Duplicates, Override Defaults, Interfaces missing on some devices and VLANs discovery issues #274
Description
I have been very impressed with the SNMP discovery. I just want to lay down some issues I discovered during a project with Netbox and Discovery agent.
The orb SNMP agent discovers devices and on a policy level, respects the defaults. If any discovered device is moved to another site or role, then a duplicate device is created from the diode server. I do not see any way to force it to look up the whole netbox database (if no defaults, site is in the agent.yaml)
Furthermore, on the agent.yaml all the override_defaults tags are ignored, and whatever is in the defaults tag is always enforced.
Also, on FortiGate Devices, I see no IP and no interfaces, and only the device System ID is created as a device.
One more thing is that there are no VLANs created, even though SNMP can pull VLAN data from the devices, but this might not have been implemented yet. The devices I have tested are FortiGate firewalls, Forti switches, and some Mikrotik CRS switches, all using SNMP.
orb:
config_manager:
active: local
backends:
network_discovery:
snmp_discovery:
common:
diode:
target: http://IP:8080/diode
client_id: orb...
client_secret: t..
agent_name: orb1
policies:
network_discovery:
network_scan:
config:
schedule: "* */4 * * *" # Every 4 hours
timeout: 5
scope:
targets:
- "10.200.0.0/24"
snmp_discovery:
snmppolicy_1:
config:
schedule: "*/1 * * * *"
timeout: 300
snmp_timeout: 10
retries: 3
defaults:
site: "Device-Discovery"
role: "Firewall"
ip_address:
role: "management"
lookup_extensions_dir: "/opt/orb/snmp-extensions"
scope:
authentication:
protocol_version: "SNMPv3"
security_level: "authNoPriv"
username: "user"
auth_protocol: "MD5"
priv_protocol: "AES"
auth_passphrase: "password"
priv_passphrase: "password"
targets:
- host: "10.200.10.1" # subnet support
port: 161
override_defaults:
role: "switch" # Here I just testing if it has any effect. No Effect
snmppolicy_10:
config:
schedule: "*/1 * * * *" # Cron expression - every 6 hours
timeout: 300 # Timeout for policy in seconds (default 2 minutes)
snmp_timeout: 10 # Timeout for SNMP operations in seconds (default 5 seconds)
retries: 3 # Number of retries
# defaults:
# role: "switch"
lookup_extensions_dir: "/opt/orb/snmp-extensions"
scope:
authentication:
protocol_version: "SNMPv3"
security_level: "authNoPriv"
username: "user"
auth_protocol: "MD5"
priv_protocol: "AES"
auth_passphrase: "password"
priv_passphrase: "password"
targets:
# Switches
- host: "10.200.10.100-105"
override_defaults:
site: "Device-Discovery"
role: "switch"
tags: ["mikrotik","test"] # Here I just testing if it has any effect. No Effect
- host: "10.200.10.200"
override_defaults:
site: "Device-Discovery"
role: "Firewall" # Here I just testing if it has any effect. No Effect