Q: WHY DOES A BLANK WINDOW OR NO WINDOW APPEAR WHEN I CLICK ON A MENU ITEM?
Q: WHY DOES A BLANK WINDOW APPEAR WHEN I BROWSE TO INTRAVUE?
Q: HOW DO I GET MORE INFORMATION WHEN THE 'TEST EMAIL' BUTTON DOESN'T WORK?
Q: HOW LONG DOES IT TAKE INTRAVUE DO FIND NEW DEVICES?
Q: WHAT ARE AUTO INSERTED NODES (N/A IN IP VIEW)?
Q: WHAT DOES THE RED MESSAGE 'DATA OUT OF DATE' MEAN?
Q: I HAVE A 16-PORT SWITCH. WHY DOES INTRAVUE SHOW PORT NUMBERS LIKE 35 OR 958?
Q: CAN NON-ETHERNET DEVICES BE DISPLAYED IN THE INTRAVUE SOFTWARE?
Q: WHY DOES ALL THE THRESHOLD DATA GO TO ZERO SOMETIMES?
Q: HOW CAN I SET ALL OR MANY DEVICES TO BE ENABLED FOR EMAIL ALARMS?
Q: WHY DO THRESHOLD VALUES GET SMALLER WHEN I LOOK AT OLDER DATA?
Q: HOW CAN I STOP AND START INTRAVUE SERVICES ON MY LAPTOP?
Q: DOES INTRAVUE USE AN EXPLICIT MESSAGE WITH CIP CONNECTION WHEN TALKING WITH A EtherNet/IP DEVICE?
Q: WHAT ARE THE RECOMMENDED SYSTEM REQUIREMENTS?
Q: HOW MUCH NETWORK TRAFFIC IS GENERATED BY INTRAVUE?
Q: WHAT PORTS ARE USED BY INTRAVUE?
Q: IS THERE AN EASY WAY TO ADMIN VERIFY ALL THE DEVICES?
Q: WHY ARE ALL OR MOST THE DEVICES UNDER AN UNRESOLVED NODE?
Q: I HAVE MANY INTRAVUE NETWORKS, CAN I ONLY SHOW ONE OR TWO AT A TIME?
Q: CAN INTRAVUE SCAN THROUGH A FIREWALL AND IF SO, HOW?
Q: CAN I BACKUP INTRAVUE FROM A DOS COMMAND PROMPT?
Q: HOW CAN I GET BETTER PORT NUMBERS FOR CISCO SWITCHES THAT ARE STACKED?
Q: HOW DO I CHANGE THE PASSWORD FOR INTRAVUE?
Q: WHAT IS CONSIDERED A PING FAILURE?
Q: WHAT IS NORMAL VS DISCONNECT?
Q: HOW DO I DIAGNOSE PING FAILURES?
Q: HOW ARE DUPLICATE MAC ADDRESSES DISPLAYED?
Q: HOW ARE DUPLICATE IP ADDRESSES DISPLAYED?
Q: I CAN PING A DEVICE FROM DOS, WHY DOESN'T INTRAVUE DISCOVER IT?
Q: CAN INTRAVUE SCAN MESH NETWORKS?
Q: THE MYSQL FOLDER HAS GIGABYTES OF DATA, HOW TO I MAKE IT SMALLER?
Q: CAN I EXPORT EVENTS FROM THE EVENT LOG?
Q: CAN INTRAVUE AND SYNAPSE WORK ON THE SAME MACHINE?
Q: IS THERE A TOOL AVAILABLE TO HELP DEBUG MODBUS ISSUES?
Q: HOW DO YOU REPLACE THE MICRO SD MEMORY CARD?
Q: HOW DO YOU CHANGE/SET THE DATE, TIME, AND/OR TIME ZONE ON THE PLUG?
Q: WHAT MUST BE CONFIGURED BEFORE JAVA WILL WORK WITH INTRAVUE IN MY BROWSER?
Q: WHY DOESN'T SEARCH CENTERS A DEVICE IN INTERNET EXPLORER 11?
Q: INTRAVUE IN THE BROWSER IS TAKING A LONG TIME TO LOAD, WHY?
HOW CAN I SEE A THRESHOLD SETTING?
HSRP - Hot Standby Redundant Protocol
CISCO CATALYST BROADCAST STORM PROTECTION
Q: WHY DOES A BLANK WINDOW OR NO WINDOW APPEAR WHEN I CLICK ON A MENU ITEM?
A: The most frequent cause of this is a setting in your popup blocker. Allow the site 127.0.0.1 and/or the IP address of the IntraVUE host machine in your popup blocker configuration. On many machines, the IntraVUE host must be added to Trusted Sites on the Security Tab of IE's Tools/Internet Options.
Note: You may have to uncheck 'only use https:'
Q: WHY DOES A BLANK WINDOW APPEAR WHEN I BROWSE TO INTRAVUE?
A: If you are browsing from a remote machine, the Java Runtime Environment must be installed on the remote computer. You may go to the www.java.com website and download the latest version, or download a version supplied by IntraVUE, go to http://1.2.3.4:8765/jre (change 1.2.3.4 to be the ip of the IntraVUE host computer).
If you have Java 7 installed, open the Java console, go to the security tab. Change the setting from high to medium, especially if you are behind a firewall and the certificate cannot be verified.
Microsoft update behavior changed in 2011 which stops some services from fully starting. The IntraVUE services will try to restart themselves for about 3 minutes but the Microsoft updates that are applied when you see messages such as 'please do not turn off the computer while updates are applied' stop some of the IntraVUE services from starting. In the Windows' services dialog start these services is they are not running: 'apache tomcat etomcat', 'autoip i-server', 'autoip ping daemon', mysql.
Q: HOW DO I GET MORE INFORMATION WHEN THE 'TEST EMAIL' BUTTON DOESN'T WORK?
A: When you use the test email button and you do not receive an answer, there will be some text in an exception message indicating the specific cause of the failure. For example, refused by SMTP host, invalid user name or password, etc. This message is found in the scanner log file located at ...\IntraVUE\log and will be the ivserver_ (date) _ (time).out file at the time you pressed Test Email.
A sample of what is generated is below. It was generated by doing a Test Email with the default Email Setup dialog.
