Scribd Logo
Upload

Welcome to Scribd!

  • Scenario: Application Intelligence: Description

    Uploaded by

    Abdias Vazquez Martinez
    5 views5 pages

    Original Title

    17_NSI_Labn5.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views5 pages

    Scenario: Application Intelligence: Description

    Uploaded by

    Abdias Vazquez Martinez

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

     

    Lab 5
    Scenario: Application Intelligence

    Overview

    Description
    This lab introduces you to Pravail NSI Application Intelligence appliance.
    You will learn about essential steps to install and configure application
    intelligence as well as how to use application intelligence in traffic reports.
    This lab is divided into the following parts:
    • Installation of Pravail NSI AI device
    • Initial CLI configuration using wizard
    • Usage of application intelligence

    Setup
    Pravail NSI AI device will be getting copy of network traffic on pcc0
    interface. Mgt0 interface of Pravail NSI AI is connected will be used for
    communication with Pravail NSI Controller.

    L5-1
    Student 17
    Application intelligence in Pravail NSI
    Lab 5

     
    Internet

    flow0

    Pravail NSI
    Controller

    pcc0 mgt0

    Pravail NSI AI

    LAN
    AuthX agent
    on AD controller

    Objectives
    After completing this lab, you will be able to do the following:
    • Perform installation and initial configuration of Pravail NSI AI;

    • Use application intelligence information in traffic analysis.

    Equipment/Tools
    The following equipment is required to complete this lab:
    • web browser (Chrome or Firefox)
    When accessing training labs, you will be prompted for Training Portal
    Authentication. Use following credentials:

    • Login: student17
    • Password: 44AYJCgf82

    Estimated Completion Time


    • The estimated completion time for this lab is 60 minutes.

    Pravail NSI AI Installation

    Serial console access


    In this section you will use web SSH client to connect to the console server,
    managing serial console port of your Pravail NSI AI lab appliance.
    Console server address: https://cli.training.arbor.net/ssh/
    L5-2 Student 17 Pravail NSI 5.5
    Lab 5 Application intelligence in Pravail NSI

    Host/IP: 10.2.25.129
    Port: 22
    User: student17
    Password: 44AYJCgf82

    1. To access Pravail NSI AI serial console press 3

    2. After you have successfully completed step above, ask instructor to


    start your Pravail NSI AI instance

    Installation process
    In this section we will perform initial installation steps. These steps are
    typically performed on new Pravail NSI appliance after power on.
    1. Wait while Pravail NSI installation process prepares hard drive and
    copies necessary software packages. This process may take up to half
    an hour.
    2. Set system hostname to AI-LAB17
    3. Set IP address of mgt0 interface to 192.168.117.18
    4. Set Network mask of interface mgt0 to 255.255.255.240
    5. Skip media setting for interface mgt0 (press Enter)
    6. Skip IP configuration for interface flow0 (press Enter)
    7. Skip default gateway configuration (press Enter)
    8. Skip BGP, FTP, HTTP and HTTPS ACL configuration (press Enter)
    9. Permit ICMP Ping access from any network – type 0.0.0.0/0 as the first
    entry and confirm that there are no more entries by pressing enter for [done]
    10. Skip SNMP, Telnet, TFTP and VRRP ACL configuration (press Enter)
    11. Permit SSH access from any network – type 0.0.0.0/0 as the first entry and
    confirm that there are no more entries by pressing enter for [done]
    12. Check that current date/time matches actual clock in UTC time zone.
    Format of the string is MMDDhhmm[[CC]YY][.ss]

    Initial CLI configuration


    In this section, you will learn how to perform initial system configuration
    via CLI. This includes changing admin user password, configuring DNS
    service, entering license key and starting Pravail APS service.
    1. Log into the CLI using default login credentials of admin/arbor

    Student 17 L5-3
    Application intelligence in Pravail NSI
    Lab 5

    2. Use services aaa local password admin interactive command to


    change admin user password. Change admin password to 44AYJCgf82
    3. Set license key using following command (license key is typically
    provided by ATAC)
    / system license set Pravail-NSI "nsi-model: PRA-NSI-5003AI expires: 1451679608"
    7VX0P-8D1YR-BM7H5-063KP-RVXCS-PRS0G-VZ8VS-YRYMH-9YF4P
    4. Initialize Pravail NSI databases
    services nsi database initialize
    5. Configure interface pcc0 as a promiscuous interface
    services nsi interface add pcc0 promisc
    6. Bring interface pcc0 up
    ip interfaces ifconfig pcc0 up
    7. Configure communication with Pravail NSI Controller
    services nsi sendto add 192.168.117.17 student17
    8. Start Pravail NSI service
    services nsi start
    Initial start of Pravail NSI service may take few minutes.
    9. Save configuration
    config write

    GUI verification
    1. After few minutes log into your Pravail NSI Controller
    https://pod17.training.arbor.net/
    using credentials you have configured on the Controller in lab 1. Note
    that you will be presented with proxy authentication first, use your
    student login:
    student17
    2. Navigate to Summary page.
    3. Check that your AI device appears in System Information and status is
    Good.
    4. Click on AI device name to see current load.

    L5-4 Student 17 Pravail NSI 5.5


    Lab 5 Application intelligence in Pravail NSI

    Usage of application intelligence

    Web dashboard and URL Log


    1. After 10 minutes of Pravail NSI AI operation navigate to
    Explore->Web
    2. Study Web Dashboard: Top URLs and HTTP Content Types reports
    3. Let’s see who of enterprise users is checking their personal e-mail on
    mail.ru. To get this information type mail.ru in URL Destinations and
    click Search
    4. Note that you can refine results by clicking limit to… link in user
    context menu
    5. Save Historical URL log using Export Data tool on Arbor Smart Bar

    Using application intelligence in Flowlog


    Let’s see what DNS requests are performed by users through public
    Google DNS servers (8.8.8.8 and 8.8.4.4)
    1. Navigate to Explore->Flows
    2. Click on Magnifying glass icon and type following FCAP
    (8.8.8.8/32 or 8.8.4.4/32) and udp/53
    3. Click Search
    4. Note that Extended Attributes column now contains requested domains

    This completes the lab exercise.

    Student 17 L5-5

    You might also like