Layer 2 Discovery Discovery can detect the physical connections, known as Layer 2, between network devices. Layer 2 discovery process Discovery uses multiple probes to gather information about network adapters and their Layer 2 connections. For example, if Discovery finds a switch in a network, it triggers the SNMP - Switch - Vlan probe and the SNMP - Network - ARPTable probe. For every Vlan Discovery finds, it triggers various switch probes. If a switch has routing capabilities, Discovery triggers the SNMP - Routing probe to collect network adapter information in the Network Adapter [cmdb_ci_network_adapter] table. If Discovery finds a server, it triggers the appropriate Address Resolution Protocol (ARP) probe for that operating system. Discovery also supports the use of patterns, such as the Network Switch and Network Router patterns, which are available by default in Discovery. See Router and switch discovery for more information. During the discovery of a network device, Discovery creates records in the Router Interface [dscy_router_interface] table and the Switchport [dscy_switchport] table. This information contains network adapter information for that device. For SNMP-enabled devices, Discovery gathers the information from a routing probe during the exploration phase. The Layer 2 protocol cache probe runs next to collect neighbor data from the device. As Discovery gathers network information from the probes on a device, it populates the Device Neighbors [discovery_device_neighbors] table. In some cases, the neighbors of this device might not yet be known to the instance. The neighbor's interface cannot be resolved to a record until Discovery eventually finds the neighbor's side of the relationship. When Discovery runs on the neighboring device, Discovery completes the information for the neighbor's interface for the original reporting device. Retrieving neighbor data Discovery can retrieve neighbor data from these caches on a network device: Cisco Discovery Protocol (CDP) : Cache on Cisco devices that contains device neighbor information in the form of a protocol specific neighbor ID. Link Layer Discovery Protocol (LLDP): Generic cache that contains device neighbor information in the form of a protocol specific neighbor ID. Address Resolution Protocol (ARP): Cache that contains the IP and MAC addresses of all connecting devices and servers. Layer 2 connectivity Discovery can create Connects to:Connected by relationships between connected layer 2 devices and between the interfaces and adapters of host servers and layer two devices. Service Mapping must be active in addition to Discovery. In the following example, Discovery found a server running AIX, and was also able to find two IP switches on the network. These relationships were created: An IP Connection relationship between the AIX Server and the two IP switches A and B. A reference between the AIX server and its own network adapter. A Connects to relationship between the adapters on the two IP switches (not shown in image below). A Connects to relationship between the network adapter of the AIX server and the switch port of IP switch A (highlighted in red). This kind of relationship requires Service Mapping to be active. To view these relationships, open the dependency view for the server. To view the relationship between the two IP switches, open the dependency view from one of the switches and select the Physical Network Connections option for the Dependency Type in the map settings. Address Resolution Protocol (ARP) in Layer 2 DiscoveryThe Discovery probes for Address Resolution Protocol (ARP) map the IP address of a computer or network device to a MAC address. These probes retrieve the IP address and MAC address for a CI from the Network Infrastructure Item [dscy_net_base] table. Devices that support SNMP, such as Linux computers and network devices, cache two types of address information: Static: Manually added address resolutions. Dynamic: Hardware name and IP address pairs added to the cache by previous, successful ARP resolutions. When the ARP table Discovery completes, the system collects all static and dynamic table entries from devices via SNMP. If a new ARP entry is available, it is added to the Network ARP Table [discovery_net_arp_table]. If any previously discovered ARP entries are no longer cached in the device’s ARP table, the system removes the corresponding records from the CMDB