A unified discovery rule defines up to four protocols for MDM to use to discover the device. NSP scans the specified IP address ranges using each protocol in the order defined in the discovery rule. For example, you can use the same discovery rule to discover devices using both SNMP and CLI by selecting SNMP as the first discovery protocol and CLI as the second.

For MDM discovery, a unified discovery rule must include at least one mediation policy for each network communication protocol that is used to manage the NE. When a mediation policy is present, at least one reachability policy must also be included. You can select a ping reachability policy, a policy for the mediation protocol, or both. For example, if you have selected gRPC and NETCONF for mediation, you can select any combination of ping, NETCONF or gRPC reachability policies.

If the discovery rule will be used for classic discovery only, you can associate the classic discovery rule and leave the Select Protocols fields blank.

You must create mediation policies for all required protocols before discovery, regardless of which protocols are used to discover the devices.

After MDM discovery is completed, NSP discovers classic devices in the specified IP address ranges as applicable, using the classic discovery rule associated with the unified discovery rule.

Adding a domain controller also requires mediation and reachability policies. The protocols for discovery of a controller are often different from those used to discover NEs.

To discover and manage devices in your network, you must create one or more mediation policies to setup the security and communication infrastructure between the NSP and each device.

A mediation policy defines how the NSP uses a communication type to interact with an NE. The policy specifies the communication settings, and the credentials for security functions. The order in which the policies are added to the discovery rule specifies the order in which they are used to attempt to reach the NE for discovery.

Model driven mediation policies

If the Classic Mediation parameter in a mediation policy is set to No, the mediation policy is for model-driven mediation. Each MDM policy provides mediation information for one protocol, for example, NETCONF.

If a protocol should be used only for NE management and never for discovery, set the Use for Discovery parameter to false.

The protocols required to manage an NE using MDM are listed in the artifact guide for the NE family, along with any applicable recommendations about the order in which the protocols should be used.

Select a policy in the Device Discovery, Mediation Policies view to see policy components, including the discovery rules, controllers, and NEs, if available, that use the mediation policy. If a mediation policy is in use, it cannot be deleted.

File transfer policies

FTP and SFTP policies for MDM are configured in the Device Discovery, Mediation Policies view and included in the discovery rule.

Device adaptor artifacts must be present in the NSP before an MDM file transfer policy can be configured.

Note: If a file transfer policy is present on the NE before discovery, the file transfer policy in the discovery rule overwrites the policy on the NE. If there is a file transfer policy on the NE and no file transfer policy in the discovery rule, the policy on the NE is deleted by the discovery process.

Classic mediation policies

If the Classic Mediation parameter in a mediation policy is set to Yes, the mediation policy is for mediation with classic devices. A classic mediation policy includes mediation information for SNMP, CLI, and file transfer. Therefore, all classic discovery rules include mediation information for all three mediation types, and all classic devices discovered in NSP have SNMP, CLI, and FTP or SFTP policies in place.

Mediation policies for controller discovery

Certain model-driven mediation protocols can be used for discovery of domain controllers only.

Device adaptor artifacts must be present in the NSP before controller mediation policies can be configured.

A reachability policy defines a way for the NSP to perform a reachability check. The policy specifies the communication type to be used to reach the NE, for example SNMP, how often to attempt to reach the NE, and how long to wait for a response.

If a discovery protocol is selected, at least one reachability policy must be selected.

Configuring an anti-theft policy in NSP allows the NSP to communicate with an NE in anti-theft mode.

The anti-theft policy provides the password information to the NSP, it does not configure anti-theft on the NE. Anti-theft configuration must be performed on the NE using CLI. The password configured in the anti-theft policy must match the OS password configured on the NE.

See “Network security in the NSP UI” in the NSP Security Hardening Guide for more information about anti-theft mode, and procedures to configure anti-theft policies.

Including an anti-theft policy in a discovery rule applies the anti-theft password to all NEs associated with the discovery rule.

Select a policy in the Network Security, Anti-theft Policies view to see policy components, including the discovery rules and NEs, if available, that use the anti-theft policy. If an anti-theft policy is in use, it cannot be deleted.

If mediation and reachability policies are present in the NFM-P, they are synched to the NSP and appear in the Device Discovery, Mediation Policies and Device Discovery, Reachability Policies views.

After devices have been discovered, you can select an NE in the Device Management, Managed Network Elements view to see the Info panel for the NE. Click (Mediation Policies), (Reachability Policies), or (Network Security). The Info panel displays the policies applied to the NE. From the Network Security tab, you can click to cross-launch to the relevant view.

The mediation and reachability policies applied to an NE depend on the discovery rule and the mediation type: the policies in the classic discovery rule are applied to classic devices, and the MDM policies in the universal discovery rule are applied to MDM devices. Network Security policies apply to all compatible NEs discovered by the discovery rule.