It’s been a week, and in the meantime my coworker, Hörður, has been deploying WLC and virtual-WLC and whatnot, and we’re very quickly getting into “which IP address was” discussions.
Sure, we each had our own text document in Sublime that we used to keep a track of IP addresses, but we all know that that doesn’t provide any good end result or help us in the long run.
To address this issue I deployed a new Windows 2016 server, called “mm.escort.is”, which I will install the IPAM suite from Men & Mice on.
(While I wait for the windows server install I uploaded “Cisco_FTD_SSP_FP2K_Upgrade-6.2.3-83.sh.REL.tar” to the FMC and proceeded to upgrade the FirePower-2110 appliance to 6.2.3. I expect that will take a while as well. )
The win2016 server is up, and I proceed with the “win-x w” key sequence to go to network connections, edit the ethernet adapter and add a static IP address, which we selected 10.208.1.30 for, and then joined it to the active directory domain.
Following the reboot the first thing I did was to enable remote desktop connections, since it’s not good for your mental health to use vmware remote console for more than 1 hour a day, doctors say.
Now, logging in via RDP, I went to menandmice.com download page and downloaded the following:
- Men & Mice Central
- Men & Mice Server Controllers
- Men & Mice Web Application & Web Interface
- Men & Mice Management console (we need that for first time use even if we plan on using the web interface.)
We noticed that during the M&M downloads it reminded us that for the web interface to work we (obviously?) need a web server running on the server.
Going into Server Manager – Add roles – adding the “Web Server (IIS)” role was what we did before proceeding with the M&M installation.
The M&M installation is basically next-next-finish, so nothing we need to document there.
Before I am able to allow M&M to manage the AD DNS & DHCP, we need to create an active-directory user with the correct permissions to the AD.
Normally you would use M&M documentation (or their help), but I’m taking a shortcut and giving the “srv.ipam” user full AD admin permissions. (I created a subtask to revisit this later.)
I can now go to http://mm.escort.is and log in while I add a background task to my brain to think about how I am going to add a certificate to this web interface.
I’ve installed a version of M&M that I haven’t used before, and I’m not familiar with the new web interface, but it’s fairly straightforward.
My first task is to create a reverse (PTR) zones for my environment.
Being able to resolve mm.escort.is to 10.208.1.30 is great, but we want to be able to resolve 10.208.1.30 to mm.escort.is as well, and Microsoft’s DNS doesn’t do anything automatically.
(Also, when you get to Cisco ISE installation, as well as a few other products, a correct reverse [PTR] record is mandatory for a successful installation.)
So “DNS” on the top menu -> ALL ZONES-> +Create
And we create zones for “1.208.10.in-addr.arpa” and “254.208.10.in-addr.arpa”
Next we go ito the Networks “tab”, “IP RANGES” (why do they have it in all caps?) and +CREATE
And I created the following three networks:
- 10.208.0.0/16 named “LAB-Network”
- 10.208.1.0/24 named “LAB-Servers-1”
- 10.208.254.0/24 named “LAB-Management-1”
Now there’s some basic housekeeping for Men and Mice that we need to go into that I won’t cover here, but basically narrows down to:
- Set a discovery schedule for M&M to ping the subnets to find hosts.
- Add SNMP to the L3 switch so M&M can query it’s ARP table to find hosts.
- Use M&M to fix the PTR records.
- Create any custom fields (I always add 1 or 2) if needed.
- Making it use Active Directory for logins.
But basically we can start using M&M for IPAM management now.