IF Change updates

[Subordination]

Hi
 When  i run discovery, my NEDI 1.0.6 installation retains always the original location it reported for ANY nodes;
Switchport changes are not updated... I'm at a loss as to where in the nedi.conf this my emanante from, any pointers ?
Thanx,
G

[tristanbob]

On my Nedi install, a node search will show all locations that a device has been plugged in.  The most recent one can be identified by using the "last seen" field.

Tristan

[Subordination]

So  nobody has any clue what I'm missing here ??
All interfaces from the initial install are/were correct , but current discovery day-to-day
while it will update4 changes it never correct for IF Changes .... I've been over all possible
Scenarios for What I may have altered on nedi.conf to no avail. and all newly added Nodes
wind up with the Vlan interface as thier home , while existing devices retain the original Switchport
regardless of thier current location/IP ... No body can point me in a "fix' Direction on this ?

[rickli]

with -v you should be able to track what happens to a certain MAC address:

- It should appear first in a FWDC or FWDS line (one of them is on the right switchport)
- Further down it should pop up again, when the actual interface is calculated.

What switches are you using?

[Subordination]

We are a strictly Cisco Enterprise Network, originally they (the nodes) were correctly discovered, something I applied to Filter out
Phones, APs etc., seems to have halted updating Node Locations,  when I look with a -v It's almost like nedi never examines the
arp table of a switch --
////////////////////
[root@ccnetmon03v nedi]# ./nedi.pl -a 10.101.10.100 -v
...
Arp (SNMP)   ------------------------------------------------------------------
SNMP:Connect 10.101.10.100 strike2 v2 Tout:2s MaxMS:1472
ARPS:001fc90f6a7e=10.101.10.175 on Vl254 vl254
ARPS:c471feae57fe=10.101.10.190 on Vl254 vl254
ARPS:e8b748c4797e=10.101.10.100 on Vl254 vl254
ARPS:9cafca684bc1=10.101.10.171 on Vl254 vl254
ARPS:001fc90faf7e=10.101.10.196 on Vl254 vl254
ARPS:00000c07ac00=10.101.10.1 on Vl254 vl254
ARPS:b0c69a777e00=10.101.10.225 on Vl254 vl254
ARPS:00211b01b4fe=10.101.10.183 on Vl254 vl254
ARPS:9cafcae413fe=10.101.10.118 on Vl254 vl254
ARPS:001d71736ec0=10.101.10.2 on Vl254 vl254
ARPS:b0c69a752900=10.101.10.224 on Vl254 vl254
ARPS:00211b004f7e=10.101.10.192 on Vl254 vl254
ARPS:12 ARP entries found
WDEV:SNH-DC-C3750X-100 written to nedi.devices
WIF :176 interfaces written to nedi.interfaces
WMOD:19 modules written to nedi.modules
WVLN:25 vlans written to nedi.vlans
WNET:1 networks written to nedi.networks
WLNK:3 (ignoring 0 static) links written to nedi.links
DISC:ToDo/Done-Time =    0/1-3s
===============================================================================

///////////////////

the Node portion of my nedi.conf

.......

#============================================================================
# Nodes Related
#============================================================================

# Read MAC address tables from switches:
# dyn  = Dynamic forwarding on supported devices
# sec  = Read Port Security entries in addition
# snmp = Use SNMP only (will be used as fallback as well)
 getfwd dyn

# A regular expression matching the vlanids which should not be checked for nodes.
# If you are unsure leave the default ^100[0-5]$
ignoredvlans    ^10[01][0-9]$

# Ignore special MAC addresses
# HSRP 00-00-0c-07-ac-{HSRP group number (0 to 255)}
# VRRP (RFC 2338) 00-00-5e-00-01-{VRID}
# Microsoft WLBS 02bf-{last four octets are IP address}
# Ethernet broadcast ffffffffffff
ignoredmacs     ^(0000c07ac|00005e0001|02bf|[f]{12})

