Send netdisco-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Discovery, ARP and MAC issues after update (Oliver Gorwits)
--- Begin Message ---
Oh I forgot to mention, by commenting out the SNMP part of device_auth this
might also stop things working.
Discovery on a device needs to happen first, and this (currently) requires
SNMP. Then after it's discovered, you can run macsuck/arpnip using the CLI
module, but not before.
regards
Oliver.
On Wed, 5 Nov 2025 at 09:20, Oliver Gorwits <[email protected]> wrote:
> Hi Matt, and thanks for using Netdisco!
>
> OK I see an issue in your config. The discover_only setting doesn't have
> any subkeys like device_auth, subnet, or hosts. It's just a plain list of
> IPs or other groups can be contained.
>
> So you possibly want something like this: https://nopaste.net/iKjFX8bBGN
>
> The wiki docs I guess you have seen, but in case not:
>
> https://github.com/netdisco/netdisco/wiki/Configuration#access-control-lists
> https://github.com/netdisco/netdisco/wiki/Configuration#host_groups
>
> Finally there's a good way to troubleshoot by asking Netdisco to dump the
> config:
>
> ~netdisco/bin/netdisco-do dumpconfig -e host_groups
> ~netdisco/bin/netdisco-do dumpconfig -e device_auth
>
> Hope this helps!
>
> oliver.
>
>
> On Wed, 5 Nov 2025 at 00:33, DeSantos, Matthew via netdisco-users <
> [email protected]> wrote:
>
>> Hello,
>>
>> I'm pulling my hair out trying to get netdisco to work again. It's been a
>> great tool for years now, but I recently updated and can't seem to get
>> anything to work anymore. I always had an overlap with the YAML config
>> meaning our switches/firewalls use the same mgmt subnet, but I would use
>> host_group to match the individual firewall IP and a subnet to match the
>> remaining switches. I tried various configurations but each time I failed.
>>
>> Can someone please review my device_auth, host_group, and discover_only
>> stanza and let me know what I'm missing here. I commented out the SNMP
>> stanza to test SSH/CLI for the firewalls. The debug output returns
>> 'discovery skipped: 10.10.200.220 is not discoverable.
>>
>> device_auth:
>> # - tag: 'Extreme'
>> # version: '3'
>> # user: 'redacted'
>> # auth:
>> # pass: 'redacted'
>> # proto: 'SHA'
>> # priv:
>> # pass: 'redacted'
>> # proto: 'AES' # Changed from DES to AES for compatibility
>>
>> - tag: 'Firewalls'
>> driver: 'cli'
>> platform: 'PaloAlto'
>> only:
>> - 'group:paloalto-firewalls'
>> username: 'redacted'
>> password: 'redacted'
>> ssh_master_opts:
>> - "-o"
>> - "StrictHostKeyChecking=no"
>>
>> # Host groups for access control
>> host_groups:
>> paloalto-firewalls:
>> - 'ip:^10\.(1|3|4|5|6|7|8|9|10|24|42|200)\.200\.210$'
>> - 'ip:^10\.(1|3|4|5|6|7|8|9|10|24|42|200)\.200\.220$'
>>
>> # Discovery targets
>> discover_only:
>> - group: 'extreme-switches'
>> device_auth: 'Extreme'
>> subnet:
>> - 10.1.200.0/24
>> - 10.3.200.0/24
>> - 10.4.200.0/24
>> - 10.5.200.0/24
>> - 10.6.200.0/24
>> - 10.7.200.0/24
>> - 10.8.200.0/24
>> - 10.9.200.0/24
>> - 10.10.200.0/24
>>
>> - group: 'paloalto-firewalls'
>> device_auth: 'Firewalls'
>> hosts:
>> - 10.10.200.210
>> - 10.10.200.220
>>
>> --
>> Thanks,
>> Matt
>> _______________________________________________
>> Netdisco mailing list
>> [email protected]
>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>>
>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
[email protected]
https://lists.sourceforge.net/lists/listinfo/netdisco-users
