vRealize Network Insight supports the following intent type.
Group (Category) | Intent Type | Name | UI Name | Severity | Virtual/Physical | Description |
---|---|---|---|---|---|---|
STIG | Account Password Protection | Account Not Password Protected | Administrative account access is not password protected on the following devices. | High | Physical | The network device must be password protected for administrative access. |
Console Access Password Protection | Console Access Not Password Protected | Console port access is not password protected on the following devices. | High | Physical | The network device must require authentication for console access. | |
Default Password Existence | Default Password Existence | Default manufacturer password is used on the following devices. | High | Physical | The network device must not have any default manufacturer passwords. | |
Management Connection Password Protection | Management Connection Not Password Protected | Management port access is not password protected on the following devices. | High | Physical | The network device must require authentication prior to establishing a management connection for administrative access. | |
Plaintext Password Visibility | Plaintext Password Visibility | Plaintext passwords are visible on the following devices. | High | Physical | The network device must not have plaintext passwords. | |
Network Health | Segmentation | Segmentation Failure | Network endpoints should be segmented. | Critical | Physical, Virtual | Network endpoints should be segmented.
Note: Segmentation Intent verifies that specified source cannot communicate with destination, even using spoofed source IP addresses.
|
Reachability | Reachability Failure | Network endpoints should be reachable. | Critical | Physical, Virtual | Network endpoints should be reachable. | |
Duplicate IP Address | Duplicate IP Address | Duplicate IP address has been configured on the following interfaces. | Critical | Physical | Duplicate IP address should not be configured on multiple interfaces. | |
Duplicate MAC Address | Duplicate MAC Address | Duplicate MAC address has been configured on the following interfaces. | Critical | Physical | Duplicate MAC address should not be configured on multiple interfaces. | |
Duplex Mismatch | Duplex Mismatch | Duplex configuration does not match on the following ports. | Critical | Physical, Virtual | Port duplex configuration of the ports on each link should match. | |
Loop Detection | Loop Detection | Network contains the following loop. | Critical | Physical, Virtual | Network should be loop free. | |
STP Path Cost Method Consistency | STP Path Cost Method Consistency | Inconsistent STP path cost methods have been configured on the following switches. | Moderate | Physical | STP path cost calculation methods should be consistent among switches. | |
Trunk VLAN Mismatch | Trunk VLAN Mismatch | Allowed VLANs configuration does not match on the following trunk ports. | Critical | Physical, Virtual | Allowed VLANs configuration should match on the ports of each trunk link. | |
Port Mode Mismatch | Port Mode Mismatch | Port mode configuration does not match on the following ports. | Critical | Physical, Virtual | Port mode configuration should match on the ports of each link. | |
Port Channel Member Mismatch | Port Channel Member Mismatch | Port channel member ports should not connect to non-member ports on linked devices. | Critical | Physical | Port channel member ports should not connect to non-member ports on linked devices. | |
Device Health | Link MTU Mismatch | Link MTU Mismatch | MTU configuration of the ports on each link should match. | Moderate | Physical, Virtual | MTU configuration of the ports on each link should match. |
HSRP/VRRP Master and STP Root Co-location | HSRP/VRRP Master and STP Root Co-location | HSRP/VRRP Master should be colocated with STP Root, if both protocols are enabled. | Moderate | Physical | HSRP/VRRP Master is not colocated with the following STP Root. |
Note: STIG intents are supported for the following devices only:
- Cisco ASA, Cisco Catalyst, Cisco Nexus
- Juniper EX and QFX