1. Open a browser and go to http://127.0.0.1:8765. Change 127.0.0.1 to the address of the remote IntraVUE host as necessary.
2. Click on “Configuration”, sign in as an "admin".  See

 Change the default password for user 'admin' immediately to prevent unauthorized access to IntraVUE. Add additional users are necessary. Follow additional security measures as necessary.

1. Click on the “Scanner” tab.
2. Change the default READ COMMUNITY name to the one used by the managed Layer 2 switches & routers. If you do not know it, leave it set to the default 'public'. Refer to IntraVUE 3 System Requirements, System Config - Scanner Tab, and .

Failure to enable SNMP read-only (RO) community on the managed routers & switches results in Unresolved NodesDevices under the Unresolved node will have all the functionality of other devices in IntraVUE. The Unresolved node serves as a placeholder for devices that can not be properly placed by IntraVUE with some information indicating the difficulty.. See IntraVUE Requirements in Installation & Registration before continuing.

3. Set the Scan Speed setting to Slow, Medium, Fast, or Ultra. Default is set to Slow.

Some very old Ethernet devices, e.g. PCL 5/40, may misbehave or reset when using Fast & Ultra scanner speed settings or when other scanning software is running in parallel on the same automation network. Check with Panduit IntraVUE Support to learn more before attempting to increase Scanner speed above Medium level.

4. Under Network Configuration, add a "NETWORK NAME" to scan. Give it a meaningful name such as "PLCX" or "Conveyor Y".

5. Give it the IP address of theTop ParentThe device that can provide the mac addresses for IP addresses in a network. for this new network. Only three devices can be a top parent: the IntraVUE host itself, the managed gateway router for the remote network for which the SNMP community is known, or an IntraVUE agent bridging over to a PLC or isolated remote network. Refer to and Appliance Configuration.

    

   

   This step is the most important in the discovery process.

   

6. Enter the scan range of IP addresses of this network where the top parent also resides. The default host C class address range is suggested.
7. Click “Add” to enter additional scan ranges that can be pinged by the top parent.

   The default IP address range is a full class C network local to the top parent's IP address.

   If there are any Layer 2 managed switches hosting any VLAN add the gateway address as top parent and scan range of that VLAN in a separate network so the scanner can discover them and show devices with the right port numbers. Add a final network called the "Switch VLAN Network" that includes the designated Top Parent and Scan Range that encompasses all the Layer 2 Switches hosting any VLANs.

8. Click "Save & Scan Network" to save changes.

When adding multiple networks, make sure fill out all fields for each subsequent network in order to get prompted to "Save & Scan Network".

9. IntraVUE can begin scanning. Click "View" at the admin menu on top to view the progress
10. Allow a few minutes (depending on the number of nodes) for IntraVUE to start building your network topology.

 

When new devices are added the IntraVUE Scanner will spend several minutes developing the Network Topology. Viewing at this time will not provide an accurate depiction of the topology.

Initially IntraVUE will show all discovered devices linked to a special Unresolved node connected to the top parent.

As soon as a device responds to a ping it is placed under the Unresolved Devices node and the individual nodes. During this period IntraVUE first attempts to find MAC address information from the top parent and any local routers or layer 3 switch.

One cause of IntraVUE not determining the MAC address is an incorrect or missing SNMP read-only community setting in a managed router's own configuration, or in the IntraVUE System Configuration Scanner's tab, "Default SNMP Read Only community". This is usually set to 'public'.

Unmanaged and Web Managed Switches

An unmanaged switch that has an IP address but which does not support SNMP will be found and displayed under an auto-inserted node along with the devices that are directly connected to the switch. This is because they will all be found on the same port of the unmanaged switch’s parent and any lower down managed switches will see them on the 'uplink' port back toward the IntraVUE™ host.

