Hello,
I am receiving 'Active, couldn't classify error and stopping at SNMP - Classify probe while running the discovery, this is only with fewer devices. All other devices discovery just works fine. I've consulted ENS to inquire about these devices, they said these devices are active on the network. I believe there is something going on with the OIDs. Can someone please look into my SNMP-Classify XML input and let me know if I am getting OID back.
I tried to compare the XML with the working one but there is some difference but couldn't find the exact OID since there are many ids that are confusing me.
Paul (et al),
First, it's important to understand how we classify network devices. We do this (primarily) on whether they route, print, switch or power. This is determined by the results and subsequent parsing of the SNMP Classify probe. Now there is also the ability to classify a device based purely on the SNMP SystemOID but we'll talk more on that later. So you know you have two switches one works one doesn't. Why? How is service now determining its capabilities? well let's look at the SNMP Classify Sensor
Here you see the section on 'is it a switch' We are looking for greater than 0 ports returned from the dot1dBaseNumPort return. Let's look at yours, first the one that works...
In your attachments for the successful one, we get this return with 5 ports! Bam, you're a switch
<dot1dBridge oid="1.3.6.1.2.1.17"><dot1dBase oid="1.3.6.1.2.1.17.1"><dot1dBaseNumPorts oid="1.3.6.1.2.1.17.1.2" type="SnmpInt32">5</dot1dBaseNumPorts>
Now for the one that does not work, no ports, no love..
<dot1dBridge oid="1.3.6.1.2.1.17"><dot1dBase oid="1.3.6.1.2.1.17.1"><dot1dBaseNumPorts oid="1.3.6.1.2.1.17.1.2" type="SnmpInt32">0</dot1dBaseNumPorts>
Now we could have used the SNMP SysOid to classify it, you can think of it as a "sorta" backup to classification. SysOid's by internet law are supposed to be unique and fun fact its from this table that we also set Manufacture and Model for network devices.
Now in your case for both devices NEITHER are giving you back much of your system oid information that would be contained where your seeing the sysdescr return so our backup couldn't come into play.
Bottom line, my best guess is these devices are either not sending all the information back because of a bad SNMP config on the device or perhaps the distance is too great between your mids and targets. UDP is a fickle protocol being stateless and there's an opportunity for packets to be dropped in transit, losing a lot of data that we would never know about. So that's where I would start the investigation.
For reference, I did an SNMP Classify tutorial a while back and while dated in its production and poor in quality (I'm not a pro at that stuff 🙂 ), its still VERY relevant today and the same process is used to create new device types. Watch this where I walk through all the moving pieces.
https://www.youtube.com/watch?v=6ULRbpGOSB4&t=6s