The stacktrace line "javax.mail.MessagingException: Unknown SMTP host: smtp.somewhere.com" tells you that the SMTP host, the email service provider, is incorrect or that you cannot connect to it.
0120 100016 event: Device 10.1.1.67 reconnected
0120 100054 event: Device 10.1.1.90 moved from 10.1.1.244:9 to 10.1.1.16:2
0120 100054 event: deleted child node at 10.1.1.244:9
0120 100111 event: 10.1.1.32 Ping Response Threshold Exceeded
0120 100122 received mod request send test email 0 0
0120 100122 send test email
0120 100123 EmailTask runs: IntraVUE has been instructed by the admin to send a test email. Please see http://10.1.1.59:8765/to [unused]
0120 100123 Unexpected Exception thrown - stacktrace follows:
javax.mail.MessagingException: Unknown SMTP host: smtp.
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1211)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:311)
at javax.mail.Service.connect(Service.java:233)
at javax.mail.Service.connect(Service.java:134)
at javax.mail.Service.connect(Service.java:86)
at com.sun.mail.smtp.SMTPTransport.connect(SMTPTransport.java:144)
at javax.mail.Transport.send0(Transport.java:150)
at javax.mail.Transport.send(Transport.java:80)
at database.EmailTask.run(EmailTask.java:76)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
0120 100146 device 10.1.1.67 disconnected
0120 100146 event: Device 10.1.1.67 disconnected
0120 100207 device 10.1.1.90 reconnected
Below is an image that shows some fields that could cause an issue.
Q: HOW LONG DOES IT TAKE INTRAVUE DO FIND NEW DEVICES?
A: The answer gets technical. There are 4 speed settings in 'scanner tab' of System Configuration that effect discovery. A 'speed' setting effects the time between outgoing packets and how many devices which never responded to a ping, will be pinged in a scan cycle.
SLOW = 60 msec between outgoing packets, 20 unknown devices per scan cycle
MEDIUM = 15 msec between outgoing packets, 64 unknown devices per scan cycle
FAST = 4 msec between outgoing packets, 64 unknown devices per scan cycle
ULTRA = 1 msec between outgoing packets, 64 unknown devices per scan cycle
A scan cycle is the time to do all the messages above, wait 2 seconds for replies, send a second round of data based on initial results, wait another 2 seconds, and process the final results. It is nominally 6 to 10 seconds in networks of less than 256 devices, and can be up to 25 seconds for networks bigger than 700 devices.
Take the total possible devices in your scan ranges and subtract the number of found devices. Divide that by the value above and that is how many will be found in one 10 - 15 second scan cycle.
In a class C with 100 found devices, there would be 155 unknown ip addresses and it would take about 8 scanner cycles to get thru the list one time at SLOW and 3 at any other speed.
In a class B subnet, mask 255.255.0.0, with 65,000+ possible addresses it will take more than 1000 scan cycles to go through the list one time when faster than SLOW. If the scan cycle time were 15 seconds, it would take a little over 4 hours to go through the list one time.
Q: WHAT ARE AUTO INSERTED NODES (N/A IN IP VIEW)?
A: With Ethernet, only one physical wire can attach any two devices. When IntraVUE scans a network it finds all the port-for-MAC information available.
An extreme example would be a network with no managed switches. In this case IntraVUE would not find any devices (MAC addresses) being claimed by any switches. Physically all these devices cannot be directly connected to the IntraVUE host computer. IntraVUE reasons that there must be SOMETHING between the host and all these devices. An auto-inserted node represents that device - it could be an unmanaged switch, a hub, a managed switch with an unknown community, and devices on the other side of a router.
Another example would be a single managed switch removed from the host computer by several layers of hubs/unmanaged switches. In this case all the devices further away from IntraVUE will be shown on the ports of the managed switch. All the devices 'closer' to the IntraVUE host will be reported on the uplink port of the managed switch. Since there are no other managed switches to claim these devices and clearly these devices are not all attached to the IntraVUE host, an auto inserted node represents whatever these devices are connected to.
If one of the children of an auto-inserted node is an unmanaged switch, you can configure it as an unmanaged switch in its Device Configuration dialog. It will then take the place of the n/a node and all the 'peers' or adjacent devices will become its children.
Q: WHAT DOES THE RED MESSAGE 'DATA OUT OF DATE' MEAN?
A: It means the scanner is no longer active although the network is not in off-line mode. The message appears if the browser has been up for 3 minutes or more and the last threshold sample is older than 3 minutes from the current time. If you right click on a connecting line, there will be a data/time stamp under each threshold graph telling you the last time the scanner was active. The most common cause is that the mysql or 'autoip i-server' service has been stopped or has not started. If starting the services does not solve the problem, please contact tech support at techsupport@panduit.com or click 1-866-405-6654.
Q: I HAVE A 16-PORT SWITCH. WHY DOES INTRAVUE SHOW PORT NUMBERS LIKE 35 OR 958?
A: This happens when "stackable" switches are stacked. The firmware in the stacked switches use a method to determine port numbers. IntraVUE reports the same numbers as the switch reports. It may also happen in some routers (layer 3 switches) that also do layer 2 switching. IntraVUE supports a file that can change the port numbers displayed to the user. Visit www.panduit.com/intravuesupport and search for 'Handling Trunking in Switches'.
Q: CAN NON-ETHERNET DEVICES BE DISPLAYED IN THE INTRAVUE SOFTWARE?
A: Yes, because IntraVUE works on the premise of IP identity, you will have to manually add any device that is not detected or which not respond to pings. This is useful for full visualization and the topology of the network.
Login as administrator and select Add Child from the System Menu on a device that will be the "parent" of the non-Ethernet device. This adds a new node that is a user node, such as a Device Server (Serial to Ethernet converter).
Another example is a PLC with a serial port connection to the Device server. This allows the user not only to view the Ethernet device but also the connected device. The PLC would be able to have a device property and even Web Links (via proxy) without the device containing an embedded Ethernet port.
To be clear, the actual properties of the PLC would not be "viewable"; but IntraVUE could be used to show what is connected to the Device Server and information (such as html files) could be associated with the manually inserted device. A field bus to Ethernet device can also be manually inserted in this manner.
Another example are media converters, such as copper to fiber and fiber to copper. In this case you would probably want to add two manually inserted devices, one attached to the other, and then move the IP device to the last manually inserted node.
