NetXMS Support Forum

In the attached, IPs in green are correct, IPs in red are incorrect. For whatever reason, NetXMS thinks the same IPs are on multiple interfaces. This is not something that just appeared in 4.1.283, I think it's been there a while. It seems to affect Sonicwalls particularly, didn't notice it anywhere else.

It's not obvious from an snmpwalk how this would arise:


RFC1213-MIB::ifIndex.1 = INTEGER: 1
RFC1213-MIB::ifIndex.2 = INTEGER: 2
RFC1213-MIB::ifIndex.3 = INTEGER: 3
RFC1213-MIB::ifIndex.4 = INTEGER: 4
RFC1213-MIB::ifIndex.5 = INTEGER: 5
RFC1213-MIB::ifIndex.6 = INTEGER: 6
RFC1213-MIB::ifIndex.7 = INTEGER: 7
RFC1213-MIB::ifIndex.8 = INTEGER: 8
RFC1213-MIB::ifIndex.268484097 = INTEGER: 268484097
RFC1213-MIB::ifIndex.268486657 = INTEGER: 268486657
RFC1213-MIB::ifDescr.1 = STRING: "X0 (Portshield Host)"
RFC1213-MIB::ifDescr.2 = STRING: "X1 (WAN)"
RFC1213-MIB::ifDescr.3 = STRING: "X2 (WAN)"
RFC1213-MIB::ifDescr.4 = STRING: "X3 (Portshielded To X0)"
RFC1213-MIB::ifDescr.5 = STRING: "X4 (Portshielded To X0)"
RFC1213-MIB::ifDescr.6 = STRING: "X5 (Portshielded To X0)"
RFC1213-MIB::ifDescr.7 = STRING: "X6 (Portshielded To X0)"
RFC1213-MIB::ifDescr.8 = STRING: "U0 (Unassigned)"
RFC1213-MIB::ifDescr.268484097 = STRING: "X0:V190 (Guest Wireless)"
RFC1213-MIB::ifDescr.268486657 = STRING: "X0:V200 (LAN)"
RFC1213-MIB::ipAdEntAddr.88.xx.xx.142 = IpAddress: 88.xx.xx.142
RFC1213-MIB::ipAdEntAddr.94.xx.xx.34 = IpAddress: 94.xx.xx.34
RFC1213-MIB::ipAdEntAddr.172.22.40.1 = IpAddress: 172.22.40.1
RFC1213-MIB::ipAdEntAddr.172.22.140.1 = IpAddress: 172.22.140.1
RFC1213-MIB::ipAdEntAddr.172.22.240.1 = IpAddress: 172.22.240.1
RFC1213-MIB::ipAdEntIfIndex.88.xx.xx.142 = INTEGER: 3
RFC1213-MIB::ipAdEntIfIndex.94.xx.xx.34 = INTEGER: 2
RFC1213-MIB::ipAdEntIfIndex.172.22.40.1 = INTEGER: 268484097
RFC1213-MIB::ipAdEntIfIndex.172.22.140.1 = INTEGER: 1
RFC1213-MIB::ipAdEntIfIndex.172.22.240.1 = INTEGER: 268486657
RFC1213-MIB::ipAdEntNetMask.88.xx.xx.142 = IpAddress: 255.255.255.252
RFC1213-MIB::ipAdEntNetMask.94.xx.xx.34 = IpAddress: 255.255.255.252
RFC1213-MIB::ipAdEntNetMask.172.22.40.1 = IpAddress: 255.255.255.0
RFC1213-MIB::ipAdEntNetMask.172.22.140.1 = IpAddress: 255.255.255.0
RFC1213-MIB::ipAdEntNetMask.172.22.240.1 = IpAddress: 255.255.255.0


Just occurred to me that I didn't see 127.0.0.1 in any of that, so I looked over the snmpwalk again and this is probably the cause here - the IP-MIB:


IP-MIB::ipAddressIfIndex.ipv4."88.xx.xx.142" = INTEGER: 4
IP-MIB::ipAddressIfIndex.ipv4."94.xx.xx.34" = INTEGER: 3
IP-MIB::ipAddressIfIndex.ipv4."94.xx.xx.35" = INTEGER: 3
IP-MIB::ipAddressIfIndex.ipv4."127.0.0.1" = INTEGER: 1
IP-MIB::ipAddressIfIndex.ipv4."172.22.40.1" = INTEGER: 10
IP-MIB::ipAddressIfIndex.ipv4."172.22.140.1" = INTEGER: 2
IP-MIB::ipAddressIfIndex.ipv4."172.22.240.1" = INTEGER: 11
IP-MIB::ipAddressIfIndex.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01" = INTEGER: 1


The IP-MIB entries look a bit random, there is no interface index 10 or 11!
Not an SNMP expert but I think the above explains this? Ie, it's a Sonicwall issue, not an NetXMS one.

For reference, the above is all about Sonicwall Gen 6 devices. I have added a Gen 7 device to NetXMS, this does not have IP-MIB::ipAddressIfIndex entries and interface table in NetXMS appears as it should do.
Gen 6 is end of sale and nearing end of life, so this defect will never be fixed by Sonicwall.

Hi,

if data in IP-MIB is incorrect that it definitely can cause strange results. Do those devices provide correct address information under .1.3.6.1.2.1.4.20.1.1 (ipAddrTable)? If yes, I can made small change that will allow to disable usage of .1.3.6.1.2.1.4.20.1.1 (ipAddressTable) for specific devices.

Best regards,
Victor

Yes, they do:


RFC1213-MIB::ipAdEntAddr.88.xx.xx.142 = IpAddress: 88.xx.xx.142
RFC1213-MIB::ipAdEntAddr.94.xx.xx.34 = IpAddress: 94.xx.xx.34
RFC1213-MIB::ipAdEntAddr.172.22.40.1 = IpAddress: 172.22.40.1
RFC1213-MIB::ipAdEntAddr.172.22.140.1 = IpAddress: 172.22.140.1
RFC1213-MIB::ipAdEntAddr.172.22.240.1 = IpAddress: 172.22.240.1



I've made changes to disable usage of ipAddrTable and ipAddressTable by setting to true attributes snmp.ignore.ipAddrTable and snmp.ignore.ipAddressTable. Those changes will be included into upcoming patch release.

Best regards,
Victor

Great work, Victor.
Added snmp.ignore.ipAddressTable as custom param on this example Sonicwall, re-polled and it now shows the correct IPs after a "Configuration (full)" poll.