Discovery not walking CDP neighbors - NeDi 1.08

[becitops]

NeDi ver: 1.08
Kernel/cpu: Linux 3.5.0-30-generic on x86_64
Distro:  Ubuntu 12.04.2
WWW: Apache version 2.2.22
DB: MySQL version 5.5.31

UPDATE: this thread is solved.  See below.  The regex for nosnmpdev I had configured in nedi.conf was the cause.  Thanks to Remo for solving the mystery.

Problem:  CDP Discovery (./nedi.pl -v -r -p) only adds directly connected neighbors of a seed device to DB(discovery does not walk neighbors for additional devices).

The seedlist consists of a core L3 switch which has visibility of the entire network.  However when doing a discovery, only the seed device & directly connected devices of the seed are added to the DB.  Discovery doesn't bother interrogating the neighbors for additional devices.  Yet a manual discovery of a given downstream neighbor will pick up additional devices & add them to the DB (see below). No apparent errors when running discovery. 

What am I doing wrong?  Thanks in advance!

Attached graphic shows one such neighbor of the seed (switch32) that does not get interrogated despite having many downstream neighbors:

switch32#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1   DL switch60     connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/2   DL switch117     connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/3   DL switch10      connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/4   DL ap-po1          connected    799        a-full a-1000 10/100/1000BaseTX
Gi1/0/5   DL switch110    connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/17  DL ap-po1109       connected    799        a-full a-1000 10/100/1000BaseTX
Gi1/0/18  DL swinet-po1      connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/19  DL switch32-5 g0/1 connected    32         a-full a-1000 10/100/1000BaseTX
Gi1/0/20  DL switch32-6 f0/2 connected    32           full  a-100 10/100/1000BaseTX
Gi1/0/21  DL switch32-7 g0/1 connected    32         a-full a-1000 10/100/1000BaseTX
Gi1/0/22  DL switch32-8 g0/1 connected    32         a-full a-1000 10/100/1000BaseTX
Gi1/0/23  DL switch32-9 g0/1 connected    32         a-full a-1000 10/100/1000BaseTX
Gi1/0/24  DL switch32-10 g0/ connected    32         a-full a-1000 10/100/1000BaseTX
Gi1/0/28  UL switch2 g2/13   connected    trunk      a-full a-1000 1000BaseSX SFP

[should the discovery be picking these up?]

switch32#sh cdp nei 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID           Local Intrfce         Holdtme   Capability    Platform   Port ID
switch60            Gig 1/0/1             140             S       WS-C2960G-Gig 0/48
switch117           Gig 1/0/2             147            S I      WS-C2950G-Gig 0/1
switch10            Gig 1/0/3             116            S I      WS-C3750G-Gig 1/0/24
ap-po1              Gig 1/0/4             129             T       AIR-LAP114Gig 0
switch110           Gig 1/0/5             123            S I      WS-C2950T-Gig 0/2
ap-po1109           Gig 1/0/17            153             T       AIR-LAP114Gig 0
swinet-po1          Gig 1/0/18            150            T S      WS-C3548-XGig 0/2
switch32-5          Gig 1/0/19            134            S I      WS-C2950G-Gig 0/1
switch32-6          Gig 1/0/20            165            S I      WS-C2950-2Fas 0/24
switch32-7          Gig 1/0/21            153            S I      WS-C2950G-Gig 0/1
switch32-8          Gig 1/0/22            123            S I      WS-C2950G-Gig 0/1
switch32-9          Gig 1/0/23            140            T S      WS-C3548-XGig 0/1
switch32-10         Gig 1/0/24            161            T S      WS-C3548-XGig 0/1
switch2             Gig 1/0/28            140          R T S I    WS-C6513  Gig 2/13  [this is the SEED device]


Yet a manual discovery (./nedi.pl -v -a switch32) picks up on all downstream neighbors & adds them to the DB. 

CDP :switch110  Gi0/2    on Gi1/0/5  xxx.xxx.xxx.xxx    cisco WS-C Cisco Internetw
CDP :No-SNMP=cisco WS-C2950T SV=1
WDEV:switch110 written to nedi.devices
WLNK:1 (ignoring 0 static) links written to nedi.links
CDP :ap-po1109 Gi0      on Gi1/0/17 xxx.xxx.xxx.xxx  cisco AIR- Cisco IOS Softw
CDP :No-SNMP=cisco AIR-LAP11 SV=2
WDEV:ap-po1109 written to nedi.devices
WLNK:1 (ignoring 0 static) links written to nedi.links
CDP :switch32-6 Fa0/24   on Gi1/0/20 xxx.xxx.xxx.xxx     cisco WS-C Cisco Internetw
CDP :No-SNMP=cisco WS-C2950- SV=1
WDEV:switch32-6 written to nedi.devices
WLNK:1 (ignoring 0 static) links written to nedi.links
CDP :switch32-1 Gi0/1    on Gi1/0/24 xxx.xxx.xxx.xxx    cisco WS-C Cisco Internetw
CDP :No-SNMP=cisco WS-C3548- SV=64
WDEV:switch32-10 written to nedi.devices
WLNK:1 (ignoring 0 static) links written to nedi.links
...snip...
WLNK:1 (ignoring 0 static) links written to nedi.links
CDP :swinet-po1 Gi0/2    on Gi1/0/18 xxx.xxx.xxx.xxx    cisco WS-C Cisco Internetw
CDP :No-SNMP=cisco WS-C3548- SV=64
WDEV:swinet-po1 written to nedi.devices
WLNK:1 (ignoring 0 static) links written to nedi.links

[tristanbob]

At first I was going to point out some obvious things:

1) Perhaps wrong SNMP strings or device ACLs blocking Nedi
2) Neighboring devices do not have an .def file for their model
3) You have specified a netfilter that stops Nedi from adding those devices

But then you said Nedi would add the devices using the -a manual run, which pretty much eliminates those three problems.