There is an excellent video showing this process in action at IntraVUE Videos.
Q: WHY DOES ALL THE THRESHOLD DATA GO TO ZERO SOMETIMES?
A: There are several possible causes of this. If one of the ones listed below does not work for you, please contact at Tech Support at techsupport@panduit.com or call 866-405-6654.
If you have hundreds of devices that have been discovered and you have set the scanner speed to SLOW in the System Configuration's Scanner tab, the delays that are inserted between each request the scanner sends may cause the time to collect data to exceed 30 seconds. This will cause the symptoms discussed below. Try setting the speed to medium before changing mysql. (If you have over 500 devices you may have to go at least FAST.)
Bandwidth data is stored in devices as a cumulative number. Any time an APPLY operation is done in the IntraVUE dialogs the scanner re-reads the IntraVUE database to get the change made by the admin. This causes the scanner to lose its stored value for the last cumulative bandwidth data. The result is there will be no bandwidth data for the minute in which an APPLY operation is done.
Q: HOW CAN I SET ALL OR MANY DEVICES TO BE ENABLED FOR EMAIL ALARMS?
A: By default email alarming is not enabled. You must enable email alarming and setup IntraVUE for the email server in the System Configuration dialog's email tab. Once you have done that you must enable any device you want to receive email alarms about in its Device Configuration dialog. By default the checkbox 'Enable Alarms to Default User' is not checked.
NOTE: The only event currently sent by email is a device disconnect.
Use Import/Export and open the exported data in a spreadsheet program. Go to the far right of the spreadsheet and there will be many columns for data located on the general tab of Device Configuration.
Sort the spreadsheet in a convenient way, then set a 1 in the 'SendToDefaultUser' column for any device to be enabled for email Save the spreadsheet as a .csv file and then import it back into IntraVUE.
Q: WHY DO THRESHOLD VALUES GET SMALLER WHEN I LOOK AT OLDER DATA?
A: The 3 and 6 hour data is data based on collecting data once a minute. The bandwidth data is collected at the 0th second of each minute and at the same time the 6 to 15 ping samples (response and failure) within that minute are averaged to become one data point.
So that the database does not quickly become large, after 360 one minute data points, we take the last 10 and record their average and the peak value as one 10 minute sample. This is the 15 and 30 hour data.
When we have 360 of those, the last 12 10 minute samples become one 2 hour sample with the average and peak
values during that period, this is the 15 and 30 day data.
So in the 15 or 30 day graph, one data point is actually 12 10-minute averages made into one statistic, and each one of those had previously represented the average of 10 one minute samples.
Both the Threshold graphs when you click on a line and the Multiple Threshold graphs have a choice to look at average or peak values. You should use 'peak values' anytime you are looking at data older than 6 hours. If there was a 'spike' that occurred in just one sample and all the others were 'normal', each time the data is 'averaged' the 'average values' will become much smaller.
In order to see the one minute data again, you could restore a previously saved database for that period on a different machine. We recommend you install IntraVUE on two machines. One for 24x7 scanning and one to look at saved databases.
Q: HOW CAN I STOP AND START INTRAVUE SERVICES ON MY LAPTOP?
A: If you are using a laptop for diagnostics you probably want to go to the Window's services dialog and set the 'AutoIP Auto Bootp' service to Stopped and Manual or Disabled.
You can stop the remaining services from a DOS command prompt as shown below.
net stop "apache tomcat etomcat"
net stop "autoip i-server"
net stop "autoip ping daemon"
net stop mysql
Putting the above commands into a batch file, like stopiv.bat, would easily stop all of the services. In a batch file like startiv.bat, replace the stops with starts.
Tomcat and mysql are required to view off line databases but the other services are not.
Q: DOES INTRAVUE USE AN EXPLICIT MESSAGE WITH CIP CONNECTION WHEN TALKING WITH A EtherNet/IP DEVICE?
A: The Intravue Ethernet/IP scanner uses a connectionless UDP message to request the identity of the target devices. The actual request is the CIP IDENTITY message 630000000000000000000000000000000000000000000000.
This does not require allocation of any ongoing resources at the target. Additionally, the frequency of these requests as seen by an individual target device is very low, only about once every 15 minutes during normal operation.
There should thus be no problem with these requests coexisting with normal operational use of even an Ethernet/IP device with limited connections, those devices normally support message repetition rates exceeding 100 per second.
Q: WHAT ARE THE RECOMMENDED SYSTEM REQUIREMENTS?
A: All Windows Operating Systems are supported except Vista and Windows 8 variants. A virtual machine with one
of the supported OS's will also work.
The VMware vSphere® High Availability environment (and similar solutions from other vendors) is not supported as it creates frequent changes of host environments in a way that causes problems.
4 GB RAM is recommended for more than 500 discoverable devices, 2 GB for less.
Any recent CPU will be fine. IntraVUE will run with as little as 4 GB of disk space but 8 GB is wise if you have more than 1000 devices being scanned.
IntraVUE does not take particular advantage of multiple processors/cores.
The host computer must be able to ping any devices to be monitored.
If devices are not in the same subnet as the IntraVUE host, the host must be able to get SNMP data from the gateway of the subnet to be monitored. This means IntraVUE must be configured with the Gateway/Router's SNMP Read Only community and the host IP must have authorization in the gateway.
If you DO NOT or CAN NOT get SNMP permissions, you can add NIC cards to the host so that the other subnets become local to the host or you can add an IntraVUE Agent.
You cannot currently scan the proxy ip addresses of devices that are on the other side of Network Address Translators (NATs). NATs usually provide its mac address to all the proxy ip addresses and this interferes with some of the IntraVUE scanner's other functions. A solution is in progress.
Q: HOW MUCH NETWORK TRAFFIC IS GENERATED BY INTRAVUE?
A: The amount of traffic put on the network is controlled to some extent by the 'speed' setting on the System
Configuration's Scanner tab.
Measurements show the typical load, at the fast setting, for scanning 100 nodes is about 5K bytes/sec or 0.04% at 100Mbps, and load when actively browsing is about 40K bytes/sec or 0.3%. Both of these numbers are likely to scale approximately linearly.
There will be also a broadcast traffic impact of about 200 bytes/sec on average, or 0.002% from the ARP traffic.
