vRealize Network Insight supports the following intent types.
| Group (Category) | Intent Type | Name | UI Name | Severity | Virtual/Physical | Description |
|---|---|---|---|---|---|---|
| STIG | Account Password Protection | Account Not Password Protected | Administrative account access is not password protected on the following devices. | High | Physical | The network device must be password protected for administrative access. |
| Console Access Password Protection | Console Access Not Password Protected | Console port access is not password protected on the following devices. | High | Physical | The network device must require authentication for console access. | |
| Default Password Existence | Default Password Existence | Default manufacturer password is used on the following devices. | High | Physical | The network device must not have any default manufacturer passwords. | |
| Management Connection Password Protection | Management Connection Not Password Protected | Management port access is not password protected on the following devices. | High | Physical | The network device must require authentication prior to establishing a management connection for administrative access. | |
| Plaintext Password Visibility | Plaintext Password Visibility | Plaintext passwords are visible on the following devices. | High | Physical | The network device must not have plaintext passwords. | |
| Network Health | Duplex Mismatch | Duplex Mismatch | Duplex configuration does not match on the following ports. | Critical | Physical, Virtual | Port duplex configuration of the ports on each link should match. |
| Duplicate IP Address | Duplicate IP Address | Duplicate IP address has been configured on the following interfaces. | Critical | Physical | Duplicate IP address should not be configured on multiple interfaces. | |
| Duplicate MAC Address | Duplicate MAC Address | Duplicate MAC address has been configured on the following interfaces. | Critical | Physical | Duplicate MAC address should not be configured on multiple interfaces. | |
| HSRP/VRRP Configuration Error | HSRP/VRRP Configuration Error | HSRP Configuration contains the following error. | Critical | Physical | Check for HSRP/VRRP configuration mismatch between Active and Standby. | |
| Loop Detection | Loop Detection | Network contains the following loop. | Critical | Physical, Virtual | Network should be loop free. | |
| Native VLAN Mismatch | Native VLAN Mismatch | Native VLAN configuration does not match on the following ports. | Critical | Physical | Native VLAN configuration of the ports on each link should match. | |
| Native VLAN Tagging Mismatch | Native VLAN Tagging Mismatch | Native VLAN Tagging does not match on the following ports. | Critical | Physical | Native VLAN tagging of the ports on each link should match. | |
| Port Channel Member Mismatch | Port Channel Member Mismatch | Port channel member ports should not connect to non-member ports on linked devices. | Critical | Physical | Port channel member ports should not connect to non-member ports on linked devices. | |
| Port Mode Mismatch | Port Mode Mismatch | Port mode configuration does not match on the following ports. | Critical | Physical | Port mode configuration should match on the ports of each link. | |
| Reachability | Reachability Failure | Network endpoints should be reachable. | Critical | Physical, Virtual | Network endpoints should be reachable. | |
| STP Path Cost Method Inconsistency | STP Path Cost Method Consistency | Inconsistent STP path cost methods have been configured on the following switches. | Moderate | Physical | STP path cost calculation methods should be consistent among switches. | |
| Segmentation | Segmentation Failure | Network endpoints should be segmented. | Critical | Physical, Virtual | Network endpoints should be segmented.
Note: Segmentation Intent verifies that specified source cannot communicate with destination, even using spoofed source IP addresses.
|
|
| Trunk VLAN Mismatch | Trunk VLAN Mismatch | Allowed VLANs configuration does not match on the following trunk ports. | Critical | Physical, Virtual | Allowed VLANs configuration should match on the ports of each trunk link. | |
| Device Health | HSRP/VRRP Active STP Root Colocation | HSRP/VRRP Active STP Root Colocation | HSRP/VRRP Active should be colocated with STP Root, if both protocols are enabled. | Moderate | Physical | HSRP/VRRP Active is not colocated with the following STP Root. |
| MTU Mismatch | MTU Mismatch | MTU configuration of the ports on each link should match. | Moderate | Physical, Virtual | MTU configuration of the ports on each link should match. |
Note:
- STIG intents are supported for the following devices only:
- Cisco ASA, Cisco ASR 1000, Cisco Catalyst, Cisco ISR 4000, and Cisco Nexus
- Palo Alto
- The STP Path Cost Method Inconsistency intent is supported only for Cisco Catalyst and Cisco Nexus devices.
- If a device is configured with port channel sub interfaces (that are associated with different VLANs), or configured with port mode and allowed VLANs that are configured at the port channel level, such configurations are considered while performing intent analysis for the following devices only:
- Arista switches
- Dell EMC PowerSwitch S5200 (running on OS10)
