Home Getting Started Status Community Help
Alcatel-Lucent OmniVista Cirrus

Network Management as a Service

Inventory

The IoT Inventory Screen provides detailed information on all endpoint devices that connect to the network (e.g., PCs, Tablets, Smartphones). New endpoint association or disassociation (Endpoint Status) is updated in "real-time" (click on the Refresh button to display the latest information). Once an endpoint is Active, any changes to the endpoint (e.g., profile change, IP address change) are updated every 5 minutes for devices connected to Stellar APs, and every 15 minutes for devices connected to AOS Switches.

Information can be retained for up to 60 days, at which time is it overwritten. By default, only the latest session is displayed in the Inventory List for each device; however, you can display all available information by unchecking the “Show Latest Session Only” checkbox on the filter window. By default, the maximum number of sessions displayed per endpoint device is three (3) per switch/AP (current record and 2 historical records). Data Retention and display settings are configured on the IoT Settings Screen. By default, information for all devices is displayed. The information can be filtered by clicking on the Filters Bar at the top of the screen. Any filters that are applied are displayed in the bar.

The IoT application can be configured to integrate with Google Workspace to collect device information and provide network security for Chrome devices. Click on the Google Workspace Settings button at the top of the Inventory List to configure Google Workspace for IoT. Note that Google Workspace Integration is only supported on devices connected to AOS Switches running AOS 8.6R2 and later, or devices connected to APs connected to AOS Switches running AOS 8.6R2 and later.

Important Note: There are network prerequisites and configuration steps that must be completed to enable IoT. See the IoT Overview online help for an overview of the application including prerequisites.

Inventory List

By default, the "Summary" view of the Inventory List is displayed, which gives an overview of device inventory. The column headings differ depending on the view you choose (e.g., Summary, All, Classification/Auth). You can also create a custom view and export IoT device records. There is also a Chrome Device View, which displays any Chrome Devices learned through Google Workspace. You can also manually assign a Custom Category to a device.

Note: Endpoints with IPv6 addresses attached to AOS devices may take up to 15 minutes to display. Endpoints with IPv6 addresses attached to APs will not be displayed in the Inventory list since APs do not support IPv6.

  • Endpoint MAC - The MAC Address of the device.
  • Endpoint IP - The IP Address of the device.
  • Status - The operational status of the device on the network.
    • Active - The device was active on the network when it was last known by OmniVista. Note that if a switch/AP is deleted from OmniVista or IoT is disabled on a switch/AP, OmniVista will display all devices connected to that switch/AP as "Offline" regardless of the device's actual status. This is because OmniVista receives no updates regarding these devices in these scenarios. If a switch/AP goes down, OmniVista will not automatically change the status of the devices connected to it.
    • Offline - The device is not currently active on the network. Note that if IoT is disabled on a device or a device is removed from the Managed Devices List, the device remains in the Inventory List with device information "grayed out" and the last know information displayed.
    • Error - The device was unable to connect to the network (e.g., MAC Authentication fails).
  • Category - The device category (e.g., Datacenter Appliance, Phone/Table/Wearable). Note that that initial Category value is not likely to be very specific. As more activity happens on the endpoint device, switches/APs send additional details about the endpoint, and the category description will be more specific. Also note that for some devices, this field may be empty. This generally happens when insufficient fingerprint information about the device is available. (e.g., switch/AP receives only the MAC address of the endpoint and the MAC is unknown or unpopular).
  • Manufacturer - The device manufacturer. This is derived from the MAC address of the device. The field may be empty if the device uses randomized MAC addresses.
  • Endpoint Name - The name of the endpoint device as determined by the Device Fingerprinting Service.
  • Endpoint Version - The endpoint device OS version.
  • Category Hierarchy - The Category, Manufacturer, and Endpoint name used to categorize the device.
  • Switch/AP Name - The IP address of the switch/AP through which the device is connected to the network.
  • Switch/AP MAC - The MAC address of the switch/AP through which the device is connected to the network.
  • Port/ESSID - The switch port or ESSID through which the device is connected to the network.
  • Port Type - The port type through which the device is connected to the network (Wireless/Wired/UNP).
  • Port Description - A description of the port through which the device is connected to the network, as received from the device.
  • VLAN - The VLAN through which the device is connected to the network.
    • AOS Devices - The untagged VLAN, or the tagged VLAN if traffic is tagged.
    • Stellar APs - The VLAN mapped to the Access Role Profile.
  • Tunnel Type - If the endpoint is set up on tunnel, the tunnel type is displayed:
    • SPB
    • VXLAN
    • L2GRE
    • Guest Tunnel.
  • Far End IP - The IP address of the far end tunnel termination (displayed for wireless clients only).
  • VPN ID - The Tunnel ID that identifies a GRE Tunnel VPN (displayed for wireless clients only).
  • UNP - The Access Role Profile assigned to the device, if applicable.
  • UNP Type - The UNP type, if enforcement is applied:
    • Default UNP
    • Pass-Alternate UNP
    • Auth-Server Down UNP
    • UNP from Classification
    • UNP from RADIUS
    • UNP from OmniVista Enforcement.
  • Policy List - The Policy List applied to the device, if applicable.
  • Authentication Type - The type of authentication used for the device (e.g., MAC, 802.1X)
  • Authentication Status - The status of device authentication, if applicable (e.g., Passed, Failed).
  • Connection Error - The connection error if the device was unable to connect to the network, if applicable.
  • Enforcement Status - The status of profile enforcement, if applicable:
    • Initial - Initial status.
    • Excluded - Matching by Exclusion Rules, no mapping.
    • Enforced - Successfully mapped to category.
    • Failed - SNMP enforcement failed.
    • Pending - Enforcement request was send to switch/AP. One reason may be that ARP is not configured on the device.
    • Disabled - OmniVista is working in manual mode.
  • Start Time - The time the device first accessed the network.
  • End Time - The time the device disconnected from the network.
  • Last Updated - The last time OmniVista received message from the device and the message was successfully processed.