I don't use the "-r" for routing table discovery, so perhaps trying running without that option.  For example:  "./nedi.pl -v -p"

Good luck!

Tristan

[becitops]

Tristan,

Thanks for the input.  I've tried nedi.pl w/o the -r (i.e. nedi.pl -p) as well as other combinations (including w/o any options).  Each time I get the same results.   

[rickli]

I'm a bit confused is switch2 or switch32 causing the problems? Switch2 is a 6513, which should have a proper .def (having CDP as discovery protocol), correct?

The 3750 shows an unusual icon (which of course does not prevent discovery, but leads me to look at the .def as well).

[becitops]

Remo,

Thank you for responding. 

switch2 is the seed device which I based the discovery on.  switch32 is just an example of one of the immediate neighbors of switch2.  I think the strange icon is a result of the device not getting a "full" discovery (i.e. CDP only of the neighbor, SNMP is not performed - see detail below).

The general discovery (e.g. nedi.pl  -p or simply nedi.pl), using the seedlist, picks up switch32 along with all the other devices directly attached (CDP neighbors) to switch2.  However the discovery stops there.  In the example, switch32 is discovered but is not interrogated for neighbors of its own (in spite of having many).

If I add the immediate neighbors (e.g. switch32) of the seed to the seedlist, the general discovery then picks up the second-level neighbors, but then stops at the at that level of depth (i.e. only discovers or re-discovers direct neighbors of the seed(s) and does not pick up any subordinate neighbors). 

The other thing I’ve noticed is that when an immediate neighbor is discovered (on a general discovery using the seedlist) it gets listed as Mode: Not SNMP next to the VTP domain name under the group field.  (see attached)

However if I delete the device from the DB/NeDi & perform a manual discovery of the device (e.g. nedi.pl -a device_name/IPaddr) it fully discovers the switch (including snmp) & performs a CDP discovery of its neighbors (but alas no snmp).

So to answer your specific question "is it switch2 or 32 causing the problem?", it is neither (or both).  If I do a global discover (nedi.pl -p or nedi.pl or nedi.pl -rp, etc.) using a seedlist w/ the most visible node on my network or a seedlist with many nodes, I never get past a single level (from the seed) of discovery, and the discovery does not pick up SNMP values (or appear to try, since a host discovery does) for any device other than the seed itself.  Is there a diagnostic I can run that goes beyond the standard logs (which appear to be of little value here)?

Hope this helps clarify the situation. 

-martin

PS I've included a drwg & a couple of screen shots to hopefully give a clearer picture.

discovery_problem => an example view of the discovery landscape
switch31_genDisc => the record of a neighbor after a general (seedlist) discovery
switch31_sprecificDisc => record of same neighbor after a delete & specific device discovery (nedi.pl -a device)

[rickli]

What does nosnmpdev look like in nedi.conf?

[becitops]

Remo,
Here's the regex:

nosnmpdev       IP\s(Phone|Telephone)|^ATA|-[CL]|MAP-|(\s|_)Controlled|armv5tejl/Linux

I'll try eliminating it alltogether & do another scan & post the results.  Thanks

-martin

[becitops]

Remo,

Removing nosnmpdev fixed it!  The regex was the problem.    Thank you!  Mystery solved. 

-martin

[rickli]

NP, did you change anything, though? I wonder if the default could be dodgy...

[becitops]

Remo,

Yes I made a slight mod - I config snmp on my Cisco WAPs (so I can take advantage of standard snmp checks from nagios).  I meant to remove the detection of them (cisco APs) from the Default regex...Unfortunately I failed misserably.

Here's the original & the version I was using for comparison (the problem becomes quite obvious in this light):

DEFAULT:
nosnmpdev      IP\s(Phone|Telephone)|^ATA|AIR-[CL]AP|MAP-|AP(\s|_)Controlled|armv5tejl/Linux

MYMOD:
nosnmpdev      IP\s(Phone|Telephone)|^ATA|-[CL]|MAP-|(\s|_)Controlled|armv5tejl/Linux

For some reason (huge oversight) I left a stub of "-[CL]" (go figure) which would obviously pick up WS-C* (typical cisco switch model).   Your default is just fine. Thanks again & I appologize for the problem I created.   If nothing else, this is a good example of a bad example (what not to do when customizing nedi.conf  ).

-martin

[rickli]

ah ok, I didn't spot it either. So, no worries

[ntmark]

Best write up for a problem I've seen in a while.
And included the solution with the problem causing code.
You sir, ROCK!!!

[becitops]

I coulndn't agree more Mark - Remo & Nedi rock.