The image below shows the way IntraVUE™ will display an unmanaged switch that has an IP address having two devices connected to it. If a managed switch does not have its SNMP community set correctly it will appear the same. The 10.1.1.163 device is an unmanaged switch with the .161 and .20 devices physically attached.

The parent managed switch of these devices reports them all on the same port, so IntraVUE™ automatically inserts a node, labeled 'n/a' to represent the hub or unmanaged switch which must be present.

To learn the difference between 'n/a' nodes and 'N/A' nodes see NA Nodes for more details.

In order to show the network as it physically exists the administrator can select the Configure item from the unmanaged switches Device Menu. Check the checkbox 'Unmanaged Switch or Wireless AP' or 'Virtual Machine, Web Managed Switch, Access Point' on newer IntraVUE versions. Click 'Save Changes'.

After a minute, the auto inserted node will go away as there is now only one device on the port of the managed switch and the other two devices are below it.

 

Some old unmanaged switches and hubs don't have a IP address by default or because of missing configuration. IntraVUE will not be able to see these without an IP address. In order to show the network as it physically exists you can add child nodes and move attached devices under this unmanaged switch. This is not recommended as monitoring for that switch is very limited.

 

Virtual Machines

Similar to unmanaged switches, a virtual hosts server will display an 'n/a' node with devices physically attached it. In order to show the network as it physically exists the administrator can select the 'Configure' item from the virtual machine's Device Menu. Check 'Virtual Machine, Web Managed Switch, Access Point' and then Click 'Save Changes'. After a minute, the auto inserted node will go away as there is now only one device as the virtual host and the other devices are below it.

 

 

Wireless Access Points (WAP)

Managed Wireless APs should be discovered by IntraVUE™ and will automatically get the checkbox for 'Virtual Machine, Web Managed Switch, Access Point' in the Device Configure dialog checked. If you have a Wireless AP that is not managed, you can check the checkbox yourself.

The result will be that all wireless devices will appear under the Wireless AP.

To identify the Wireless AP network better in the IntraVUE UI, you can check the 'WAP' checkbox and the child nodes will have dashed, wireless, lines going to them.

Refer to for more details

 

Ring Topology

IntraVUE would map a ring topology as all switches daisy-chained and with connected devices with children nodes under n/a nodes. This type of network is usually common for Ring and DLR devices topologies having each drive or switch connecting from one port of the EtherNet/IP card and connecting the last drive/switch back to other EtherNet/IP card's port. The drives are fixed so they won't move around. The image shows three drives connected in a Ring network.

 

Inconsistent Results

IntraVUE will only detect nodes that can be verified through a simple ping command in DOS.

• Disable Antivirus Software, active windows firewall rules, or windows group policies on the IntraVUE host machine
• Missing devices -See the IntraVUE™ Readiness Checklist at Installation & Registration, Selecting the Top Parent, Using the IntraVUE Scanner Agent
• Network does not look like the original network topology diagram from IT. See the IntraVUE™ Readiness Checklist at Installation & Registration
• Missing Networks. See the IntraVUE™ Readiness Checklist at Installation & Registration, Selecting the Top Parent, Using the IntraVUE Scanner Agent

 

Disconnected Top Parent

Some connections to top parents of configured networks may turn to red color when the device gets disconnected or is turned off

This causes the IntraVUE™ UI to show a red line connection between the top parent and the Scanner node. The rest of topology for that network would look just fine with a green line connection if the rest of the edge devices continue to have the same SNMP community as the IntraVUE™ scanner. This does not affect scanning the rest of the topology but it may cause visual confusion at first.

If you want to have the top parent node have a "green" line connection status back simply reconnect the device or bring it back on line for IntraVUE™ to automatically mark it as connected after if re-discovers it.

 

Stopping IntraVUE because of presumed strange behavior in the Network

The IntraVUE Scanner works similarly to a SCADA scanner where it will ping the end devices without trying to write any information or causing them to malfunction.

IntraVUE will only report the health status of your network and never will try disrupt your network in any way, unless you have purposely set your scanner speed to 'Ultra' and you have very old automation devices.

