NeDi Community

NeDi Software Specific => Discovery => Topic started by: Subordination on October 24, 2011, 04:22:16 PM

Title: IF Change updates
Post by: Subordination on October 24, 2011, 04:22:16 PM
Hi
 When  i run discovery, my NEDI 1.0.6 installation retains always the original location it reported for ANY nodes;
Switchport changes are not updated... I'm at a loss as to where in the nedi.conf this my emanante from, any pointers ?
Thanx,
G
Title: Re: IF Change updates
Post by: tristanbob on October 28, 2011, 09:37:34 PM
On my Nedi install, a node search will show all locations that a device has been plugged in.  The most recent one can be identified by using the "last seen" field.

Tristan
Title: Re: IF Change updates
Post by: Subordination on November 17, 2011, 05:02:25 PM
So  nobody has any clue what I'm missing here ??
All interfaces from the initial install are/were correct , but current discovery day-to-day
while it will update4 changes it never correct for IF Changes .... I've been over all possible
Scenarios for What I may have altered on nedi.conf to no avail. and all newly added Nodes
wind up with the Vlan interface as thier home , while existing devices retain the original Switchport
regardless of thier current location/IP ... No body can point me in a "fix' Direction on this ????
Title: Re: IF Change updates
Post by: rickli on November 19, 2011, 11:57:12 AM
with -v you should be able to track what happens to a certain MAC address:

- It should appear first in a FWDC or FWDS line (one of them is on the right switchport)
- Further down it should pop up again, when the actual interface is calculated.

What switches are you using?
Title: Re: IF Change updates
Post by: Subordination on November 21, 2011, 04:21:58 PM
We are a strictly Cisco Enterprise Network, originally they (the nodes) were correctly discovered, something I applied to Filter out
Phones, APs etc., seems to have halted updating Node Locations,  when I look with a -v It's almost like nedi never examines the
arp table of a switch --
////////////////////
[root@ccnetmon03v nedi]# ./nedi.pl -a 10.101.10.100 -v
...
Arp (SNMP)   ------------------------------------------------------------------
SNMP:Connect 10.101.10.100 strike2 v2 Tout:2s MaxMS:1472
ARPS:001fc90f6a7e=10.101.10.175 on Vl254 vl254
ARPS:c471feae57fe=10.101.10.190 on Vl254 vl254
ARPS:e8b748c4797e=10.101.10.100 on Vl254 vl254
ARPS:9cafca684bc1=10.101.10.171 on Vl254 vl254
ARPS:001fc90faf7e=10.101.10.196 on Vl254 vl254
ARPS:00000c07ac00=10.101.10.1 on Vl254 vl254
ARPS:b0c69a777e00=10.101.10.225 on Vl254 vl254
ARPS:00211b01b4fe=10.101.10.183 on Vl254 vl254
ARPS:9cafcae413fe=10.101.10.118 on Vl254 vl254
ARPS:001d71736ec0=10.101.10.2 on Vl254 vl254
ARPS:b0c69a752900=10.101.10.224 on Vl254 vl254
ARPS:00211b004f7e=10.101.10.192 on Vl254 vl254
ARPS:12 ARP entries found
WDEV:SNH-DC-C3750X-100 written to nedi.devices
WIF :176 interfaces written to nedi.interfaces
WMOD:19 modules written to nedi.modules
WVLN:25 vlans written to nedi.vlans
WNET:1 networks written to nedi.networks
WLNK:3 (ignoring 0 static) links written to nedi.links
DISC:ToDo/Done-Time =    0/1-3s
===============================================================================

///////////////////

the Node portion of my nedi.conf

.......

