IP Switch CI gets created for Vlans

sbhayani · ‎02-23-2018

Hello Experts,

We see that, the Switch class CI gets created for vlans. In following list, cel-cs1 is the only physical switch, rest all are just interfaces, which shouldnt be classified as switch.

Please help..

robertgeen · ‎02-24-2018

The reason why this is happening is because you discovery is currently setup to take DNS for the name instead of the name returned by the system. Look in your discovery properties page and you will see a setting which calls out setting SNMP is trusted host name source. As it stands right now when you discover those VLANs via their management IP it is resolving a different name and depending on how your identifiers are setup it probably isn't finding a match to the original one because the name is indeed different according to DNS.

If you check that option you should find that those will stop being discovered that way. I would also check to make sure that the serial number matches cause that should also of caused them to be identified together but more then likely it is because of the DNS entry and in most cases I turn off the DNS or NetBios is trusted name source because often DNS isn't setup properly at most organizations. Hope this helps.

EDIT: While this is most likely your issue I would definitely check your identifiers first and see what you have setup to identify on. If the issue is what I think it is and you are using the out of the box identifiers you shouldn't be getting duplicates if the serial number is coming back. Instead you would see 1 CI with a flip flopping name. Either way I think you will have to play with this setting called out here to make it use the system name instead of DNS but make sure you follow up on your CI Identification rules as well to understand what they are looking for (and confirm that the data is coming back from your device properly).

View solution in original post

sbhayani · ‎02-24-2018

you are right, however, its already set to how you suggeted,

robertgeen · ‎02-24-2018

Yeah sorry my screenshot wasn't specific enough. The SNMP is trusted needs to be checked. When it isn't checked it will take what comes back from DNS as the name of the CI instead of what comes back from SNMP commands. You can see an example of it by looking at the Shazam probe results for the IP when it runs (you will see under DNS that it has that name). Now when you look at the SNMP discovery results under classification and identification that it will have the proper name but it picks the DNS one anyways. But check marking the SNMP is trusted it tells it to override what is coming back from DNS.

One note is that you will want to test this in DEV first because if other devices don't have a proper name set in SNMP it could create bad host data so make sure you do proper testing but this should fix the improper CIs being created if you check that SNMP is trusted box.

sbhayani · ‎02-24-2018

Just a confirmation, du you recommend to check boxes for trusting SSH, WMI and SNMP as a trusted source of hostname and uncheck box for "trust DNS and NetBios" for hostname?

robertgeen · ‎02-25-2018

It depends on your needs. Start with keeping the first box checked and check the SNMP one. This should override it just for SNMP but leave it for the rest. After that you can test whether you need it for WMI and SSH to but be warned if you have a fairly mature discovery changing the WMI and SSH one can cause CIs in your CMDB to suddenly change. Since you are only seeing an issue on the Network side just play with the SNMP one for now.

sbhayani · ‎02-26-2018

I treied deleting one CI which was created for vlan and post making changes you suggested, re ran the discovery job for that specific IP, i see that the CI again got created. 😞