Note: Stellar APs connected to AOS devices are displayed in the Inventory List. To prevent a Stellar AP from being displayed in the Inventory List, you must disable IoT profiling on the switch port connected to the AP using the following CLI command: device-profile port slot/port admin-state disable.

Customizing the Display

By default, the "Summary" view of the Inventory List is displayed. The display can be changed by clicking on a display option button at the top of the list (e.g., All, Classification/Auth, Location). You can also create a custom display buy clicking on the Custom Template button, then clicking on the Configuration icon and selecting the columns you want to display.

Exporting IoT Inventory Records

To export IoT Inventory records to a single CSV file, click on the Export button and select one of the following options:

  • Current Page - Export all records currently displayed in the Inventory List to a single CSV file.
  • All Records - Export all records in the Inventory List to a single CSV file.

After you select one of the above options, browse to the location where you want to export the records to a single CSV file and click Save.

Google Workspace Inventory List

Click on the Chrome Devices button at the top of the Inventory List to bring up the Chrome Device Inventory List. Only devices learned from Google Workspace will be displayed in this view.

  • Endpoint MAC - The MAC Address of the device.
  • Endpoint IP - The IP Address of the device.
  • Status - The operational status of the device on the network.
    • Active - The device was active on the network when it was last known by OmniVista. Note that if a switch/AP is deleted from OmniVista or IoT is disabled on a switch/AP, OmniVista will display all devices connected to that switch/AP as "Offline" regardless of the device's actual status. This is because OmniVista receives no updates regarding these devices in these scenarios. If a switch/AP goes down, OmniVista will not automatically change the status of the devices connected to it.
    • Offline - The device is not currently active on the network, the switch/AP to which the device is connected was deleted from OmniVista, or IoT was disabled on the switch/AP to which the device is connected.
    • Error - The device was unable to connect to the network (e.g., MAC Authentication fails).
  • Status from Google Workspace - The status of the device from Google Workspace.
    • Active - The device is enrolled into the domain.
    • Delinquent - The annual license for the domain has expired and the device no longer receives policies and settings. When a new license is purchased, the device will return to "Active" state.
    • Deprovisioned - The device is no longer eligible to be enrolled into the domain. The order has been canceled, and the device's settings have been cached on the device. If the device is activated again, the latest system settings are applied to this newly activated device.
    • Disabled - The device has been disabled by the administrator and cannot be used.
    • Inactive - The device is not enrolled into the domain.
    • Return Arrived - The request to replace this device has arrived. This is applicable only for those devices purchased directly from Google.
    • Return Requested - A request has been made to replace this device. This is applicable only for those devices purchased directly from Google.
    • Shipped - The device has shipped. This is applicable only for those devices purchased directly from Google.
    • Unknown - The status of the device cannot be determined.
  • Recent Users - A list of recent device users, in descending order, by last login time.
  • Annotated User - The user of the device as noted by the Google Workspace administrator. Maximum length is 100 characters. Empty values are allowed.
  • OS Version - The operating system version of the device.
  • Model - The device model.
  • Switch/AP Name - The IP address of the switch/AP through which the device is connected to the network.
  • Port/ESSID - The switch port or ESSID through which the device is connected to the network.
  • Category - The Chrome device category (e.g., Active Chrome Device, Inactive Chrome Device). You must enable the following option in Google Workspace Settings - "Enable Google Workspace based auto categorization" for categorization to work.
  • UNP - The Access Role Profile assigned to the device, if applicable.
  • Start Time - The time the device first accessed the network.
  • End Time - The time the device disconnected from the network.
  • Last Updated - The last time OmniVista received message from the device and the message was successfully processed.
  • Device ID - The unique ID of the Chrome device. It's generated by Google Workspace.
  • MAC - The device MAC address.
  • Serial Number - The device serial number.
