Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
4
Replies

software auto discovery over trunks

mikeschriver
Level 1
Level 1

‎05-20-2020 06:26 PM

There have been many times we have to setup devices and the device software uses a discovery tool to auto detect for initial configuration.  For example our security cameras, we have a dedicated vlan for which spans many switches/buildings.  To use the camera discovery tool we have to use the tool from a machine that is on the same switch as the camera we are setting up.  Not a big deal as we have gotten by this way no problem.  Once the camera is given and IP we can place it anywhere in our network on that vlan and it works fine.

 

Well we now have a situation where the software has to use auto-discovery every time it starts in order to detect the devices and display them within the software.  Works great while all cameras are on the same switch but as soon as we place a camera in another building the discovery doesn't work.  I don't know much about the software but we are trying to get information from the vendor on this.  We are able to IP these cameras off the single switch.  When I move them to another switch I can ping and browse to it (HTTP) but the software will not pull it in.  There is no way to direct the software to the IP either, it has to use it's built in discovery to find the cameras.

Can anyone clue me into what might be going on here?  All of my searches are coming up with nothing.  I'm thinking I just need to know the right thing to search for but am clueless :(

 

Info of network:

Catalyst 2960x's distribution switches

Catalyst 3650 doing the routing (even though routing is not coming into play here)

 

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-21-2020 01:10 AM - edited ‎05-21-2020 01:15 AM

Hello @mikeschriver ,

you need to understand how this SW discovery happens.

For this purpose you can use a SPAN monitoring session with source port = a video camera port and destination port = a port where you connect a PC with wireshark running to perform packet capture.

 

The only suggestion is to verify if you use VTP in this case if VTP pruning is enabled for the video CAM Vlans the unknown unicast MAC addresses are not flooded over trunk ports.

In other words if the server remembers the camera MAC address and attempts to send a frame with a unicast destination = Camera MAC before the camera has sent a frame that frame would be treated as unknown unicast and should be treated as a broadcast.

If the downstream switch has an empty MAC table for the CAM Vlan it sends VTP prune messages upstream to avoid to receive frames.

This does not happen when all devices are connected to a single switch in this case VTP pruning has no effect.

 

If all your switches are in VTP transparent mode try to perform the packet capture and to get information from the vendor the discovery may be using some form of multicast and you may need an IGMP querier to make IGMP snooping to work well (but this would be valid also for a single switch scenario so it is just an example)

 

In the past I had a case where a vendor of medical appliances was using a non IP proprietary protocol but sending the frames over  dedicated to IPv4  multicast MAC addresses this triggered IGMP snooping. To make it work after packet capture we had to disable IGMP snooping for that specific Vlan as being not IP no device was answering to IGMP queries causing the switches to block this traffic treating it unwanted IPv4 multicast traffic.

 

Hope to help

Giuseppe

 

0 Helpful

mikeschriver
Level 1
Level 1
In response to Giuseppe Larosa

‎05-22-2020 06:15 AM

Hi Giuseppe,

 

First thanks for your reply.  I believe you are onto something for sure.  I did a packet capture and can see the main tricaster server sending multicast packets.  

 

So to answer some of your points above all our switches are on a VTP domain with manual pruning.  I believe this solves any auto pruning issues since I could not ping the cameras across the network until I manually allowed that Vlan over each trunk port.

 

I did find this information about the vendors autodiscovery...  https://support.newtek.com/hc/en-us/articles/218109477-NDI-Discovery-and-Registration

 

So the discovery is using multicast as you suspected (mDNS).  Now I just have to figure out how to configure things so these multicast packets reach the devices.  I have some learning to do here so if you know anything that may speed up my learning curve I am all ears :)

 

I'm thinking I need to make some settings on our layer 3 switch so IGMP works differently on that Vlan?

 

Again thanks for you pointing me in the right direction!  I'll post more if/when I resolve this.

 

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mikeschriver

‎05-22-2020 07:50 AM

Hello @mikeschriver ,

from the document you have linked:

 

>>

The mDNS Ethernet frame is a multicast UDP packet that broadcasts to[1]:

  • MAC address 01:00:5E:00:00:FB(for IPv4) 
  • IPv4 address 224.0.0.251
  • UDP port 5353

This is good news as IGMP snooping does not block link local multicast addresses 224.0.0.X.

So this should work even with IGMP snooping enabled and without a querier.

To have a working setup of IGMP snooping you need either:

a router or multilayer switch with multicast routing enabled with PIM enabled on the Vlan and IGMP to act as an IGMP querier or a switch that is configured to act as the IGMP snooping querier that is to be a subset of a multicast router and to send IGMP general queries on the VLan so that all switches can use IGMP snooping to create correct L2 distribution list of ports for each multicast group.

Note1:

if each camera sends a multicast stream out of 224.0.0.X you need the querier/ IGMP snooping querier

Note2:

be aware that VTP auto pruning is actually a different thing then the so called manual pruning.

 

Configuring manually the list of allowed Vlans on a trunk limits the number of STP instances running over it ( if using PVST or Rapid PVST).

VTP auto prune refers to suppression of BUM traffic for Vlans permitted over the trunk where the downstream switch has no clients over it. VTP auto prune does not limit the number of STP instances running on the trunk and on the switch.

 

Hope to help

Giuseppe

 

 

0 Helpful

mikeschriver
Level 1
Level 1
In response to Giuseppe Larosa

‎06-17-2020 06:19 AM

I tried to turn on snooping querier on just the vlan needed but found I need to turn it on globally.  So turning it on globally "ip igmp snoop querier" actually fixes the problem instantly and all the cameras come in fine.  Problem I have now is by turning it on globally is affecting our digital two way radios that work on another vlan.

 

Is there a way to make this setting take affect only on that one vlan?   I tried the command: "ip igmp snooping vlan 123 querier" 

but get a message "Command did not take effect due to reason: IGMP switch querier is globally disabled."

 

So I don't understand if turning it on globally is required and activates the querier for all vlans, then why is there even a command to enable it per vlan?

 

Thanks ahead of time for trying to straighten out this obvious multicast rookie.   :(  I'm feeling completely ignorant lately with this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card