How to Create and
Import Device Lists

Device lists are used to import devices into Policy Manager. They are text files that list network devices and (optionally) their SNMP access information. You can create a Device List using a text editor.

NOTE: There are special utility programs available that will create a device list for you based on your HP OpenView®, NetSight Switch and Topology Manager, or NetSight Element Manager device database. Contact Support for more information.

NOTE:	There are special utility programs available that will create a device list for you based on your HP OpenView®, NetSight Switch and Topology Manager, or NetSight Element Manager device database. Contact Support for more information.

After you have created a device list, use the Import from Device List window to import the devices into the Policy Manager database. Initially, you must import your devices into Policy Manager before you can use the application to manage them. Later, you can use this window to import new devices. The imported devices are automatically appended to the list of devices in the Network Elements tab Devices folder.

NOTE: You can also add a new device to the Policy Manager database using the Create Device window.

NOTE:	You can also add a new device to the Policy Manager database using the Create Device window.

When Policy Manager imports the device list, it tries to establish SNMP contact to the Policy MIB, using the SNMP access information provided. The following table details the Policy Manager's actions depending on the device's response.

Device SNMP-Manageable?* Device supports Policy MIB? Action

Yes Yes Device imported.

Yes No Device not imported.

No
(device can be contacted, but access information doesn't match) Unknown Device imported with Policy Support listed as Unknown.

Unknown
(since device cannot be contacted) Unknown Device imported with Policy Support listed as Unknown.

Device SNMP-Manageable?*	Device supports Policy MIB?	Action
Yes	Yes	Device imported.
Yes	No	Device not imported.
No (device can be contacted, but access information doesn't match)	Unknown	Device imported with Policy Support listed as Unknown.
Unknown (since device cannot be contacted)	Unknown	Device imported with Policy Support listed as Unknown.

* "Manageable" is defined as having at least read-only access to the device.

Instructions on:

Creating a Device List
- NetSight Generated Format
- IP Only Format
Importing a Device List

Creating a Device List

A device list is a text file that lists your network devices and (optionally) their SNMP access information. You can list the devices using either the NetSight Generated or the IP Only format. Do not mix NetSight Generated and IP Only formats in a single device list.

TIP:	If you create a device list without community names, devices will be imported into Policy Manager using the list of community names in the Community Names window. If you populate the Community Names window with valid community names before doing the import, you won't have to specify community names for each entry in the device list.

NetSight Generated Format

SNMPv1 devices and SNMPv3 devices use different NetSight Generated device list formats. The formats include the device name or IP address, and the device's SNMP access information. This information is used by Policy Manager to access and manage the device.

SNMPv1 access information consists of the read only, read write, and super user community names for the device. SNMPv3 access information consists of certain USM (User-based Security Model) settings. (For more information on SNMPv3, read RFC2574.) See a brief explanation of the SNMPv3 USM settings and their possible choices below.

You can mix SNMPv1 and SNMPv3 formats in a single device list. If you list both an SNMPv1 and SNMPv3 entry for a device, Policy Manager stores the v1 values, but uses the v3 values to contact the device.

Open a text file.

Enter a list of devices using either the SNMPv1 and/or SNMPv3 format:

For SNMPv1 devices:
A list of devices using the following format:

dev=[device name or IP address] ro=[Read Only Community Name]
          rw=[Read Write Community Name] su=[Super User Community Name]

The device name or IP address is the only required information. Each device must be on a separate line. For example:

dev=Switch1 rw=public ro=public su=public

          dev=10.20.30.40 rw=public ro=public su=public

If you create a device list without community names, devices will be imported into Policy Manager using the list of community names in the Community Names window. If no community name exists for a device in the Community Name list, you will be given the opportunity to add a community name for the device before importing.

NOTE:	For RoamAbout R2 devices. If you are importing the device with SNMPv1 (SNMPv3 is recommended), the default community names on the device must be updated. There are four SNMPv1 community names on the R2: Community #1 -- allows limited read-only access (MIB II system group) Community #2 -- allows creation of new views Community #3 -- allows read-only access to all MIBs Community #4 -- allows read/write access to all MIBs Policy Manager will import the device based on community names #3 and #4. For read-only access, set community name #3 on the device and then use that community name for the "ro" value in the device list. For read/write and super user access, set community name #4 on the device, and then use that community name for the "rw" and "su" values in the device list

NOTE:

For RoamAbout R2 devices. If you are importing the device with SNMPv1 (SNMPv3 is recommended), the default community names on the device must be updated. There are four SNMPv1 community names on the R2:

