The IPAM documentation is pretty lightweight, so I thought I turn to the community. There are two settings in IPAM called Neighbor Scanning. It is not clear what each do.
Doc: Neighbor scanning
1. Admin > IPAM Settings > Subnet Scan Settings > SNMP Scanning
Enable SNMP scanning (dependent on ICMP scanning)
Enable SNMP neighbor scanning What is neighbor scanning?
2. Manage Subnets & IP Addresses > Edit Subnet Properties > Neighbor Scanning (...What is neighbor scanning?)
Disable Neighbor Scanning
IP Address: 10.10.10.254
Scan Interval: 4 Hours
I thought that a device's MAC was contained in the switch it is connected to, and therefore, the router ARP would only have the MAC of the downstream switch, not the MAC of the end-point client device? So how can neighbor scanning provide any useful information unless you know what the upstream switch is for each subnet (and there are usually more than one switch, but IPAM only allows for one entry to do a Neighbor Scan)? This is a puzzler to me and I'd like to understand better.
This still doesn't explain what each of the individual options do:
Enable SNMP scanning (dependent on ICMP scanning) <-- does this need to be enabled for "Enable SNMP neighbor scanning" to work or does it do something different?
Enable SNMP neighbor scanning <-- Is this the only other way to gather MAC/IP pairs if you are not running DHCP in your subnet?
squeeb, I agree, some more explanation would be helpful. (The documentation for neighbor scanning is slim to none and needs more explanation; a good answer here would be the basis of a enhancement request to improve the documentation). I don't know who marked Steffen's post as the answer to this thread, although helpful, I've unmarked it as the answer; hopefully someone internal to SolarWinds IPAM development can comment and give the full explanation.
I've got a ticket open with them at the moment, more in relation to how the neighbor scanning mechanism works.
So I'll update here if I get a decent answer.
In my scenario, we have subnets that don't use DHCP, but where the hosts in the subnet do respond to ICMP pings.
The missing info is the MAC address. So in the absence of DHCP and with Neighbor scanning disabled, how would IPAM be able to collect the MAC addresses?
Yes SNMP is enabled on the devices, assuming you mean the network devices that the hosts are attached to?
Not sure what you mean by "turned on in IPAM".
Are you referring to the Neighbor Scanning option for each subnet?
Or do you mean does SNMP run on the devices in the subnet (the hosts connected to the switch) themselves? In which case no, these are workstations so do not run any snmp service.
Right the endpoints need to provide the SNMP data, if its configured on the endpoint you can scan for the SNMP namespaces in addition to ICMP. Other ways to get the MAC addresses are not part of IPAM, just DHCP and SNMP.
When you say endpoint, you mean the hosts connected to the switch?
I have two cases here, one where the endpoints are client machines such as workstations, laptops, phones, watches etc. which all get their addresses from DHCP, and the other case is tons of servers which all have statically assigned IP addresses (configured via CloudInit / Puppet).
For the statically assigned hosts, are you suggesting that I should just run snmpd on them and as long as IPAM has a valid SNMP credential for those hosts, it will collect the MAC/IP combinations appropriately?
Is it then intelligent enough to figure out which port on the switches they are connected to?
From what I understand is that IPAM can read the ARP table (or more precisely the ARP cache) which should have the MAC address and the corresponding IP address of every device / endpoint that has sent data through this router.
Since ARP cache is unreliable and can even be totally empty, the use of Neighbor Scans is disabled by default.
Adding on to this,
The main purpose I find for neighbor scanning is when you have nodes that do not respond to ping your gateway router will still know that they are out there so checking with the router is a good way to double check that open IP's really are open. The trouble is that hitting a router and asking it about all the subnets it has interfaces on can be taxing on the router, less so with new hardware but 5-10 years ago it was pretty easy to lock up a router with just SNMP requests asking it what all it was set up to do.
Loop1 Systems: SolarWinds Training and Professional Services
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.