vRealize Network Insight supports the following intent types.

Group (Category) Intent Type Name UI Name Severity Virtual/Physical Description
STIG Account Password Protection Account Not Password Protected Administrative account access is not password protected on the following devices. High Physical The network device must be password protected for administrative access.
Console Access Password Protection Console Access Not Password Protected Console port access is not password protected on the following devices. High Physical The network device must require authentication for console access.
Default Password Existence Default Password Existence Default manufacturer password is used on the following devices. High Physical The network device must not have any default manufacturer passwords.
Management Connection Password Protection Management Connection Not Password Protected Management port access is not password protected on the following devices. High Physical The network device must require authentication prior to establishing a management connection for administrative access.
Plaintext Password Visibility Plaintext Password Visibility Plaintext passwords are visible on the following devices. High Physical The network device must not have plaintext passwords.
Network Health Segmentation Segmentation Failure Network endpoints should be segmented. Critical Physical, Virtual Network endpoints should be segmented.
Note: Segmentation Intent verifies that specified source cannot communicate with destination, even using spoofed source IP addresses.
Reachability Reachability Failure Network endpoints should be reachable. Critical Physical, Virtual Network endpoints should be reachable.
Duplicate IP Address Duplicate IP Address Duplicate IP address has been configured on the following interfaces. Critical Physical Duplicate IP address should not be configured on multiple interfaces.
Duplicate MAC Address Duplicate MAC Address Duplicate MAC address has been configured on the following interfaces. Critical Physical Duplicate MAC address should not be configured on multiple interfaces.
Duplex Mismatch Duplex Mismatch Duplex configuration does not match on the following ports. Critical Physical, Virtual Port duplex configuration of the ports on each link should match.
Loop Detection Loop Detection Network contains the following loop. Critical Physical, Virtual Network should be loop free.
STP Path Cost Method Consistency STP Path Cost Method Consistency Inconsistent STP path cost methods have been configured on the following switches. Moderate Physical STP path cost calculation methods should be consistent among switches.
Trunk VLAN Mismatch Trunk VLAN Mismatch Allowed VLANs configuration does not match on the following trunk ports. Critical Physical, Virtual Allowed VLANs configuration should match on the ports of each trunk link.
Port Mode Mismatch Port Mode Mismatch Port mode configuration does not match on the following ports. Critical Physical Port mode configuration should match on the ports of each link.
Port Channel Member Mismatch Port Channel Member Mismatch Port channel member ports should not connect to non-member ports on linked devices. Critical Physical Port channel member ports should not connect to non-member ports on linked devices.
Native VLAN Mismatch Native VLAN Mismatch Native VLAN configuration does not match on the following ports. Critical Physical Native VLAN configuration of the ports on each link should match.
Native VLAN Tagging Mismatch Native VLAN Tagging Mismatch Native VLAN Tagging does not match on the following ports. Critical Physical Native VLAN tagging of the ports on each link should match.
HSRP/VRRP Configuration Error HSRP/VRRP Configuration Error HSRP Configuration contains the following error. Critical Physical Check for HSRP/VRRP configuration mismatch between Active and Standby.
Device Health Link MTU Mismatch Link MTU Mismatch MTU configuration of the ports on each link should match. Moderate Physical, Virtual MTU configuration of the ports on each link should match.
HSRP/VRRP Master and STP Root Co-location HSRP/VRRP Master and STP Root Co-location HSRP/VRRP Master should be colocated with STP Root, if both protocols are enabled. Moderate Physical HSRP/VRRP Master is not colocated with the following STP Root.
Note:
  • STIG intents are supported for the following devices only:
    • Cisco ASA, Cisco Catalyst, Cisco Nexus
    • Juniper EX and QFX, Palo Alto
  • If a device is configured with port channel sub interfaces (that are associated with different VLANs), such configurations are considered while performing intent analysis for the following devices only:
    • Arista switches
    • Dell EMC PowerSwitch S5200 (running on OS10)