NetXMS Support Forum

Hello, once again I have been reviewing Network Discovery Configuration and found out that it is not working as I need it to.

What I want to achieve:
- scan only subnets that are precisely specified

At first I set:
- General - network discovery setting - Active and passive
- Default SNMP community string - filled (our own string)
- Active Discovery Targets - subnets specified
- Filter - No filtering

But this scanned literally everything.

I am not sure if setting General to Disabled will help (according to wiki the list in Active Discovery Targets has no effect if active discovery is off).
Seeing as General has three options:
- Disabled
- Passive
- Active and passive
I am not really sure if "Disabled" means "Active only" or "Nothing at all".

Or should I check Active and passive and add the same list of desired subnets to the Address Filters ?

Clarification would be really helpful.

With regards,

Milan Sperl

Hello.

"Disable" will turn discovery off completely.

Active/passive modes:

Passive: information about new nodes are extracted from ARP and routing tables on all nodes available in NetXMS. This way you need to add at least one "seed" node (most of the time server itself is this node, and it's sufficient).
Active: same as passive, but server will scan all addresses in in configured subnets / ranges, as set in "Active discovery targets" section.

In both cases, resulting addresses can be outside of desired range (e.g. multiple interfaces on the router) and you need to filter them.
You can use either custom script (which should just return true/false) or in your case – use automatically generated script. In "Filter" section select "Automatically generate script with following rules", then check "Accept node if it is within given range or subnet" and then add all desired subnets/ranges in "Address Filters" section.

I need to check, but I think that if server was started with discovery disabled, it will be reenabled only on next server restart, so save discovery settings and restart netxmsd.

Thanks for the clarification.

So the only option for having "tight" subnets is set active-passive discovery and set what subnets should be scanned. And to prevent the "passive" part going outside the active boundaries the filter needs to be specified with the same set as the active list of subnets.

I believe that will still scan the nodes outside of the "address list" boundry, but will not add them to NetXMS.

Please correct me if that is wrong

Not sure about the "still scanning outside" part. It makes sense though - active discovery scans the ranges given in Active Discovery Targets, passive discovery adds some more, then Filter kicks in and has a final say as to what node will be added or not.

With this setting it seems to behave a little better - no unwanted nodes appear in the database.

We are still having Entire Network show much more subnets just because some devices are "somehow" visible from the unwanted subnets.
It would be really great if subnets in the Entire Network sections followed the same rules.

Additional subnets can be visible if you have nodes with interfaces in both allowed and disallowed subnets. NetXMS will create subnet object for each interface. It is not related to network discovery - same rules work when you add nodes manually. If you absolutely dislike those subnets, you can create configuration poll hook script that will remove unwanted subnet objects right after creation.

Best regards,
Victor

Could this be fixed? Adding and removing subnets doesn't seem to be efficient way to do it. NetXMS adds our customers' networks with wrong subnets, which results in alerts about them.

How it happens that subnets added with wrong masks? If interfaces of known nodes configured correctly subnets should have correct masks as well.

Best regards,
Victor

There are conflicts between some internal routing subnets (10.0.0.0/30) and customers' interfaces for NAT (10.0.0.0/24, 10.0.0.0/8 and other ideas), and this generates alerts about invalid netmask.

You can turn on "Exclude from topology" option for problematic interfaces - then NetXMS server will not create matching subnets.

Best regards,
Victor