The easiest way to verify if your network is experiencing health issues to confirm IntraVUE is not the culprit of your suspicions is to get an Analytics report. See IntraVUE Automated Diagnostics Reports.

 

 

The KPI analytics are designed to provide greater visibility across the plant floor very easy without having the need for continuously keep monitoring thus preventing frequent escalations. If an operator can learn to recognize the health of his network by looking at a summary KPI display (i.e. 100% uptime Vs. <100% uptime) then less time is spent diagnosing and more time is spent repairing.

 

1. Configure
2. Open a browser and go to http://127.0.0.1:8765. Change 127.0.0.1 to the address of the remote IntraVUE host as necessary.
3. Click "Analyze".

The KPI reports are available from the top Menu bar by selecting Analyze.

Only devices with a Critical State of 'Critical Always On' and 'Critical Intermittent' are considered for incidents. Only 'Critical Always On' devices are used to calculate Uptime.

 

4. By Going to KPI > "List View Device Configuration", you will see a list of all devices found with "Unknown" Critical Status which is the default status.

 

5. Save the IP address of all those devices with "Unknown" critical status you want to consider for Incidents or Incidents + Uptime in the Daily and 30-day KPI report. You will need this information in the next section IntraVUE Analytics

When you enter KPI mode you will be automatically logged out from IntraVUE's Map VIew. Instead, open a new tab pointing to http://127.0.0.1:8765/skpi/ while leaving the first tab open for Map View in which you're already logged in. This way you will not have to log back in everytime you change views between Map View and KPI Status.

 

1. Open a browser and go to http://127.0.0.1:8765. Change 127.0.0.1 to the address of the remote IntraVUE host as necessary.
2. Click Configure to access the system menu and click on the “Email” tab.
3. Check the 'Enable Email' checkbox for emails to be sent for alarms.

Note that on a new scan checking this checkbox will not result in ANY emails being sent. That is because, by default, no device will have its 'Send Email to Default User' checked (See Settings Required for Device Configuration dialog Below). Currently only device disconnect events will generate an email for those devices configured to send email alerts.

4. The Seconds to wait ... edit box sets the number of seconds an email alarm will be delayed before transmission. At the end of the delay time, IntraVUE will check to see if the alarm condition is still valid. If it is, the email will be sent at that time. 30 seconds is the default setting.
5. The Email address to send ... field is the email address that will receive the email alarms for all devices.
6. The Reply to address... field is required when your SMTP server requires a valid email address. It is also the reply to address that will be on the alarm emails. This address may or may not have to be valid depending on your SMTP server.
7. The bottom section of this tab contains the data necessary to connect to the SMTP server that will be sending the email. The IntraVUE host computer must have access to this server for email to work.
8. SMTP Authentication and Encryption are optional and not required by IntraVUE to sent alerts.

 

Settings Required for Device Configuration dialog

In the Device Configure - General Tab IntraVUE™ 3, click 'Edit', 'Send Alarms' button. This is NOT enabled by default. If enabled the default user (specified under Configure > Email) will get email alerts for this device.

There is also an 'Send Alarms to Default User' button. If you want an additional email sent to someone besides the default user, click this button AND edit the 'Alarm Email Address' field for the email of the person to get email alerts for this particular device.

 

The IntraVUE On-Demand System Analytics are an additional capability of IntraVUE that will automatically generate written reports that identify issues as well as suggested courses of action for many common problems that can occur on Industrial Ethernet Networks. They can be generated in minutes and contain the latest data contained in the IntraVUE system.

The IntraVUE On-Demand System Analytics provides you with a PDF report based on the analysis of your IntraVUE System available anytime 27/7/365*.

Once an account is established you will be able to upload a Support Archive and get the resulting network analysis & diagnosis report. The process takes about a minute to upload, two - three minutes for analysis, and then the report will be emailed to you**.

