vRealize Network Insight supports the following intent types.
| Group (Category) | Intent Type | Name | UI Name | Severity | Virtual/Physical | Description |
|---|---|---|---|---|---|---|
| STIG | Account Password Protection | Account Not Password Protected | Administrative account access is not password protected on the following devices. | High | Physical | The network device must be password protected for administrative access. |
| Console Access Password Protection | Console Access Not Password Protected | Console port access is not password protected on the following devices. | High | Physical | The network device must require authentication for console access. | |
| Default Password Existence | Default Password Existence | Default manufacturer password is used on the following devices. | High | Physical | The network device must not have any default manufacturer passwords. | |
| Management Connection Password Protection | Management Connection Not Password Protected | Management port access is not password protected on the following devices. | High | Physical | The network device must require authentication prior to establishing a management connection for administrative access. | |
| Plaintext Password Visibility | Plaintext Password Visibility | Plaintext passwords are visible on the following devices. | High | Physical | The network device must not have plaintext passwords. | |
| Network Health | Segmentation | Segmentation Failure | Network endpoints should be segmented. | Critical | Physical, Virtual | Network endpoints should be segmented.
Note: Segmentation Intent verifies that specified source cannot communicate with destination, even using spoofed source IP addresses.
|
| Reachability | Reachability Failure | Network endpoints should be reachable. | Critical | Physical, Virtual | Network endpoints should be reachable. | |
| Duplicate IP Address | Duplicate IP Address | Duplicate IP address has been configured on the following interfaces. | Critical | Physical | Duplicate IP address should not be configured on multiple interfaces. | |
| Duplicate MAC Address | Duplicate MAC Address | Duplicate MAC address has been configured on the following interfaces. | Critical | Physical | Duplicate MAC address should not be configured on multiple interfaces. | |
| Duplex Mismatch | Duplex Mismatch | Duplex configuration does not match on the following ports. | Critical | Physical, Virtual | Port duplex configuration of the ports on each link should match. | |
| Loop Detection | Loop Detection | Network contains the following loop. | Critical | Physical, Virtual | Network should be loop free. | |
| STP Path Cost Method Consistency | STP Path Cost Method Consistency | Inconsistent STP path cost methods have been configured on the following switches. | Moderate | Physical | STP path cost calculation methods should be consistent among switches. | |
| Trunk VLAN Mismatch | Trunk VLAN Mismatch | Allowed VLANs configuration does not match on the following trunk ports. | Critical | Physical, Virtual | Allowed VLANs configuration should match on the ports of each trunk link. | |
| Port Mode Mismatch | Port Mode Mismatch | Port mode configuration does not match on the following ports. | Critical | Physical | Port mode configuration should match on the ports of each link. | |
| Port Channel Member Mismatch | Port Channel Member Mismatch | Port channel member ports should not connect to non-member ports on linked devices. | Critical | Physical | Port channel member ports should not connect to non-member ports on linked devices. | |
| Native VLAN Mismatch | Native VLAN Mismatch | Native VLAN configuration does not match on the following ports. | Critical | Physical | Native VLAN configuration of the ports on each link should match. | |
| Native VLAN Tagging Mismatch | Native VLAN Tagging Mismatch | Native VLAN Tagging does not match on the following ports. | Critical | Physical | Native VLAN tagging of the ports on each link should match. | |
| HSRP/VRRP Configuration Error | HSRP/VRRP Configuration Error | HSRP Configuration contains the following error. | Critical | Physical | Check for HSRP/VRRP configuration mismatch between Active and Standby. | |
| Device Health | Link MTU Mismatch | Link MTU Mismatch | MTU configuration of the ports on each link should match. | Moderate | Physical, Virtual | MTU configuration of the ports on each link should match. |
| HSRP/VRRP Master and STP Root Co-location | HSRP/VRRP Master and STP Root Co-location | HSRP/VRRP Master should be colocated with STP Root, if both protocols are enabled. | Moderate | Physical | HSRP/VRRP Master is not colocated with the following STP Root. |
Note:
- STIG intents are supported for the following devices only:
- Cisco ASA, Cisco ASR 1000, Cisco Catalyst, Cisco ISR 4000, and Cisco Nexus
- Palo Alto
- If a device is configured with port channel sub interfaces (that are associated with different VLANs), or configured with port mode and allowed VLANs that are configured at the port channel level, such configurations are considered while performing intent analysis for the following devices only:
- Arista switches
- Dell EMC PowerSwitch S5200 (running on OS10)
