Tools->Discovery has never worked

[mducharme]

Hello,

We have many Netonix units in production. One thing we have found is that on every single switch, Tools->Discovery always shows nothing. 0 CDP, 0 LLDP, 0 Ubiquiti. We have Ubiquiti discovery enabled on all of our Ubiquitis and CDP enabled on them too, and our MikroTik's have CDP and LLDP enabled.

At first I just thought it was a bug in the old version we were running, but I upgraded to 1.5.6 on a few and same thing, 0 devices discovered. I'm wondering if this is other peoples experience as well, or if it is working for other users.

It is not a huge deal, but sometimes I have to find out what devices are on what port, and it would be nice to have discovery for that instead of having to search the MAC table like I am currently having to do.

Thanks!

[mike99]

Have you enable those discovery protocole by checking those on the Device -> Configuration tabs ?
P.S. : Don't enable ubnt dp on device with public IP or block incoming port 10001 at your edge. The protocol is vulnerable to amplification attack.

[mducharme]

Have you enable those discovery protocole by checking those on the Device -> Configuration tabs ?
P.S. : Don't enable ubnt dp on device with public IP or block incoming port 10001 at your edge. The protocol is vulnerable to amplification attack.

Yes, all three are enabled. And none of our Netonix or Ubiquiti devices have public IPs on them so there is no potential amplification attack issue. All of our Ubiquitis are in bridge mode and just have private management IPs on a management VLAN. It is the same management VLAN that our Netonix has its management IP on.

If I replace the switch with anything but a Netonix switch, discovery works just fine and I see everything.

[Stephen]

Could you please post a screenshot of your configuration tab?

As in our Discovery does work as far as we know..many customers use it....

[mducharme]

Could you please post a screenshot of your configuration tab?

As in our Discovery does work as far as we know..many customers use it....

Sure, I'm not exactly what this will illustrate by itself but if it helps:

[JustJoe]

Stephen, while you're looking into this ... This is not directly related to bug described here, but there is also a bug in the matrix of choices under
Device / Configuration / Discovery settings box
that decide whether the "Discovery Tab" checkbox should be grayed out.

Honestly, because of this, I thought the Discovery Tab had been intentionally disabled due to an as yet unresolved bug. For us, we only cared about the "Discovery Tab" for ubiquiti dp. but as you can see from the two captured images, if only ubiquiti is chosen, the box is grayed and does not allow enabling the tab. But if one of the other protocols (eg. Cisco) is checked, both can be enabled and applied. As a matter of fact, one can then come back and uncheck Cisco and apply, and the Discovery Tab will continue to function only for Ubiquiti.

No intention to steal the thunder of the OP, it's just that reading that problem description is what made me realize Ubiquiti WAS supposed to work. :)

[Stephen]

JustJoe, that does look like a bug, enabling Ubiquiti should provide you the option to turn on the Discovery Tab. I'll take a look at that.


mducharme, I'm trying to think of a way I can help you. without a doubt I can plug in a switch, turn on discovery and the tab will populate with what is on the network for me and there are lots of examples on the forum of other people seeing the same thing. I was thinking at first maybe it had to do with your VLAN setup, but you mentioned earlier that everything is running on the management VLAN.

Can you try and disable the IP address of the VLAN? Potentially there is a bug there. If that doesn't work, can you let me know some of the devices on your network that you're trying to discover? Maybe some of them are using newer or older versions of the available discovery protocols.

[mducharme]

mducharme, I'm trying to think of a way I can help you. without a doubt I can plug in a switch, turn on discovery and the tab will populate with what is on the network for me and there are lots of examples on the forum of other people seeing the same thing. I was thinking at first maybe it had to do with your VLAN setup, but you mentioned earlier that everything is running on the management VLAN.

Here is a screenshot from the VLANs tab of the device:

Our management VLAN is 101, that is the VLAN that the switch itself has its management IP on and all of our radios have management IPs on. Port 12 is the uplink to the MikroTik router at the site and CDP and LLDP are enabled on the MikroTik. The ports that have T for 101 and U for 161 have Ubiquiti Rocket 5AC Prism access points connected with current firmware. 161 is the customer traffic VLAN and 101 is the management VLAN. The AP and SU's are all in bridge mode, so they do not have IPs in VLAN 161, only in VLAN 101. This is a standard setup throughout our network and this problem happens everywhere. We have dozens of these things and not one is showing any neighbors.

[Stephen]

The only thing I can think that it might be is that potentially the tagged ports could be related. I will setup a test later on and verify if I am able to prevent discovery from populating by playing with VLAN ID's and tagged ports. If so then I will work on a fix.

[mducharme]

The only thing I can think that it might be is that potentially the tagged ports could be related. I will setup a test later on and verify if I am able to prevent discovery from populating by playing with VLAN ID's and tagged ports. If so then I will work on a fix.

Yes, there are a few things that could potentially be causing issues. Our Ubiquiti APs have both CDP and Ubiquiti discovery protocol enabled, so there are two different ways that the Netonix should be able to use to discover them and both are failing. One thing I notice is that our APs send CDP with a tag of VLAN 101, it seems it is a strange behaviour of Ubiquiti. The Netonix actually forwards these CDP frames to our router and so the neighbors list populates there - i.e. the CDP frame sent by the device passes through the Netonix and to our router. CDP frames do not normally have a VLAN tag, so perhaps this is why the Netonix is not finding those. For Ubiquiti Discovery Protocol, it should be sending the discovery broadcast on VLAN101 in our case and getting the replies back tagged from that VLAN. Perhaps it is expecting the replies to come back via the untagged VLAN instead and they wouldn't because Ubiquiti discovery is not a layer 2 protocol like CDP and LLDP.