1. Create a support archive (i.e. *.zzz) from IntraVUE's Admin Menu. Right-Click > Generate Support Archive
2. From IntraVUE 3 go to Advanced > Archive > Send Archive and click on the link below to be redirected to the Analytics Reports portal at http://intravue.panduit.com:8765/IntravueAudit/AuditServlet
3. Login to the IntraVUE Report Generator by entering your primary email address and password. If this is your first time enter your email address and enter a desired password and click "New User" to register.
4. Enter Company Name, Location, Comments, Report Type (Maintenance Technician is preferred), Names for Columns 1-3 (e.g. MAC address, Vendor, Model). Click "Apply Data"
5. Select "Choose File" and browse to your *.zzz file location & click 'Upload Archive For Analysis'
6. At the "Result of uploading archive file" page Click "Analyze database and email results". Wait for confirmation on next page.

You might get a message like "This product key has never been under a support contract. Please contact Panduit Corp for a quotation." or "Support Contract: Never under support". You may disregard this message as currently all product keys can generate Analytics Reports

7. "Result of Analysis ... archive is being processed and the results will be emailed to you" is the final confirmation page. You may exit now.

See also IntraVUE Automated Diagnostics Reports

 

*There's no limit on the number of Analytics Reports you can request.

**IntraVUE Advanced Subscribers automatically get a remote assessment of the IntraVUE Plant Network from one of our IntraVUE experts who will review their On-Demand System Analytics & Diagnosis Report and discuss with you recommendations, suggestions, and potential solutions to prevent, improve, or resolve network issues.

 

This section only applies to customers that purchased the IntraVUE Appliance Package (WNMS-APPL). You may skip this step if you are using a only setting up a Software Package (SNMS/SNMA).

The IntraVUE Appliance

The IntraVUE Appliance is a small-factor headless appliance strategically placed in a network closet at a remote site with the purpose of scanning edge devices in one or multiple cases below:

1. Devices in an isolated network behind a gateway. A switch inside the 'isolated network' behind a gateway using one port of the agent and the other port of the agent is connected to a switch on the 'plant' side (or plant VLAN Access) network.

2. Private VLANs. One is the private VLAN of the 'system' and the other provides access from the 'plant' to the PLC of the 'system'. The IntraVUE Agent has one interface connected to a 'system VLAN' port of the switch and the other agent's Ethernet interface is connected to a 'plant VLAN' port of the same switch.

3. If a NAT, or Firewall Access to the NAT, or Firewall devices is configured to send all packets from an IP address on the plant side to the IP of the IntraVUE agent on the 'system' side of the NAT/Firewall, then the IntraVUE Agent can scan the devices behind the NAT, or Firewall.

 

Using IntraVUE Appliance as an Agent to scan Isolated Networks:

This is the most common use of the IntraVUE appliance where it's simply configured with a static (or dynamic) IP address and allows the IntraVUE host to scan the edge devices on the private or isolated network and add them to the Map View as if they were in the local plant network. The IntraVUE agent does not require additional licensing and it exists in two formats industrial guide (scans unlimited nodes) and low-cost (which is less expensive but it's limited in the number of nodes it can scan).

Using IntraVUE Appliance as an Stand-alone Server to scan the Plant Network:

When there is no physical server or virtual machine available, the small-factor headless appliance can be deployed as an IntraVUE Server. The only differences is that it does require software registration and only one port of the appliance is connected to a switch on the 'plant' side.

Configuring the Appliance AS AN INTRAVUE AGENT

 

Configuration of an IntraVUE Agent will enable an IntraVUE Server to access non-routable networks.

