Network Services

• Campus Network
• Network Upgrade
• Wireless
• Remote Access
• Internet2
• VPN
• DATN
• Network Graphs
• Policies and Standards
• Instructor-led Firewall Service Administration Training
• Online Firewall Service Administration Training

Network Upgrade

• Vision & Objective
• Plan/Status
• FAQs

Network Upgrade

Authorized Agent Network Tool Suite (AANTS)
Frequently Asked Questions

1. What tools are available in AANTS?
   There are a number of options you have in the navbar (navigation bar) when you log into the AANTS web page.
   
   

   EdgeConf
   EdgeConf is a tool which allows authorized agents to administer the switch ports on the ethernet gear at the edge of the campus network. This tool allows allows
   campus LAN administrators to configure the switch ports that serve their deparment for their users on demand, rather than having to interact with DoIT Network Services to make configuration changes on their behalf.

   GetDeviceStatus
   This tool polls network devices via SNMP and provides information on current device status.

   LookingGlass
   LookingGlass is a tool that enables authorized agents to issue commands directly on the gear which serves their LAN. The commands are so-called "show" commands - those which are useful for troubleshooting.
   The LookingGlass also enables authorized agents to view the ethernet switch logs.

   MailByVlan
   MailByVlan allows users to choose one or more VLANs and send email to the persons who administer those VLANs. This is useful, for example, when you need the administrator of another VLAN to free a port on a device you administer so that you can place it in a VLAN you control.

   My Firewalls
   This tool allows campus Firewall admins to perform the following functions:

   1. Log into their firewall devices and configure them using the built-in GUI.
   2. Access graphs and statistics about their firewall contexts.
   3. Browse through log files related to their firewall contexts.

   NetStats
   NetStats is a set of time-series graphs of statistics gathered from network devices such as routers and switches. Typically these are router interface or switch port statistics that indicate how many packets or bytes have passed through that interface or port, from which utilization can be determined. Interface and port errors are also counted and presented. We use popular freely-available tools such as FlowScan and MRTG to gather and present these statistics.

   NetWatch
   NetWatch is a tool which allows authorized agents to find where a host is located, given an MAC or IP address. It can also show which ethernet hosts are connected to which switch ports on a per-switch basis. NetWatch does this by querying a relational database containing records of the IP-to-MAC-address relationship over time and also which MAC addresses are seen on which ports and when.

   Port Stats Search
   Allows users to perform various types of statistical searches on ports. Various targets can be searched and most active ports can be determined using a variety of criteria.

   Port Text Search
   The Port Text Search tool allows users to perform text searches of port descriptions and patch/jack descriptions in the EdgeConf database and the Field Services database. Wildcard characters are permitted. Returned ports are hot-linked to bring up the EdgeConf port configuration tool.

   Port Use Auditor
   Allows the user to determine the number of ports used in the past n days on a device, room, or building basis.

   Super-User Tools
   Tools which can be accessed by UW NOC staff and DoIT Network Engineers. These tools are potentially more dangerous, or expose sensitive information, so their use is restricted to authorized staff.

   Vlan Finder
   The Vlan Finder tool tool allows the user to select one or more VLANs and locate the devices and ports on the network which are configured to carry those VLANs. The 'Hotlink Items' option allows users to click on device names and be taken to the EdgeConf port configuration tool. Users can choose between text-only output or formatted HTML table output.

   Who Am I?
   "Who Am I?" is a tool to show you information about yourself. It will show you your contact information used by the Network Operations Center (NOC) and by network management systems. It will also show you the aants groups to which you belong, which vlans aants believes you administer, and which ethernet switches you are allowed to change using EdgeConf.

   WiscNIC
   WiscNIC is the Network Information Center for UW-Madison's campus network. It contains configuration information about which IP addresses and VLANs have been assigned to departments, and who. WiscNIC also contains information about how particular campus subnets or IP addresses are being routed by the campus backbone gear. For instance, it can help you to determine you whether or not a given campus host IP address is currently black-holed due to network abuse. See the WiscNIC Frequently Asked Questions list for more information.

   WiscNIC Update
   Provides various functions related to the WiscNIC database, depending on a user's status. Not all users will have access to all functions. Potential functions include:

   1. Add or remove yourself or another user to WiscNIC.
   2. Update or change your WiscNIC contact information, or that of another user.
   3. Add or remove yourself or another user to a VLAN or subnet.

   XXI NetStats
   You will find informative graphs and statistics here related to the XXI Campus Network.

2. How Do I Sign Up For Authorized Agent Training?
   There is a link on the main AANTS page which will take you to an information page about Authorized Agent Training. You can also go there directly by using the URL http://ns.doit.wisc.edu/21CN/AuthorizedAgentTraining.htm

3. What is the "Mailing List Archive" [in the web navbar]?
   This is an archive of the general mailing list which has all aants users as its recipients. Its purpose is for aants administrators in DoIT to keep users apprised of goings-on.

4. Where should I get started in aants?
   One of the best ways to get started with aants is to use the various "Who am I?" features.

   • NetWatch Who Am I?
     This tool will help you find the switch port(s) on which the MAC address was learned for the IP host on which your web browser appears to be running.
   
   
   • aants Who Am I?
     This tool can help to determine what you are authorized to do in aants and to troubleshoot when trying to determine why access might be denied.
   
   
   • WiscNIC Who Am I?
     This tool will show you the information in WiscNIC regarding the IP address of the host on which your web browser appears to be running.

5. Why am I asked to reauthenticate myself when choosing options from the navbar?
   This is an side-effect of our using a simple authentication method with multiple web servers to implement aants, such as https://aants.net.wisc.edu and https://wiscnic.doit.wisc.edu. Multiple servers were advantageous to distribute the load.

6. How do I change my aants password?
   aants uses your UW-Madison campus NetID for user authentication. You can administer such things by visiting the "My NetID" section of my.wisc.edu.

7. Whom do I contact if I have questions, bug reports, or feature requests?
   Users can contact the aants administration team at: aants-admin@net.doit.wisc.edu

8. How often are MAC addresses learnt by NetWatch?
   MAC addresses are updated in NetWatch's database in two ways:

   • by periodic polling of the switches via SNMP
     For Cisco Catalyst switches this is done by the catwatch utility.
   • the switches should be configured to send the new MAC address to NetWatch (as an SNMP trap) whenever the MAC is learnt. These traps are received by mactrapper.
   
   The "watch" and "trapper" utilities maintain relational database tables that you can query using NetWatch.
   So, when you plug a machine onto a port, and that machine then generates an ethernet frame, NetWatch (and EdgeConf forms which display it) should show that new value immediately.

   In the rare cases in which a machine is continually producing traffic, the switch will not repeatedly relearn the address (since it already knows that MAC is on the given port); so AANTS will only periodically re-discover that address by polling. Currently each switch is polled on the order of every few hours or so, but this has been slowing as more switches have been added to the new campus network.

   When you use NetWatch to display the MACs on a switch, it shows the date it was recorded (as long as you don't uncheck the "with dates" box). Some other AANTS forms don't have room to display all that info.

   If you suspect that NetWatch is showing incorrect or out-of-date MAC information for a port, consider using LookingGlass to examine the mac-address-table for that interface/port. This can be done using the "show mac-address-table interface" query. If you find that it differs and you believe NetWatch is in error, please notify the AANTS administrators of the issue via aants-admin@net.doit.wisc.edu, including these details: the date and time of the problem, the switch name, the port, and the MAC and/or IP addresses in question.

Division of Information Technology - UW-Madison
Feedback, questions or accessibility issues | Privacy policy
Copyright © 2009 The Board of Regents of the University of Wisconsin System