Community #1 -- allows limited read-only access (MIB II system group)
Community #2 -- allows creation of new views
Community #3 -- allows read-only access to all MIBs
Community #4 -- allows read/write access to all MIBs

Policy Manager will import the device based on community names #3 and #4. For read-only access, set community name #3 on the device and then use that community name for the "ro" value in the device list. For read/write and super user access, set community name #4 on the device, and then use that community name for the "rw" and "su" values in the device list

For SNMPv3 devices:
A list of devices using the following format:
dev=[device name or IP address] user=[User Name] authtype=[Authorization Type] authpwd=[Authorization Password] privtype=[Privacy Type] privpwd=[Privacy Password] seclevel=[Security Level]
The device name or IP address and the user name is the only required information. Each device must be on a separate line. For example:
dev=Switch1 user=name dev=Switch2 user=name authtype=MD5 authpwd=password seclevel=AuthNoPriv dev=10.20.30.40 user=name authtype=MD5 authpwd=password privtype=DES privpwd=password seclevel=AuthPriv
See a brief explanation of the SNMPv3 USM settings and their possible choices below.

Save the text file. See Importing a Device List.

SNMPv3 USM settings and their possible choices:

User -- Identifies the user authorized to communicate with the SNMP engine.
Authorization Type -- Specifies the authentication protocol to be used: MD5 or SHA1.
Authorization Password -- Specifies the User's authentication password. Passwords must be at least eight characters in length.
Privacy Type -- Specifies the privacy protocol to be used: DES.
Privacy Password -- Specifies the User's privacy password. Passwords must be at least eight characters in length.
Security Level -- Indicates the security level of the user with regard to authentication and privacy:
- NoAuthNoPriv -- Uses just the User name match for authentication.
- AuthNoPriv -- Provides authentication based on the MD5 or SHA1 algorithm.
- AuthPriv -- Provides privacy (encryption) based on the DES (Data Encryption Standard) protocol in addition to authentication.

IP Only Format

SNMPv1 devices can use an IP Only format. When you import a device list in the IP Only format, devices will be imported into Policy Manager using the list of community names in the Community Names window. If no community name exists for a device in the Community Name list, you will be given the opportunity to add a community name for the device before importing.

Open a text file.
Enter a list of devices using the following format:
[IP address]
Each device must be on a separate line. For example:
10.20.30.40 10.20.30.50 10.20.30.60
Save the text file. See Importing a Device List.

Importing a Device List

From the menu, select File > Import > From Device List. This opens the Import from Device List window.
In the File name field, enter the path and file name of the device list file you want to import, or use the Browse button to navigate to the file.
If you wish to import the device(s) into an existing device group, use the drop-down list in the Destination Device Group area to choose the device group. The imported device(s) will appear in the selected device group, and also in the Devices folder. Devices in the device list that already exist in the Devices folder will still be imported into the device group.
In the Format of Device Data area, specify whether the device list is in NetSight Generated Format or IP Only Format.
In the Application of Imported Device Data area, choose how you want the imported data to be added to your existing file.
Click OK to import the devices and close the window. Click Apply to import the devices and leave the window open.
Select File > Import > Last Known Import Summary to view a summary of the import operation.

NOTES:	If you import a device list from an older version of Policy Manager where the "Contain to VLAN" and "Deny Traffic" choices were not available, the VLANs Selection View appears, where you can select the VLANs you want to act as Discard VLANs. When you import a device, Policy Manager determines whether or not authentication is enabled on the device. If yes, the appropriate Authentication Type is displayed in the device's Authentication tab, with the Authentication Status set to Enabled. If authentication is not enabled on the device, Policy Manager displays the previous Authentication Type/ Authentication Status setting for the device if there was one, or Authentication Type: Web-Based and Authentication Status: Disabled, if not. The Policy Manager Small Business Edition allows a maximum of 10 devices. If your device list exceeds the maximum number of devices allowed, one or more of the devices will not be imported.

NOTES:

If you import a device list from an older version of Policy Manager where the "Contain to VLAN" and "Deny Traffic" choices were not available, the VLANs Selection View appears, where you can select the VLANs you want to act as Discard VLANs.

When you import a device, Policy Manager determines whether or not authentication is enabled on the device. If yes, the appropriate Authentication Type is displayed in the device's Authentication tab, with the Authentication Status set to Enabled. If authentication is not enabled on the device, Policy Manager displays the previous Authentication Type/ Authentication Status setting for the device if there was one, or Authentication Type: Web-Based and Authentication Status: Disabled, if not.

The Policy Manager Small Business Edition allows a maximum of 10 devices. If your device list exceeds the maximum number of devices allowed, one or more of the devices will not be imported.

Related Information