This will not increase much with node count (actually will tend to go down as node count increases because the scan rate slows)
It is easy enough to determine the actual load of a given IntraVUE, by using the threshold graph displays and looking at the link between the scanner and its closest switch.
Q: WHAT PORTS ARE USED BY INTRAVUE?
A: Make sure that the following ports are not being blocked from the IntraVUE host machine to all devices in the scan range by a Firewall/ASA router, Access Control List (from an L2/L3 Switch or Router), or Deep Packet Inspection/IDS/Security appliance?
TCP ports
80 - used to find devices with web pages and to provide a link to those pages automatically. May also be used as additional port to browse to IntraVUE if it does not conflict with IIS.
8765 - mandatory port to browse IntraVUE
UDP ports
161 - used for SNMP
162 - used to listen for SNMP trap messages
137 - used to find NetBIOS names
44818 - used for Ethernet/IP CIP protocol
65402 - used for communication to IntraVUE Agents
65403 - used for communication to IntraVUE Agents
Q: IS THERE AN EASY WAY TO ADMIN VERIFY ALL THE DEVICES?
A: Selecting each device and using the Device Configuration dialog can take a long time.
Go to the Scanner Tab of the System Configuration dialog and select the button 'Admin Verify All Devices'. This will verify everything except the auto-inserted (n/a in IP view) nodes. If the n/a nodes really represent hubs they should be individually admin verified and given names.
Q: WHY ARE ALL OR MOST THE DEVICES UNDER AN UNRESOLVED NODE?
A: As soon as a device responds to a ping request it is added to the unresolved node of that IntraVUE network.
Note: a bug from version 2.1.0b to 2.1.0b17 existed that sometimes prevented a device from appearing.
The scanner then tries to find the mac address for the top parent or any device it can identify as a router that is configured for SNMP. If you look at the properties for a device under unresolved and you do not see a mac address, you have probably selected the wrong top parent, the wrong router, or not included the router that "owns" the device.
There should be a green outline around any routers. If not the snmp is not configured correctly in IntraVUE or the router. The router may use Access Control Lists and the IntraVUE host is not in the list.
Try using the DOS command "tracert x.x.x.x" using the ip of a device in unresolved. The last router in the resulting list must be in the scan range and may have to be the top parent for that network.
IntraVUE Help has a good description of selecting the right top parent.
Q: I HAVE MANY INTRAVUE NETWORKS, CAN I ONLY SHOW ONE OR TWO AT A TIME?
A: There are two options that can be added to the URL used to browse to IntraVUE. The URL that will be in the address bar of your browser after launching IntraVUE is http://127.0.0.1:8765/iv2/i-vue.jsp.
To hide networks use?h= and a comma separated list of networks to hide.
Example: http://127.0.0.1:8765/iv2/i-vue.jsp?h=1,3 hides network id 1 and 3.
To ONLY show network that you, instead of hiding them, use ?n= and a comma separated list of networks to show.
Only those networks listed will appear.
HINT: To easily tell the network numbers look at the Network panel in the Event Log's Show Filters mode. In the Network list box, the network number appears with each network name.
Q: CAN INTRAVUE SCAN THROUGH A FIREWALL AND IF SO, HOW?
A: First, we recommend you DO NOT scan through a firewall. The ping data will include delays and characteristics of the router which are not seen on the other side of the firewall. There will also be unnecessary traffic going through the firewall. We recommend an IntraVUE be installed on the far side of the firewall and that you browse remotely to it. If that is not possible, you can set up the firewall to allow certain traffic from the IntraVUE host computer to pass through the firewall to the target subnets.
The traffic which must be carried through a router or firewall for IntraVUE to work is as follows:
ICMP request and response (so that PING works)
UDP port 161 (SNMP)
In addition, if the firewall is used for routing, the firewall itself must have SNMP switched on, and must publish the ARP table as if it were a router. The ARP data is where IntraVUE determines the MAC address of each target. In most cases, firewall appliances do not satisfy this condition, which is why IntraVUE cannot normally see devices on the other side of a firewall. Or it may be possible but IT will refuse to allow it. You can determine if the firewall has routing responsibility by using TRACERT to a device in the target scan range. If the firewall is listed as one of the 'hops' then it is being used as a router.
The ARP data from the 'last hop' router must be available to IntraVUE. This is by configuring the READ ONLY SNMP community. If the firewall is the last hop, then SNMP must be available to IntraVUE. Otherwise it will be a similar situation to forgetting to add a router to the scan range. IntraVUE will be able to determine if target devices themselves are 'up' or 'down', but will not be able to determine the topology (All devices will stay in 'Unresolved'). The user can compensate for this by using 'manual moves' but this is usually less than ideal.
It is highly recommended that the IntraVUE scanner be on the same side of the firewall as the target devices to be monitored. Much of the topology and performance data available through IntraVUE will be degraded if the scanner is remote.
Q: CAN I BACKUP INTRAVUE FROM A DOS COMMAND PROMPT?
A: YES you can, although do not use the mysql utility mysqldump. If you use that you will back up some database tables that will cause problems if you were ever to restore the database.
Some IntraVUE users have wanted to make backups every 6 hours. In this way they will always have a backup to restore that will have threshold data using 1 minute resolution for pings and bandwidth.
The IntraVUE backup from the System Configuration dialog can be accessed, but commands are complicated.
The commands below can be pasted into a batch file.
The batch file will create a backup having date and time information in the filename, so no parameters to the batch file are required.
The SET commands at the end can be changed if you have installed components in a different location.
set ctime=%Time%
set cdate=%Date%
for /f "tokens=1,2,3 delims=:." %%a in ("%ctime%") do (
set chour=%%a
set cmin=%%b
set csec=%%c)
for /f "tokens=2,3,4 delims=/ " %%a in ("%cdate%") do (
set cmon=%%a
set cday=%%b
set cyear=%%c)
SET IntraVUE_Dir=c:\\IntraVUE
SET APACHE_DIR=%IntraVUE_Dir%\\autoip\\tomcat6
SET MYSQL_DIR=c:\\mysql
java -cp "%APACHE_DIR%\\webapps\\ivConfig\\OrgNviUtil.jar;%APACHE_DIR%\\common\\lib\\mysql-connector-java-3.0.14-production-bin.jar" IntraVUEBackup %MYSQL_DIR%\\bin netvue netvue "%IntraVUE_Dir%\\dbBackup\\backup_%cyear%-%cmon%-%cday%-%chour%.%cmin%.%csec%.dmp"
Q: HOW CAN I GET BETTER PORT NUMBERS FOR CISCO SWITCHES THAT ARE STACKED?