#============================================================================
# Nodes Related
#============================================================================

# Read MAC address tables from switches:
# dyn  = Dynamic forwarding on supported devices
# sec  = Read Port Security entries in addition
# snmp = Use SNMP only (will be used as fallback as well)
 getfwd dyn

# A regular expression matching the vlanids which should not be checked for nodes.
# If you are unsure leave the default ^100[0-5]$
ignoredvlans    ^10[01][0-9]$

# Ignore special MAC addresses
# HSRP 00-00-0c-07-ac-{HSRP group number (0 to 255)}
# VRRP (RFC 2338) 00-00-5e-00-01-{VRID}
# Microsoft WLBS 02bf-{last four octets are IP address}
# Ethernet broadcast ffffffffffff
ignoredmacs     ^(0000c07ac|00005e0001|02bf|[f]{12})

# regular expression matching the vlids where independant vlan learning is desired.
# This can be very useful, when the same MAC address appears in different vlans.
# Since MAC and vlanid will be used as primary key, the Router needs to return
# the vlanid in its ARP table or IP resolution will fail!
;useivl         ^2[012]0$

# Remove nodes (force IP, DNS and IF update) if inactive longer than this many days
retire          365

# Uncomment and specify path, if you want to use arpwatch for address resolution
# Use wildcard, if you want to use several files (e.g. in case of several vlans/IF)
;arpwatch       /var/arpwatch/arp*

# ARP entries per IP to detect poisoning on routers
arppoison       2


# MACs per interface  threshold to detect switch flooding
macflood        50

#============================================================================
.....
Title: Re: IF Change updates
Post by: rickli on November 21, 2011, 07:38:05 PM
Aha, are the switches in question still being discovered? A MAC found in the arp cache receives a higher metric, which means the port with the lower one prevails...
Title: Re: IF Change updates
Post by: Subordination on November 21, 2011, 09:29:54 PM
I run discovery @ 12 hour interval(s) with the -u and seedlists , not sure i follow what your saying about the apr cache....
Title: Re: IF Change updates
Post by: Subordination on November 23, 2011, 03:54:59 PM
I'm sorry to trouble you , but when you say "A MAC found in the arp cache receives a higher metric, which means the port with the lower one prevails..." do mean the arp cache of the nedi 1.0.6 server or the switch itself . the essential problem oi have is tyhat only Switchport locations from the first discovery is accurate, if a device has moved to another switchport since that it is now wrong. in many instances the "new" location will be the Vlan Interface of the distribution rather than the current switchport... how do i correct so ongoiin discovery reflects changes >?> >?? I suspect it's something in the 'nedi.conf' but after over a month of trial and error I've yet figure out what ...
Title: Re: IF Change updates
Post by: rickli on November 23, 2011, 11:44:20 PM
What's the last discovery of the switches in question? Also as I said, if you don't see any FWDC or S lines with the MAC you're looking for, it won't be updated!
Title: Re: IF Change updates
Post by: Subordination on November 25, 2011, 04:40:25 PM
on my enterprise I discover all (with seeds) at 12 hour intervals (there are  apx 500-100 devices)
i NEVER Get updated switchport for ANY nodes on any device , unless the node is new , then it will adopt the L3 interface , never the switchport.  I think when i wasa trying to filter out IP Phones and APs from my Devices I somehow got my nedi to behave this way
I'm at a loss as  to how....
I don't get what your saying
< if you don't see any FWDC or S lines with the MAC you're looking for, it won't be updated!


if you could please tell me if you see this caused  in my nedi.conf
Title: Re: IF Change updates
Post by: rickli on November 25, 2011, 11:27:47 PM
What color are the icons of those switches? Or in other words, are the models other than default type?
Title: Re: IF Change updates
Post by: Subordination on November 26, 2011, 01:30:55 AM
they are blue (in the Nedi http Device GUI depiction ) , switches on this enterprise are predominately Cisco WS-3750, and WS-2960 (stack-ables) of various flavors...
Title: Re: IF Change updates
Post by: rickli on November 27, 2011, 12:38:23 AM
Ok, on the -v output of such a device, what do you see around those lines:


Prepare (CLI)  ----------------------------------------------------------------
DISC:Cli bridge fwd = not implemented