using the reconciliation process.Note: If new ARP entries are created after Discovery runs, they are not discovered until the next Discovery schedule. If ARP entries are removed from the device after Discovery runs, the CMDB ARP table is not updated until Discovery runs again. ARP probes Discovery provides these probes for extracting IP and MAC address resolution information: Probe ECC queue topic Command Description Linux - Network ARP Tables SSHCommand arp -n SSH command probe that retrieves the network information from the ARP table on a Linux server. Solaris - Network ARP Tables SSHCommand arp -an SSH command probe that retrieves the network information from the ARP table on a Solaris server. Windows - Network ARP Table Powershell arp -a Powershell probe that retrieves the network information from the ARP table on a Windows server. SNMP - Network - ArpTable SNMP TableThe SNMP probe uses this OID first: iso.org.dod.internet.mgmt.mib-2.ip.ipNetToMediaTable ipNetToMediaPhysAddress,ipNetToMediaNetAddress.If the probe fails to return results, it uses this OID: iso.org.dod.internet.mgmt.mib-2.ip.ipNetToPhysicalTable ipNetToPhysicalNetAddress,ipNetToPhysicalPhysAddress. SNMP probe that collects information from the ARP table on a switch or router. SNMP switch probes These probes return bridging information from VLANs connected across network switches, including port selection, forwarding tables, and the use of the spanning tree protocol. SNMP - Switch - BridgePortTable This probe returns all the ports from a switch that are used to create a bridge between network segments.Table 1. Bridging data returned Table Switch Bridge Port Table [discovery_switch_bridge_port_table] OID iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dBase.dot1dBasePortTable dot1dBasePort,dot1dBasePortIfIndex Fields populated cmdb_ci port interface_index SNMP - Switch - SpanningTreeTable This probe returns the active path between any two network nodes bridged by a switch.Table 2. Spanning tree data returned Table Switch Spanning Tree Table [discovery_switch_spanning_tree_table] OID iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dStp.dot1dStpPortTable dot1dStpPort,dot1dStpPortState,dot1dStpPortEnable,dot1dStpPortDesignatedRoot,dot1dStpPortDesignatedBridge Fields populated cmdb_ci port port_state port_enable designated_root designated_bridge_mac SNMP - Switch - ForwardingTable This probe returns information from a switch's forwarding table. Table 3. Forwarding table data returned Table Switch Forwarding Table [discovery_switch_fwd_table] OIDs These OIDs are built as needed by the DiscoveryVlanSwitchProcessor script include. Non-Cisco: Q-BRIDGE MIB: oid_spec_list = 'table iso.org.dod.internet.mgmt.mib-2.dot1dBridge.qBridgeMIB.qBridgeMIBObjects.dot1qTp.dot1qTpFdbTable dot1qTpFdbAddress.' + vlanIndex + ',dot1qTpFdbPort.' + vlanIndex + ',dot1qTpFdbStatus.' + vlanIndex; BRIDGE MIB: oid_spec_list = 'table iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dTp.dot1dTpFdbTable dot1dTpFdbAddress,dot1dTpFdbPort,dot1dTpFdbStatus’; Cisco BRIDGE MIB: oid_spec_list = 'table iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dTp.dot1dTpFdbTable dot1dTpFdbAddress,dot1dTpFdbPort,dot1dTpFdbStatus’; Additional probe called The SSH probe Switch - MAC Table can be triggered by the DiscoveryVlanSwitchProcessor script include to populate additional Layer 2 data. If you are missing Layer 2 data after you run discovery on multiple VLANs, you should enable the triggering of the Switch - MAC Table probe and run discovery again. To do this, add this property to the System Property [sys_properties] table: glide.discovery.sensors.forwardingtable.ssh. Set the value of the property to true. Command show mac address-table Fields populated cmdb_ci vlan_id port status mac_address (from the cmdb_ci field in the Network Infrastructure Item [discovery_net_base] table) SNMP - Switch - Vlan This probe returns VLAN IDs from a network switch and these OIDs: iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable vtpVlanState iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipSummaryTable vmMembershipSummaryVlanIndex,vmMembershipSummaryMemberPorts,vmMembershipSummaryMember2kPorts iso.org.dod.internet.private.enterprises.juniperMIB.jnxMibs.jnxExMibRoot.jnxExSwitching.jnxExVlan.jnxVlanMIBObjects.jnxExVlanTable jnxExVlanTag iso.org.dod.internet.mgmt.mib-2.system.sysDescr Other switch types are not supported.