A: Technically, the port number reported by IntraVUE is the port number that is returned from the switch's bridge mib. A port number is translated into an interface number and the switch maintains information about the port and interface using numbers that do not always relate to what you see on the front panel of a switch. Normally port 3 is interface 3 and that agrees with the front panel. When switches are stacked, you may find a port number like 193 or even 1103 on a 48 port switch.
Cisco has a special mib entry that provides stacking information and this is supported by a few other manufacturers. If this was a standard mib entry, IntraVUE would use it but because it is different or doesn't exist between manufacturers we do not. The IntraVUE tools folder (c:\\IntraVUE\\tools) contains several batch files.
One is 'snmpwalk.bat'. You can use that to query a Cisco switch and get some information that looks like the sample below.
The syntax is:
snmpwalk ip_address read_only_community 1.3.6.1.2.1.47.1.1.1.1.7
For example:
snmpwalk 10.1.1.244 public 1.3.6.1.2.1.47.1.1.1.1.7
For one of our Cisco switches the response is:
1.3.6.1.2.1.47.1.1.1.1.7.1: "Cisco_Switch"
1.3.6.1.2.1.47.1.1.1.1.7.2: "FastEthernet0/1"
1.3.6.1.2.1.47.1.1.1.1.7.3: "FastEthernet0/2"
1.3.6.1.2.1.47.1.1.1.1.7.4: "FastEthernet0/3"
1.3.6.1.2.1.47.1.1.1.1.7.5: "FastEthernet0/4"
1.3.6.1.2.1.47.1.1.1.1.7.6: "FastEthernet0/5"
1.3.6.1.2.1.47.1.1.1.1.7.7: "FastEthernet0/6"
1.3.6.1.2.1.47.1.1.1.1.7.8: "FastEthernet0/7"
1.3.6.1.2.1.47.1.1.1.1.7.9: "FastEthernet0/8"
1.3.6.1.2.1.47.1.1.1.1.7.10: "FastEthernet0/9"
The last number in the string of numbers is typically, but not necessarily, the port number that will appear in the IntraVUE browser. For more info, see Cisco's web site browse OIDs.
You may use this information to modify what IntraVUE shows you using the IntraVUE system file, trunkingdefs.txt in the ..\\IntraVUE\\autoip folder. Refer to the IntraVUE help file and look for 'handling trunking' as the last item in the Admin section. You can also add this information as a second line in the 'hover text' that appears when you are over a connecting line, see the end of 'Hover Feature' in the User section of Help.
Q: HOW DO I CHANGE THE PASSWORD FOR INTRAVUE?
A: To change the default "intravue" password see for more details
Q: WHAT IS CONSIDERED A PING FAILURE?
A: The IntraVUE scanner pings discovered devices nominally about 10 times per minute. At the end of each minute bandwidth statistics are collected from SNMP devices and the results of pinging during that one minute are averaged. For each minute, for each device, there is one value for transmit and receive bandwidth, ping response, and ping failures.
Within each one of the 10 or so 'scanner cycles' per minute, the scanner pings every device and waits for 2 seconds. After the 2 seconds it checks for all the responses. If a device fails to respond, a new ping is sent immediately. If a device still does not respond it is logged as disconnected. If it DOES respond, a ping failure is recorded. The ping failure rate is a percentage: (the number of ping failures) divided by (the number of pings in that minute).
Q: WHAT IS NORMAL VS DISCONNECT?
A: If a device is disconnected, it will have a 100% ping failure rate during the minutes it was disconnected for the full
minute and usually some percentage during the minute it disconnects and reconnects. These ping failures are normal and are NOT a concern. In the image below, ping failures with a black square are normal. Those circled in red indicate a problem.
Some Causes of Ping Failures Include:
Ethernet cable connector bad or loose.
Ethernet cable crimped or damaged between end points.
Ethernet cable effected by environment such as motors starting, weight on cable.
There is a long cable and the switch and the device negotiated a high speed during auto-negotiate but due to the length there are occasional problems. Manually set a lower speed if possible on both ends.
Device is too busy with main tasks to respond to pings.
Mismatch of speed/duplex settings between device and switch.
Switch and device set for auto-negotiate but device has problems negotiating. Set both devices to have the same settings without auto-negotiate.
Device responds, but longer than the 2 seconds the scanner waits for a response.
Poor or inexpensive design of device, such as a bar code reader.
Q: HOW DO I DIAGNOSE PING FAILURES?
A: If there are several devices having problems and they are on the same switch, check the switch. Many of the causes are due to the cable in some way. Check to be sure the cable is fully seated on both ends. In most plants replacing the cable is a difficult task. You can determine if the cable is the problem with several techniques.
If another device is nearby and it is not having problems, swap the cables at the device end and see if the problem also moves. You can use a hub and a second, known good cable if you need extra length.
Another technique is to take a known good device of any type and install it next to the device having problems. Put a known good hub at the end of the cable being tested and connect the problem device and the known good device into the hub. If only the problem device is having failures, it’s the device itself.
Check the settings for speed, duplex, etc. in both the port of the connected switch and the device. Resolve any differences. If one or both are set for auto-negotiate, set them both to a No setting that is NOT auto-negotiate. If the cable length is long, set them for a lower speed to see if the problem goes away.
You can install a packet sniffer, such as WireShark, on the IntraVUE host computer and find out if the device is responding, but responding longer than 2 seconds. IntraVUE can be configured to for a longer wait period but this will effect everything done by the scanner. It should only be done after consulting with tech support.
Finally, it may just be the nature of the device. If the operation of the device is good and it is not affecting operations, you will have to learn which ping failures are significant and which are not.
Q: HOW ARE DUPLICATE MAC ADDRESSES DISPLAYED?
A: A MAC address is supposed to be unique in the world. They are assigned by device manufacturers and are not intended to be changed. Switches mov packets between their ports be inspecting the header of the packet. A destination MAC address will be in the header. The switch then looks up the port number assigned to the MAC address in its 'bridging table'. The message is then sent out of that port. This is done without regard to the IP address information in the packet. (Only routers pay attention to IP addresses.)
