Why are many BACnet controllers sending out Who-Is requests for a Cyberstation that is Offline and been removed from the Database?
Even though the Cyberstation Device object has been removed from the database, there are probably still references to it in the various controllers in the field. If this Cyberstation was the recipient of BACnet alarms from these controllers then they may still have its Device ID as a delivery recipient and send out the Who-Is packets to locate this device.
There are a couple things that can be done to fix this problem, basically the reference to this device needs to be removed from every controller.
- Make sure to perform a global teach, this should fix up most of the routing tables.
- The next thing to do is to reload any and all affected controllers. (You can use Wireshark to determine which controller are sending the who is requests, see details below.)
In the attached packet capture here, you'll find details of the Who-Is packet and the NPDU layer that show the details that you will be looking for to identify the source of the packet. A filter of "bacapp && (bacapp.unconfirmed_service == 😎 && (bacapp.who_is.low_limit == 199)" was used in this example to focus on the Who-Is packets being directed to device 199.