vRealize Network Insight supports the following intent types.

Group (Category) Intent Type Name UI Name Severity Virtual/Physical Description
STIG Account Password Protection Account Not Password Protected Administrative account access is not password protected on the following devices. High Physical The network device must be password protected for administrative access.
Console Access Password Protection Console Access Not Password Protected Console port access is not password protected on the following devices. High Physical The network device must require authentication for console access.
Default Password Existence Default Password Existence Default manufacturer password is used on the following devices. High Physical The network device must not have any default manufacturer passwords.
Management Connection Password Protection Management Connection Not Password Protected Management port access is not password protected on the following devices. High Physical The network device must require authentication prior to establishing a management connection for administrative access.
Plaintext Password Visibility Plaintext Password Visibility Plaintext passwords are visible on the following devices. High Physical The network device must not have plaintext passwords.
Network Health Duplex Mismatch Duplex Mismatch Duplex configuration does not match on the following ports. Critical Physical, Virtual Port duplex configuration of the ports on each link should match.
Duplicate IP Address Duplicate IP Address Duplicate IP address has been configured on the following interfaces. Critical Physical Duplicate IP address should not be configured on multiple interfaces.
Duplicate MAC Address Duplicate MAC Address Duplicate MAC address has been configured on the following interfaces. Critical Physical Duplicate MAC address should not be configured on multiple interfaces.
HSRP/VRRP Configuration Error HSRP/VRRP Configuration Error HSRP Configuration contains the following error. Critical Physical Check for HSRP/VRRP configuration mismatch between Active and Standby.
Loop Detection Loop Detection Network contains the following loop. Critical Physical, Virtual Network should be loop free.
Native VLAN Mismatch Native VLAN Mismatch Native VLAN configuration does not match on the following ports. Critical Physical Native VLAN configuration of the ports on each link should match.
Native VLAN Tagging Mismatch Native VLAN Tagging Mismatch Native VLAN Tagging does not match on the following ports. Critical Physical Native VLAN tagging of the ports on each link should match.
Port Channel Member Mismatch Port Channel Member Mismatch Port channel member ports should not connect to non-member ports on linked devices. Critical Physical Port channel member ports should not connect to non-member ports on linked devices.
Port Mode Mismatch Port Mode Mismatch Port mode configuration does not match on the following ports. Critical Physical Port mode configuration should match on the ports of each link.
Reachability Reachability Failure Network endpoints should be reachable. Critical Physical, Virtual Network endpoints should be reachable.
STP Path Cost Method Inconsistency STP Path Cost Method Consistency Inconsistent STP path cost methods have been configured on the following switches. Moderate Physical STP path cost calculation methods should be consistent among switches.
Segmentation Segmentation Failure Network endpoints should be segmented. Critical Physical, Virtual Network endpoints should be segmented.
Note: Segmentation Intent verifies that specified source cannot communicate with destination, even using spoofed source IP addresses.
Trunk VLAN Mismatch Trunk VLAN Mismatch Allowed VLANs configuration does not match on the following trunk ports. Critical Physical, Virtual Allowed VLANs configuration should match on the ports of each trunk link.
Device Health HSRP/VRRP Active STP Root Colocation HSRP/VRRP Active STP Root Colocation HSRP/VRRP Active should be colocated with STP Root, if both protocols are enabled. Moderate Physical HSRP/VRRP Active is not colocated with the following STP Root.
MTU Mismatch MTU Mismatch MTU configuration of the ports on each link should match. Moderate Physical, Virtual MTU configuration of the ports on each link should match.
Note:
  • STIG intents are supported for the following devices only:
    • Cisco ASA, Cisco ASR 1000, Cisco Catalyst, Cisco ISR 4000, and Cisco Nexus
    • Palo Alto
  • The STP Path Cost Method Inconsistency intent is supported only for Cisco Catalyst and Cisco Nexus devices.
  • If a device is configured with port channel sub interfaces (that are associated with different VLANs), or configured with port mode and allowed VLANs that are configured at the port channel level, such configurations are considered while performing intent analysis for the following devices only:
    • Arista switches
    • Dell EMC PowerSwitch S5200 (running on OS10)