8 Replies Latest reply: Sep 2, 2013 7:47 PM by superfly99 RSS

Device discovery and polling IP address

justa2e2

Hello thwack community,

 

I have a brand new installation of NPM along with a few other modules. I have a question that I haven't been able to find an answer to. Whenever I try to discover some of my Cisco switches I can't discover them using the loopback IP addresses but if I use a vlan interface or physical interface it discovers no problem. I thought that's fine I'll just change the polling IP address after the discovery. Well, when I try and change the polling ip address to the loopback it either a. website times out or b. comes back with a error stating it can't validate the snmpv3 credentials. We are using the latest edition of NPM. If someone could point me in the right direction I would greatly appreciate it. Thanks and I look forward to being on here a lot.

 
  • Re: Device discovery and polling IP address
    superfly99

    Can you actually ping the loopback address from the NPM server? Sounds like you can't which means that you need to take a look at your routing. Once you can ping the loopback address on your switch from the NPM server, you'll be able to use it as the polling address.

    • Re: Device discovery and polling IP address
      justa2e2

      Yes I can ping the loopback IP addresses. For this specific example the NPM server is directly connected to the switch I am trying to discover. I can ping all interfaces on the switch including the loopback.

      • Re: Device discovery and polling IP address
        superfly99

        If you can ping the loopback address, then it should be discoverable by that address. So SNMP is being blocked. Check your ACL's to see if it's blocking SNMP access to the loopback address.

      • Re: Device discovery and polling IP address
        Network_Guru

        This does not make sense.

        Switches are L2 devices and do not have IP addresses on their interfaces.

        Switches are usually managed through a dedicated Vlan/Interface, not loopbacks (but some switches can be configured with LB interfaces and IPs).

        This sounds more like a L3 or FW problem.

        As superfly has mentioned, you must be able to ping the switch from the NPM server.

        If Orion does not first receive an ICMP echo-reply from the device, it will never try to poll it with SNMP.

        If there is a firewall in the path, then you may want to reduce or increase the ICMP payload Orion sends to the device.

        This is mentioned in the SW Knowledge Base.

        • Re: Device discovery and polling IP address
          justa2e2

          Ok...after spending a few hours this morning looking at it I have found that when I test credentials from the manage credentials engineers toolset I don't see any traffic leaving from the server in my wireshark captures. The windows firewall is turned off. I can see the ICMP traffic leaving the server but nothing when I test credentials. It always comes back with the can't resolve host name or ip address error. So why isn't the server sending out any packets when I test the credentials?

          • Re: Device discovery and polling IP address
            Network_Guru

            You should really open a support case for this, but here are a couple more things to check.

             

            Are you using the hostname or IP for discovering the new node?

            Do you have IPv6 enabled on your Orion server? You may want to disable this if you are not using it.

            Go to this link on your Orion server and click on the appropriate "Fix Me" links (assuming you are running Win2K8):
            http://support.microsoft.com/kb/929852

          • Re: Device discovery and polling IP address
            superfly99

            justa2e2 wrote:

             

            Ok...after spending a few hours this morning looking at it I have found that when I test credentials from the manage credentials engineers toolset I don't see any traffic leaving from the server in my wireshark captures. The windows firewall is turned off. I can see the ICMP traffic leaving the server but nothing when I test credentials. It always comes back with the can't resolve host name or ip address error. So why isn't the server sending out any packets when I test the credentials?

            You are still trying to get to the device via the Loopback address? I assume that this test does work when using a VLAN or physical address? As network_guru mentioned, L2 devices don't use loopbacks. Just monitor the device via the vlan. That's what I do.