Having a /24 subnet not all active devices comes up with the discovery running every 4 hours. The discovery is set to use ICMP and SNMP with no 'neighbor discovery'.
I have noticed, if I do a manual PING from any device towards a missing device in the subnet, it is discovered on the next IPAM discovery. Off course this is very annoying giving a wrong picture off 'used addresses' - the reason to use IPAM !
Below are the statistics from the Router/Firewall during the IPAM subnet scan. The two last red lines indicates the problem. The number off Unresolved hosts have reached the maximum, so further resolving will be dropped.
VNOASA# sh arp statistics
Number of ARP entries in ASA: 588
Dropped blocks in ARP: 2720894
Maximum Queued blocks: 111
Queued blocks: 100
Interface collision ARPs Received: 0
ARP-defense Gratuitous ARPS sent: 0
Total ARP retries: 8393217
Unresolved hosts: 100
Maximum Unresolved hosts: 100
Short after the scan have finished the statistics looks like below. Now I can do a manual ping off one off the ‘Transient’ devices and the Router/Firewall will resolve and put it in the ARP table. Now IPAM also changes the status to ‘Used’ after a new scan:
VNOASA# sh arp statistics
Number of ARP entries in ASA: 588
Dropped blocks in ARP: 2721166
Maximum Queued blocks: 111
Queued blocks: 10
Interface collision ARPs Received: 0
ARP-defense Gratuitous ARPS sent: 0
Total ARP retries: 8394348
Unresolved hosts: 10
Maximum Unresolved hosts: 100
I would like to be able to ‘Slow down’ the scannings.
↧
Discovery mis some devices
↧