  • Org Unit Path - The full parent path, including the organizational unit name associated with the device. Path names are case insensitive. If the parent organizational unit is the top-level organization, it is represented as a forward slash, /.
  • Annotated Asset ID - The asset identifier as noted by the Google Workspace administrator, or specified during enrollment.
  • Annotated Location - The address or location of the device as noted by the Google Workspace administrator. Maximum length is 200 characters. Empty values are allowed.
  • Firmware Version - The Chrome device's firmware version.
  • Kind - The type of Chrome device resource.
  • Last Enrollment Time - The date and time the device was last enrolled.
  • Last Sync -The date and time the device was last synchronized with the policy settings in the Google Workspace Admin console.
  • Notes - Notes about this device added by the Google Workspace administrator. This property can be searched with the list method's query parameter. Maximum length is 500 characters. Empty values are allowed.
  • Order Number - The device's order number. Only devices directly purchased from Google have an order number.
  • Platform Version - The Chrome device's platform version.
  • Support End Date - The final date the device will be supported. This is applicable only for those devices purchased directly from Google.
  • Will Auto Renew - Determines if the device will auto renew its support after the support end date. This is applicable only for those devices purchased directly from Google. This is a read-only property. Possible values are:
    • True - The support will be automatically renewed (Default).
    • False - The support will not be automatically renewed.
  • ETag - ETag of the resource.

Configuring Google Workspace

The IoT application integrates with Google Workspace to collect device information and provide network security for Chrome devices. Click on the Chrome Devices button, then click on the Google Workspace Settings button at the top of the Inventory List to bring up the Google Workspace Settings window and configure the connection to the Google Workspace Service. Complete the fields as described below, then click on the OK button.

  • Google Workspace User - The Google Workspace username (e.g., <user key name>@<project Id>.gserviceaccount.com).
  • Service Account E-Mail - The E-Mail of the user account with permission to access scope https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly.
  • Access Key - Download the Google Workspace Access Key to your computer. Click on the Browse button to locate the key. The Access Key is a generated P12 format key (IAM & Admin > Service Account in https://console.cloud.google.com/home/dashboard).
  • Auto Sync Interval - The interval for OmniVista to perform a data sync with Google Workspace, in hours. You can also click on the Sync With Google Workspace Now button at the top of the Inventory List at any time to perform an immediate sync. (Range = 1 - 24, Default = 3).
  • Enable Google Workspace Based Categorization - Check this box if you want Chrome devices to be categorized based on data from Google Workspace, otherwise, devices will be categorized based on the OmniVista IoT application.

Assigning a Custom Category to a Device

You can override the Default Category assigned to a device through Fingerprinting and manually assign a Custom Category to a device. Select the device(s) in the Inventory List and click on the Assign Category button. The Assign Category - Confirmation window appears. Select a Custom Category from the Choose Category drop-down, then click on the Assign button. The selected device(s) will appear in the Inventory List with the new Custom Category name. Note that if Enforcement was configured for the assigned Category, endpoints might change their UNP mapping to the UNP that mapped with new category, or to no enforcement if the new category has no UNP mapping.

To remove an assigned Custom Category from a device and return it to its Default Fingerprinting Category, edit the Custom Category to remove the device. Go to the Category Screen, select the Custom Category, and click on the Edit icon. Any devices to which you have manually assigned the Custom Category will be listed by MAC Address in the MAC Based Field. Click on the "X" next to the device(s) that you want to remove, and click on the Apply button. The device(s) will again be categorized by its Default Fingerprinting Category and the device(s) will be displayed in the Inventory List with its Default Fingerprinting Category.

Note: Deleting a Custom Category will return all devices in that Category to their Default Fingerprinting Category.

 

 

 

Help

About Getting Started Customer Support

Info

Community Twitter Legal

Brought to you by

v1.2