# regular expression matching the vlids where independant vlan learning is desired.
# This can be very useful, when the same MAC address appears in different vlans.
# Since MAC and vlanid will be used as primary key, the Router needs to return
# the vlanid in its ARP table or IP resolution will fail!
;useivl         ^2[012]0$

# Remove nodes (force IP, DNS and IF update) if inactive longer than this many days
retire          365

# Uncomment and specify path, if you want to use arpwatch for address resolution
# Use wildcard, if you want to use several files (e.g. in case of several vlans/IF)
;arpwatch       /var/arpwatch/arp*

# ARP entries per IP to detect poisoning on routers
arppoison       2


# MACs per interface  threshold to detect switch flooding
macflood        50

#============================================================================
.....

[rickli]

Aha, are the switches in question still being discovered? A MAC found in the arp cache receives a higher metric, which means the port with the lower one prevails...

[Subordination]

I run discovery @ 12 hour interval(s) with the -u and seedlists , not sure i follow what your saying about the apr cache....

[Subordination]

I'm sorry to trouble you , but when you say "A MAC found in the arp cache receives a higher metric, which means the port with the lower one prevails..." do mean the arp cache of the nedi 1.0.6 server or the switch itself . the essential problem oi have is tyhat only Switchport locations from the first discovery is accurate, if a device has moved to another switchport since that it is now wrong. in many instances the "new" location will be the Vlan Interface of the distribution rather than the current switchport... how do i correct so ongoiin discovery reflects changes >?> >?? I suspect it's something in the 'nedi.conf' but after over a month of trial and error I've yet figure out what ...

[rickli]

What's the last discovery of the switches in question? Also as I said, if you don't see any FWDC or S lines with the MAC you're looking for, it won't be updated!

[Subordination]

on my enterprise I discover all (with seeds) at 12 hour intervals (there are  apx 500-100 devices)
i NEVER Get updated switchport for ANY nodes on any device , unless the node is new , then it will adopt the L3 interface , never the switchport.  I think when i wasa trying to filter out IP Phones and APs from my Devices I somehow got my nedi to behave this way
I'm at a loss as  to how....
I don't get what your saying
< if you don't see any FWDC or S lines with the MAC you're looking for, it won't be updated!


if you could please tell me if you see this caused  in my nedi.conf

[rickli]

What color are the icons of those switches? Or in other words, are the models other than default type?

[Subordination]

they are blue (in the Nedi http Device GUI depiction ) , switches on this enterprise are predominately Cisco WS-3750, and WS-2960 (stack-ables) of various flavors...

[rickli]

Ok, on the -v output of such a device, what do you see around those lines:


Prepare (CLI)  ----------------------------------------------------------------
DISC:Cli bridge fwd = not implemented

BridgeFwd (SNMP) --------------------------------------------------------------
SNMP:Connect 10.10.10.4 public v2 Tout:10s MaxMS:1472
FWDS:Walking BridgeFwd
FWDS:00085d219bc2 on 3 Vl1 0 8
FWDS:000e08baf28f on 5 Vl1 0 14
FWDS:000c29555c17 on 4 Vl1 0 12
FWDS:00c0a8bf9549 on 5 Vl1 0 192
FWDS:0002b6356e22 on 4 Vl1 0 2

[Subordination]

Hi Rickli, thanks for the resposes,
previously postred in this thread complete -v discovery of one WS-3750X series switch. along with my edit on the 'nedi.conf' file
I haven't been able to get CLI (SSH) to work so that -v entry is as you see it , is CLI access necessary to pull arp table changes and have them reflected?
nedi did seem to be updating arp / switcport realtion ships until i corrected to filter out "SEP" and "1142" from devices
**
Prepare (CLI)  ----------------------------------------------------------------
DISC:Cli arp = not implemented
**
**
the second line
"BridgeFwd (SNMP) --------------------------------------------------------------"
does not appear anywhere in my discovery of either access (switch) or distribution (Layer3)
**
Thank s much... Gerard

[Subordination]

is CLI access during discovery a necessity to update node locations ?