Note that switches/APs that do not support IoT will not appear in the window.) Click OK to enable IoT. OmniVista will begin collecting IoT information for endpoints connected to the switches/APs.
Note: When IoT is enabled on a switch, it is enabled globally on all UNP Ports. However, it is not enabled on fixed ports. For these ports you must SSH to the switch and issue the following CLI command: device-profile port x/x/x admin-state enable.
Note: To save AMS Microservices settings (appmgr) on an IoT-enabled switch running AOS 8.7R2, you must save the configuration to the Running Directory. Go to the Managed Devices Screen (Discovery - Managed Devices), select the switch(es) click on the Actions button, and select Save to Running.
To disable IoT on a switch/AP, select the switch(es)/AP(s) in the Managed Devices List, click on the Features drop-down, and select Disable IoT button. See the Managed Devices online help for more information.
Note: If IoT is disabled on a device or a device is removed from the Managed Devices List, the device remains in the Inventory List with device information "grayed out" and the last know information displayed.
An NTP Server(s) is required for a consistent Inventory view of IoT devices. Switches/APs must be synced to the same time, for OmniVista to correctly display session start time/end time, and sort and filter of IoT Inventory data. Switches/APs must have access to at least one NTP Server, whether local or external.
You must have an Internet connection to use the IoT application. If you have a firewall, it must be configured to allow access to the Device Fingerprinting Service (api.fingerbank.org), or the Zigbee Server at the Customer Site (e.g., Hotel).
The IoT Inventory and IoT Profiler Logs in the Audit application (Administration - Audit) can be used to troubleshoot problems in the IoT application. Go to the Audit application, click on "Network" on the left side of the screen, then select "iot-inventory" or "iot-profiler" for IoT-specific problems, or "zcs" for Zigbee-specific problems and view the logs.
When IoT is enabled on a switch and you connect an Alcatel IP Phone (IPTouch) on a UNP Port, the switch will not send fingerprinting information to OmniVista. You must SSH to the switch and disable automatic prioritization of IP phone traffic by entering the following CLI command: qos no phones.