BridgeFwd (SNMP) --------------------------------------------------------------
SNMP:Connect 10.10.10.4 public v2 Tout:10s MaxMS:1472
FWDS:Walking BridgeFwd
FWDS:00085d219bc2 on 3 Vl1 0 8
FWDS:000e08baf28f on 5 Vl1 0 14
FWDS:000c29555c17 on 4 Vl1 0 12
FWDS:00c0a8bf9549 on 5 Vl1 0 192
FWDS:0002b6356e22 on 4 Vl1 0 2
Title: Re: IF Change updates
Post by: Subordination on November 28, 2011, 04:59:19 PM
Hi Rickli, thanks for the resposes,
previously postred in this thread complete -v discovery of one WS-3750X series switch. along with my edit on the 'nedi.conf' file
I haven't been able to get CLI (SSH) to work so that -v entry is as you see it , is CLI access necessary to pull arp table changes and have them reflected?
nedi did seem to be updating arp / switcport realtion ships until i corrected to filter out "SEP" and "1142" from devices
**
Prepare (CLI)  ----------------------------------------------------------------
DISC:Cli arp = not implemented
**
**
the second line
"BridgeFwd (SNMP) --------------------------------------------------------------"
does not appear anywhere in my discovery of either access (switch) or distribution (Layer3)
**
Thank s much... Gerard
Title: Re: IF Change updates
Post by: Subordination on November 30, 2011, 07:06:22 PM
is CLI access during discovery a necessity to update node locations ?
Title: Re: IF Change updates
Post by: rickli on November 30, 2011, 08:49:48 PM
No, you don't.. Do you have getfwd set in nedi.conf?
Title: Re: IF Change updates
Post by: Subordination on November 30, 2011, 10:48:43 PM
yes;
[root@ccnetmon03v nedi]# cat nedi.conf | grep getfwd
 getfwd dyn
[root@ccnetmon03v nedi]#

...#============================================================================
# Nodes Related
#============================================================================

# Read MAC address tables from switches:
# dyn  = Dynamic forwarding on supported devices
# sec  = Read Port Security entries in addition
# snmp = Use SNMP only (will be used as fallback as well)
 getfwd dyn
Title: Re: IF Change updates
Post by: Subordination on December 02, 2011, 08:24:59 PM
it would be really good if i could get interface associations to update, I remain at a loss as to why they do not, everything i've seen in your documentation tells me i have it correct, yet i must be missing something ....
Title: Re: IF Change updates
Post by: rickli on December 02, 2011, 11:26:26 PM
Sorry for my stupid question, you showed at least 2 times before  :-[ And even worse, I overlooked that little space in front of getfwd! Delete it and try again...
Title: Re: IF Change updates
Post by: Subordination on December 05, 2011, 03:43:56 PM
whitespace ... omg thank you so much
Title: Re: IF Change updates
Post by: Subordination on December 05, 2011, 05:04:59 PM
ok it updates, but now in some instances it prefers what it knows to what it's leaned ; e.g.,
-------------------------
MAIN:1 devices discovered
UPDT:system SET value="1323100033" WHERE name="nodlock"
MAIN:Nodes table locked at Mon Dec  5 10:49:50 2011
RNOD:38825 nodes read () from nedi.nodes

BuildNod     ------------------------------------------------------------------
NODE:002584a3b2fd          M2304 (SNW-EAST-C3750-5 Fa8/0/43 M4096) old IF kept SNW-EAST-C6504-1 Vl272 M2304

-----------------

how do i make it prefere the switchport over the (existing) Vlan ?
Title: Re: IF Change updates
Post by: rickli on December 05, 2011, 11:30:06 PM
set retire to 1 and give it a few days to adjust. Then move it back to what you had before. This will just force node interfaces being updated each day...
Title: Re: IF Change updates
Post by: Subordination on December 06, 2011, 01:18:37 PM
Thank you sir
Title: Re: IF Change updates
Post by: rickli on December 06, 2011, 10:07:48 PM
Well I hope this does the trick, let me know if it doesn't...