2 Replies Latest reply on Nov 25, 2019 1:30 PM by mesverrum

    How does Neighbor Scanning work?


      IPAM 4.9

      The IPAM documentation is pretty lightweight, so I thought I turn to the community. There are two settings in IPAM called Neighbor Scanning. It is not clear what each do.


      Doc: Neighbor scanning


      1. Admin > IPAM Settings > Subnet Scan Settings > SNMP Scanning

      Enable SNMP scanning (dependent on ICMP scanning)

      Enable SNMP neighbor scanning What is neighbor scanning?


      2. Manage Subnets & IP Addresses > Edit Subnet Properties > Neighbor Scanning (...What is neighbor scanning?)

      Disable Neighbor Scanning

      IP Address:

      Scan Interval: 4 Hours



      I thought that a device's MAC was contained in the switch it is connected to, and therefore, the router ARP would only have the MAC of the downstream switch, not the MAC of the end-point client device? So how can neighbor scanning provide any useful information unless you know what the upstream switch is for each subnet (and there are usually more than one switch, but IPAM only allows for one entry to do a Neighbor Scan)? This is a puzzler to me and I'd like to understand better.

        • Re: How does Neighbor Scanning work?
          Steffen Gutzeit



          From what I understand is that IPAM can read the ARP table (or more precisely the ARP cache) which should have the MAC address and the corresponding IP address of every device / endpoint that has sent data through this router.

          Since ARP cache is unreliable and can even be totally empty, the use of Neighbor Scans is disabled by default.


          Best regards,