1 of 1 people found this helpful
All these MACs should be from neighbor scanning, where the neighbor device has 'incomplete' arp entries.
You can follow the below steps to resolve it.
1. Stop all Orion Services
2. Edit the Jobs configuration file is usually in
Find there a section like:
<add key="NeigborScanJob.SkipEmptyMAC" value="False"/>
<add key="NeigborScanJob.SkipEmptyMAC" value="True"/>
5. Start all Orion Services
6. trigger the subnet scan.
This did not work for us.
When I look at the history of many of the IP's, I often never see a real IP and MAC. I only see the 00-00-00-00-00-00, and the status is set to Used, and the Source for Update is Subnet Neighbor Scan or Neighbor Scan.
Elsewhere in Thwack, people have said that this results from an ARP timeout. ARP timeout certainly does not mean that the IP was ever valid - it only means that something tried to reach the IP, and the ARP timed out. There are many management apps, such as Nessus, that do scans and result in ARP timeouts.
If these 00-00-00-00-00-00 entries are indeed the result of ARP timeouts, I think would be a mistake in the IPAM design. So maybe they are caused by something else. The algorithms for DHCP, ICMP, and Neighbor scanning need to be documented.
The manual also says:
"IPAM utilizes a feature called Neighbor Scanning as an additional method of retrieving information. Neighbor Scanning pulls information from the ARP table of neighboring devices when ICMP and SNMP is blocked or disabled."
We do indeed have ICMP enabled with default settings (2 pings per address, 200msec between pings, and timeout of 2.5 seconds), and manual ping works from Orion to known IPs on the subnet. We are scanning through multiple firewalls that allow all types of ICMP to and from management nets, but no NATs. The routers are dual Nexus connected by vPC. Other Solarwinds scan tools from the Engineer's Toolset work ok.
So I have set the Transient Duration as low as possible to 0.25 days to see if that clears the Transient status over the weekend.
Setting the Transient Duration to minimum has cleared out the invalid transients so far. We have some other work to do on other aspects of IPAM, but we will increase the Transient Duration back up to 3 to 7 days.