STEP 1: Connect the Appliance as an Agent	Connect Ethernet ports prior to power up. Port 1 should connect to the accessible Plant Network (i.e. uplink). Port 2 (downlink) should connect to the non-routable network.
STEP 2: Discover the Appliance and Configure Ports	Use the tool discoverytool.jar to discover the Appliance on the network. Port 1 (uplink) is intended for the factory network and should be re-configured with a static address (default is dhcp). Port 2 (downlink) is set for a static IP address (default 192.168.255.127) and is intended to connect to the non-routable network to be scanned.
STEP 3: Access the IntraVUE Server	Access IntraVUE via browser interface to the production server. This will look like http://nnn.nnn.nnn.nnn:8765. Log in as admin.
STEP 4: Configure the IntraVUE server to scan the agent network	In the system menu open the “System Configuration” dialogue. Under the “Scanner” tab, select “Add” for a new network. Uncheck “Use Local Computer”, and then Check “Use Agent”. Add the agent external (Port 1 uplink) IP address and increment Net Group by 1. Add applicable scan range for the non-routable (Port 2 downlink) network. Follow the guide in the help menu for effective scanner configuration

 

Configuring the Appliance AS AN INTRAVUE SERVER

Configuration as an IntraVUE Server will enable complete functionality as a stand-alone instance of the IntraVUE System.

STEP 1: Connect the Appliance as a Server	Connect Ethernet Port 2 (downlink) to the local manufacturing network to be scanned prior to power up. For configuration as a server, only a single port is necessary, however to access the system remotely Port 1 should be connected to the WAN.
STEP 2: Discover Appliance and Configure Ports	Use the tool discoverytool.jar to discover the Appliance on the network. Port 1 (uplink) is set for DHCP by default. Port 2 (downlink) is set for a static IP address (default 192.168.255.127).
STEP 3: Access the IntraVUE Server	Access IntraVUE via browser interface to the Appliance IP address. This will look like http://nnn.nnn.nnn.nnn:8765. Log in as admin.
STEP 4: Register the Server License	Purchase appropriately sized license through an authorized Distributor. Under the system menu, access the “Product Registration” dialogue and follow the instructions to register the product key that was purchased.
STEP 5: Configure IntraVUE to scan the local network	In the system menu open the “System Configuration” dialogue. Follow the guide in the help menu for effective scanner configuration.

Do not assign IP addresses used by other devices in the scan range to either IP 1 or IP 2 when statically setting either of these. If your network is made up of static IP addresses this can cause IntraVUE to show lots of "change mac" messages and duplicate IP issues in your Analytics report. This could create potential lockups for some devices when they comeback online and do a duplicate IP check.

Antivirus software, firewalls or firewall rules, and windows group policies can prevent the discovery tool from finding an IntraVUE appliance (either placed as server or agent) even when connecting a laptop directly to the appliance. Make sure to disable these and try again using the discovery tool.

 

For Complete Configuration Instructions, refer to the Appliance Quick Start

See also Using the IntraVUE Scanner Agent and Appliance Configuration.

Admin Verification is a process of establishing a controlled state of your network, or the devices which you are monitoring with IntraVUE.

Each Admin Verified node has additional characteristics from a non-Verified node.

The node is normally blue filled.

If the position of the device changes the originally verified position becomes red filled.

The new position of the device becomes a tan filled node.

If the device that moved comes back to the original location, the tan filled node will go away and the red filled node will become blue filled again.

Failure to admin verify all of detected devices by IntraVUE will result in incomplete Analytics & KPI Status Reports, missing configuration of newly detected devices, inability to detect when a device has moved or disconnected from ring or linear networks, and impairs your ability to identify what assets truly belong to your plant network and troubleshoot them accordingly.

To make Admin Verification easy, there is a single button that will automatically verify every device with an IP address that has not yet been verified. It's on the Scanner Tab of the System Config - Scanner Tab. See also Device Configure - General Tab IntraVUE™ 3 for verifying individual nodes. See Admin Verification in IntraVUE 3 for more details.

If the position is temporary, you may leave the red filled box. When the device is returned to its former position the red box will be replaced by a blue filled box.

 

Recommended: Take a snapshots of your database and user settings. Refer to