Duplicate MAC addresses in a network typically cause messages to FAIL to be delivered to the correct location, resulting in lost or intermittent communication to the affected pairs of devices.
A switch will remember a port number for every MAC that was in a recently received packet. A device sending a message would have found the MAC address for the IP as a result of sending a broadcast ARP request and having the response come back through all the switches in the path to the target device.
In the case of duplicate MAC addresses, the port for a mac may be the one leading to IP address X or it could be the one leading to IP address Y. It will depend on the last traffic received by the switch. So if the switch receives a packet intended for device X, but a recent packet received at the switch was from device Y with the same MAC, the switch will transmit the packet on the incorrect port. The IntraVUE scanner examines the ARP caches it knows about and when it see that a MAC address is associated with a new IP address, the IntraVUE database is updated to reflect this change, and an event log entry is added. This is necessary to handle the case where a device has been reconfigured to change its IP address. However, when there are DUPLICATE MAC addresses on a network, such event log entries may also be seen, often in conjunction with an apparent 'move' of the device.
In the image below you will see a similar situation where two devices have the same MAC. (The part of the event log displayed below is when the duplicate MAC first starts to occur.)
NOTE: In the case of duplicate macs, the IntraVUE event log will record frequent, several times a day, changes in location for the devices that have the duplicate.
Right after the device with the duplicate mac joins the network, IntraVUE records that the original device has changed its IP address based on information provided by ARP requests. At this point the original device now has the IP and other info of the new device. The original device then responds to its original IP and it is added as a NEW device, then the duplicate MAC is detected, and the process continues in an endless cycle; until the problem is fixed.
Because layer 2 switches deliver data based on MAC address packets intended for either of these devices often end up at the other device. If you look at the line threshold graph for either device you will see many ping failures - almost constantly.
This is because the ping intended for one of the IPs takes the path to the other IP and the other IP does not respond.
Q: HOW ARE DUPLICATE IP ADDRESSES DISPLAYED?
A: Getting duplicate IP addresses on a network is fairly common. If someone gives a device a fixed IP and gets the IP by looking for a device that doesn't respond to a ping, when the disconnected device powers on you will have duplicate IPs.
NOTE: Using the IntraVUE search function to find IPs that don't exist will guarantee an IP has not been used since the scanner was started.
When there are two devices with the same IP address in a subnet, both will hear broadcast messages asking 'who has ip address X?' and both will respond 'I do, my MAC is ...'.
Each device will have a different MAC. Each switch that the response is returned through will have that MAC assigned to the appropriate port for the IP that responded.
When a device issues an ARP request to find out 'who has an IP' the most recent response will overwrite any previous responses in the device's ARP cache. Messages will be formed using that MAC address. Switches will route the message by port for that MAC address (switches don't consider the IP address in the packet). When there are duplicate IPs the MAC address that the IntraVUE scanner will associate with a device will change over time depending on the sequence ARPs are returned.
Additionally, IntraVUE associates a MAC with an IP and when a switch reports the 'new' mac of an IP is at a different location in the network, IntraVUE will move the device to its 'new' location.
The result will be frequent events about a device IP having a new MAC address and the device moving. The moves will alternate between the two physical locations of the devices in the network.
By following the Ethernet cable connected to the ports of the managed switches the devices are moving between you will find the devices with the duplicate MACs. (You do have managed switches don't you?).
Q: I CAN PING A DEVICE FROM DOS, WHY DOESN'T INTRAVUE DISCOVER IT?
A: A ping request packet (ICMP protocol) contains an identifier. The identifier tell which request packet is being responded to.
When DOS issue a pings every outgoing packet contains the same identifier, 1.
When IntraVUE issues pings each packet has a different identifier so the time to respond is acurate and not a late response to an earlier ping is not confused with the one just issued.
Some device implementation of the ICMP protocol (ping) just copy the DOS response and always respond with the same identifier. The result is that the ping response is analyzed by IntraVUE, the identifier does not match, so the response is ignored. This makes the device undiscoverable by the IntraVUE scanner.
Some devices do not copy the data payload of the request into the data payload of the response over a certain size. The ICMP spec requires responses of many thousands of bytes. The devices that fail typically only handle up to 32 bytes, the same size as a DOS ping request's data payload.
To test this case you can force a packet size in a DOS ping, try these example pings. If the ping fails, that is why IntraVUE is not finding the device or shows it as disconnected.
Ping 10.51.11.160 -l 35
Ping 10.51.11.160 -l 1025
Devices known for this behavior include...
• Honeywell UDC 2500
• Infinias badge readers
Q: CAN INTRAVUE SCAN MESH NETWORKS?
A: Yes, but it depends on what you define as 'scan'.
At the lowest level, Intravue can 'scan' any network which contains devices which respond to PING and Intravue will correctly indicate when such devices connect/disconnect and will monitor the ping response and ping failure rates. This means that even without topology support, there is a valid business case for Intravue scanning. Many customers in fact use Intravue just like this, typically because the networks they are monitoring use switches which are not 'SNMP managed'.
In order for Intravue to provide meaningful automatic topology determination and placement, the infrastructure switches need to provide reporting using the 'Bridge MIB' (RFC 1493) and there needs to be read-only access provided to the Layer 2 and Layer 3 switches involved.
Many 'mesh' arrangements where switches are connected to multiple other switches (including multihoming) there are alternative paths for messages to propagate from device to device. When using such systems the Intravue topology determination can appear to change often or can fail to complete (Intravue will not make a 'move' of a device if there is conflicting information about where the device is located).
In these circumstances it may be preferable to disable the SNMP reporting from the switches concerned, rather than try to 'fix up' the topology by using trunkingdefs files.
So there is no requirement that Intravue avoids MESH networks, just that the more similar the network is to a 'traditional' layer 2 switching arrangement using SNMP managed switches, the more valuable and accurate the topology reporting is likely to be.
Q: THE MYSQL FOLDER HAS GIGABYTES OF DATA, HOW TO I MAKE IT SMALLER?
A: Your C:\\MySQL\\data folder may contains files that start with "mysql-bin", like mysql-bin.0000005. There files are used by mysql for transactions when Windows' resources are low in a feature not used by IntraVUE.
You should comment out two lines in the c:\\MySql\\my.cnf file. It is usually best to open WordPad and then use File/Open to edit the file.
