Passive Device Management and Handling (Wired)

passive device (wired) nile's default architecture is built for security it is based on layer 3 and that means we limit the use of broadcast flooding, which is traditionally used to poll for connected wired devices nile switches discover a device on a port based on dhcp packets seen from it once plugged in if a device performs dhcp ip, it is not considered 'passive' since nile is able to learn the device and keep it alive as long as it is connected the definition of 'passive' in nile's architecture is a 'statically ip addressed device' that does not initiate any traffic or dhcp packet upon first connection and remains silent unless solicited by another device or application ⚠️ the assumption is, the passive device is typically using a static ip address passive device management and handling (wired) nile is offering a way to not only handle passive wired devices but also manage them better through a central access management system, while also offering tools to discover devices that have gone silent on the day 1 of migration to nile as well as on an on going basis from day 2 and onwards key features discovery for day 1 migration to nile day 1 migration made easy by providing ‘ discovery ’ admins need to know the static ip or the subnet in use by the passive device(s) a simple click ‘discover’ option and all passive devices in that subnet or ip range will be presented for approval ease of management all passive devices are flagged as 'passive' helps ‘organize’ the network from a previously ‘unorganized’ network, where customer it teams may have lost track of devices that maybe passive in nature and using static ip addresses after discovery, a list of mac addresses is presented for admins to easily approve in bulk discovery process filters dhcp based devices the discovery process is intelligent not to present devices for approval that are already using dhcp ip day 2 keep alive nile switches perform keepalives for devices ‘identified’ as 'passive'; thus reducing the impact of broadcast based learning per device discover/wake up option in case a device still appears offline, although it is still connected to the nile service block, on the customer's nile control center (nile portal), device details page has a handy tool to wake up a device suspected of having gone silent day 1 migration to nile adding a passive device after logging in to the nile control center (nile portal), go the network setup icon > access management click on ‘add device’, select static ip, the passive check box gets activated (passive device needs ‘static ip’ to be selected as well (as explained in the assumption, a passive device is assumed it is statically ip addressed)) admins should specify a mac address, segment and geo scope oui is not supported, specific mac address has to be provided for passive device ip address is mandatory for passive device there is an option to 'bulk upload' a list of mac addresses to be mab approved and also to be marked as static ip and passive if admins are aware of their passive devices on their legacy network, they could use a csv as shown in the sample below day 1 migration to nile auto discovery login to the control center (nile portal) navigate to the network setup > access management click on the passive device discovery icon on the far right; the drawer that opens for auto discovery,specify ip address, ip range, subnet up to /24 that passive device(s) are using, within a geo scope click scan a auto discovery is initiated on the switches in the geoscope and a list of mac addresses is presented to the user the admin can click on 'approve' upon which the mac addresses will get added as mab approved along with 'static ip and passive' flags enabled for these devices if the subnet specified for running auto discovery on does not match any of the subnets mapped to the segments configured, the discovery tool will throw an error such as below ensure the ip range provided matches one of the configured segments ip addresses for the passive devices will be populated on the mab list page once fully learnt by the nile switches discovery process day 2 per device discovery tool it can happen that some passive devices go offline even though the nile switches are polling the 'known' flagged passive devices in such a scenario, admins can go to control center (nile portal) devices list > select the offline wired device of interest and suspected of having gone offline although physically still connected > click on the hostname on the device details page an option to 'discover' the device will be present clicking discover will initiate a one time auto discovery on the switch and port where it was last seen as connected using the last known ip address day 2 discovery tool background process feature constraints the nile service block (nsb) software version needs to be upgraded to the right version please reach out to the customer support team to enable this feature by scheduling an nsb upgrade only up to /24 sized subnet or up to 254 ip addresses can be provided for initial discovery, at a time