Put a # sign in front of the two line as shown below.
# log-bin=mysql-bin
# binlog_format=mixed
Now stop the mysql service using the Windows Service dialog. This will cause the autoip i-server service to also stop.
Delete all the mysql-bin.0000xx files in the mysql\data folder and start the mysql and autoip i-server services. The files will not be created anymore.
Note: Starting with IntraVUE version 2.1.0c5, these lines are commented out of the my.cnf file if you chose to replace mysql.
Q: CAN I EXPORT EVENTS FROM THE EVENT LOG?
A: You may wish to look at IntraVUE events in a text file or spreadsheet. You can do so from a DOS command prompt. It is easiest if you run the DOS command prompt in the c:\mysql\bin folder where you can omit the beginning c:\mysql\bin\.
The basic syntax to show the results on the console is:
c:\mysql\bin\mysql IntraVUE -uroot < filename.sql
You may need to add the user and password to the command line depending on which version of IntraVUE you have. If this is the case, please contact tech support for the correct syntax.
The basic syntax to save the results in a file (redirect) named save_file.txt is:
mysql IntraVUE < filename.sql > save_file.txt
You can create several .sql files to get different events from IntraVUE.
To get all events sorted by IP address, create a new .sql file with notepad having one line. The RPAD forces the results to have a certain number of spaces.
SELECT RPAD(EventId,5," "), RPAD(Occurred,21," "), RPAD(IpAddress,16," "), Description from event ORDER BY IpAddress, EventId;
To get all events into a CSV file (don't use the redirect command line for this one) (Note: modified 1/3/2013) Note: the csv file will be saved in the mysql\data\IntraVUE folder.
SELECT * from event INTO OUTFILE '130103_events.csv' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\r\n';
Q: IT IS POSSIBLE TO COMBINE THE SQL FILE AND THE DOS COMMAND INTO A SINGLE BATCH FILE AS SHOWN IN THE FOLLOWING EXAMPLE?
A: The ">" from the command line becomes a "-e" option in the batch file. Avoid double quotes except after the -e and at the end of the line. To get all events between two dates, create a batch file and copy the lines below into the batch file. Modify the START and END dates as appropriate.
REM set the dates for the report below.
REM They report will be called "ivEvents_startdate_enddate.csv
REM In your spreadsheet program select semi-colon as the separator, not comma.
SET START=2012-12-09
SET END=2012-12-17
c:\mysql\bin\mysql IntraVUE -uroot -e "select eventid, ';', occurred, ';', class , ';', description from event WHERE occurred > '%START%' AND occurred < '%END%' order by eventid ASC" > ivEvents_%START%_%END%.csv
Q: CAN INTRAVUE AND SYNAPSE RUN ON THE SAME MACHINE?
A: YES. SynapSense has researched the conflict between IntraVUE™ and with older SynapSense 2.4Ghz systems and there is a way to change the default 3306 MySQL port for SynapSense. Newer SynapSense offerings (e.g. SynapSense 900) are not subject to this same conflict. Contact techsupport@panduit.com for more information.
Q: IS THERE A TOOL AVAILABLE TO HELP DEBUG MODBUS ISSUES?
A: A modbus monitoring tool is available to help diagnose problems with modbus/tcp. This tool is from the
modbus.org web site. The tool is a modbus client that can be directed at a modbus server, such as the IntraVUE
host computer on port 502.
Download the tool here
Double click the .jar file to launch it (requires a JRE on the host) and enter the IP address of the IntraVUE host. Use
127.0.0.1 if you are running from the host.
Set unit to 0.
Note: IntraVUE versions after 2.0.3 responded to all unit ids.
Set register to 0 to start at the beginning, size to 10 for 10 data types per request, and datatype to INT16.
Q: HOW CAN I SEE A THRESHOLD SETTING?
A: By positioning the mouse over a connecting line and right clicking. A threshold dialog box associated with the two connecting devices will open. You can view the thresholds from here. The administrator sets the default thresholds in the Threshold Tab of the System Configuration dialog. The values are assigned upon device discovery. Threshold values are the limits that change line colors from green to yellow in the main display. The values are retrieved from the data stored in the database. The administrator can change the current threshold values for an individual device in the threshold dialog itself.
Q: HOW DO YOU REPLACE THE MICRO SD MEMORY CARD?
A: The Operating System of the IntraVUE Plug is contained on the micro SD card. The micro SD card contains all data except registration and network addresses.
The micro SD card is located on the left side as viewed from the 'top'.
Removal is done by pushing the card further INTO the plug, you will feel some spring-like resistance, and then releasing. The card will then 'eject'.
Replacement is done by inserting the micro SD card into its 'slot'. Be careful to insert the card into the slot, as it is possible to insert it above the slot.
After you push the card FULLY into the slot, you will feel some spring resistance, and when you release your finger the card will stay in the slot.
Q: HOW DO YOU CHANGE/SET THE DATE, TIME, AND/OR TIME ZONE ON THE PLUG?
A: There are several utilities available on the plug for settings its internal date and time.
By default the plug looks for a time server to provide the time. The default server is set for pool.ntp.org. In most installations this will not be available. If a local time server is available you can set it by substituting its URL for pool.ntp.org in the URL below
http://(IP OF PLUG):8765/tools/util.jsp?ntpserver=pool.ntp.org
The response should look like this:
ntpserver pool.ntp.org
setting network time server to pool.ntp.org
To set the time or time zone use the plug's utility page by appending "/plug" after the :8765 in the address you use to access IntraVUE.
If you need to use the plug's internal clock, it is a good idea to start by making sure the time zone set in the plug is the right one for your time zone. The time changes when the time zone changes.
DO NOT CHANGE THE TIME BEFORE SETTING THE CORRECT TIMEZONE AND REBOOTING THE PLUG OR APPLIANCE.
A list of all possible time zones is in the drop down list. Select the one for your location, for instance "Europe/Paris". Once the time zone is correct (reboot if you changed it), you can change the time.
Q: WHAT MUST BE CONFIGURED BEFORE JAVA WILL WORK WITH INTRAVUE IN MY BROWSER?
A: Starting with Java 7, a security tab has been added to the Java Control Panel, most recently found in Start/Programs/Java/Configure Java. You MUST add the full URL used to launch Intravue as an exception, up to and including the :8765
If you are using Internet Explorer, you MUST also add the URL/IP to the list under the security tab's Trusted Sites
Q: WHY DOESN'T SEARCH CENTERS A DEVICE IN INTERNET EXPLORER 11?
A: This issue is related to java and security requirements in Internet Explorer 10 and 11. IE is preventing the communication between different pop up windows. To make this work, go to the 'Page' icon in the toolbar, select 'Compatibility View Settings', add the IP of IntraVUE to the list.
Q: INTRAVUE IN THE BROWSER IS TAKING A LONG TIME TO LOAD, WHY?
A: There is a Java security setting that needs to be adjusted if the browser does not have direct access to the Internet, or you will get this symptom.
control panel : java : advanced : (Note: in the latest Java, this has moved to Start : Programs : Java )
Perform certificate revocation checks on
Do not check (not recommended)
Once you make this change, the delay will disappear.
Basically what is happening is that Java is trying to make sure the 'certificate' is valid. But because there are reasons that a certificate might be 'revoked' (because an employee steals it for example), Java needs to 'ask' the certificate authority to check. But because the computer has no Internet access, this will not work, so it tries for a while and then gives up. Hence the 'delay'.
The workaround is to tell Java to suppress the check, since there is no security risk (you are not attached to the Internet anyway).
HOW CAN I SEE A THRESHOLD SETTING?
By positioning the mouse over a connecting line and right clicking. A threshold dialog box associated with the two connecting devices will open. You can view the thresholds from here.
The administrator sets the default thresholds in the Threshold Tab of the System Configuration dialog. The values are assigned upon device discovery.
Threshold values are the limits that change line colors from green to yellow in the main display. The values are retrieved from the data stored in the database.
The administrator can change the current threshold values for an individual device in the threshold dialog itself.
HSRP - Hot Standby Redundant Protocol
HSRP allows two Layer 3 Switches (Routers) to be connected and share data. If one router fails, the other will assume all functions of the other. To complete the redundancy, the upper level Layer 2 switches are redundantly connected to each router. This has the potential for network traffic to take different paths at any time, although in practice it happens rarely.
The trunkingdefs.txt file needs to be configured so the Intravue scanner treats the two ports of a redundantly connected switch as being the same port. In Intravue Help, see 'Handling Trunking in Switches'.
In some cases the issue will go away by not scanning both the virtual IP and both physical IPs. If the virtual IP in a subnet is the .1 and the two physical IPs are .2 and .3, the first approach would be to scan the .1's, but not the .2 and .3. The range in each subnet in this case would be in two lines: X.X.X.1 to X.X.X.1 plus X.X.X.4 to X.X.X.254
The other approach is to skip the virtual IP and make the scan range X.X.X.2 to X.X.X.254
If using either of these approaches it is very important to be consistent in every Intravue network so the excluded IP(s) are NEVER in the scan range.
CISCO CATALYST BROADCAST STORM PROTECTION
Cisco can suppress broadcast, multicast, or unicast traffic if the per cent of those packets exceed a certain value. If the percent of traffic goes a bove a ‘suppression’ level, all packets of that type are discarded and the switch then continues to get packets. This is supposed to help but generally hurts when enabled.
A setting of 50 means if more than 50% of the packets are of type X, then discard all packets. A setting of 100 effectively disables the setting, a setting of 0 effectively kills the switch. Note: in some switch software it is called flooding control, in others it is called storm control.
Cisco Note on Configuring Port-Based Traffic Control
The port numbers on the switch faceplate are the reverse of this switches internal port numbers, the numbers used by Intravue. Port 1 is reported as 12, 2 as 11, etc.
You can edit IntraVUE's trunkingdefs.txt file and have Intravue report the numbers you would expect. This is an example covered in Intravue Help, see 'Handling Trunking in Switches'.
Early versions of Hirschmann Mach switches did not report the Bridge Mib (RFC 1493) and instead used the Q-Mib. The Bridge Mib tells the port number for a MAC address, the Q-Mib is a newer standard designed to handle VLANs. The Q-Mib requires the Bridge Mib also be reported. The Bridge Mib is what Intravue uses to determine topology.
Current versions of the Mach switches support the Bridge Mib. If you don't see devices being place by Intravue under a Mach switch, you probably need to update the firmware of the switch.
Early models of some Hirschmann switches (4000, IP67) reported devices having mac addresses that were numberically close as if they were the same mac. For instance, two devices with mac addresses like 00 00 BC 32 F2 7F and 00 00 BC 32 F2 83 where the last octets are close, could be reported by one of these switches as being on a port when in fact it was not.
These false reports happen infrequently and are only momentary. To work around this problem, Intravue can be configured to require that all switches make some number of IDENTICAL reports before making a move. In the ...\intravue\autoip\ivserver.properties file: # number of successive consistent switch reports required before allowing device move
# (only increase this if using switches reporting erratic port numbers)
# scanner.switch.move.deferral.count=1
scanner.switch.move.deferral.count=1
Set the count to 2. The difference will be dramatic, but it will take MUCH longer to see real moves.
This switch had an issue responding to SNMP GetNext requests in certain conditions. Software version N.11.15 corrects this behavior.
In Intravue, if the older software is installed in a switch, the switch will not be recognized as a managed switch and it will be placed under an auto-inserted node along with all its directly connected devices
This switch does not report the mac addresses in the bridge mib in numercial order of mac address (OID) as required by the Bridge Mib causing snmp getnext queries to return incorrect data.
Early models of GarrettCom switches did not fully support the Bridge Mib. Make sure you are using the latest firmware from their support site.
Early models of RuggedCom switches did not fully support the Bridge Mib. Make sure you are using the latest firmware from their support site.
Some Dell PowerConnect models do not support the Bridge Mib, RFC 1493/4188. They do support the Q-Mib which is a supplement but not replacement for the Bridge Mib. The following models will be recognized as having SNMP by IntraVUE but will not have port numbers and not be recognized as being a managed switch. • PowerConnect 3448 SW 1.0.0 through 2.00
• PowerConnect 3448P SW 2.0.0.21
• PowerConnect 5324 SW 1.0.0.45 Boot 1.0.0.21
• PowerConnect 6224F boot 3.3.3.3
Note that the PowerConnect 3548 SW 2.0.0 does support the Bridge Mib.
|