Hi  @ZoloNN 

 Here are the possible reasons:

• Inconsistent Data Statistics Range
  • The statistics of the Controller's Known clients and Clients may adopt different criteria, resulting in different numbers and mismatches with the Router's statistical results.
• Different Data Update Frequencies
  • The Controller and the Router may have different data update mechanisms, resulting in statistics at different time points, making the statistical results inconsistent. For instance, the Controller may update more slowly, while the Router's SNMP or Nmap scan results are the latest, thus resulting in different numbers of clients.
  • Different tools may have different network detection mechanisms and frequencies, leading to differences in the client information they capture during statistics. For example, Nmap's Quick Scan may be more capable of detecting newly joined clients in a timely manner than SNMP, resulting in a higher statistical number of Nmap.
• Network Environment Complexity
  • Some clients in the network may be in an unstable state at certain times, such as intermittent connections or being temporarily blocked by firewalls or security policies, and different statistical tools handle such clients differently. For example, the Controller may exclude temporarily unavailable clients from statistics, while Nmap's Quick Scan may consider them as online clients.
  • The mixture of static IPs and DHCP-assigned IPs in the network may cause confusion, and different tools handle these IPs differently, resulting in different statistical results. Meanwhile, the lack of a clear DHCP-assigned IP list may lead to inaccurate client number statistics because it is not clear which clients are newly assigned via DHCP.
• Differences in Statistical Algorithms and Filtering Rules
  • The Controller may have its own client identification and filtering rules, while the Router's SNMP or Nmap has different algorithms. For example, the Controller may filter out some clients that it deems inactive or not meeting specific conditions, while SNMP may count them in the statistics.
  • Different tools may not handle duplicate counting of the same client properly. For example, some tools may consider a client that disconnects briefly and reconnects as a new client, while others may not.

Side note: this topic is not a feature request. Next time, you'd better go to router block to get a faster and more professional answer.

Hi @Vincent-TP 

I fully understand, that Controller can be not always on latest numbers, but I definitely can't understand, why the client list on router directly isn't up to date.

and what I can't absolutely understand, why there is no table with actual DHCP leases. even the (excuse my french) stupidest 20$ home router can do this and I've tried address this here, and later my similar observation here - which has no replies, just 157 views. that's the reason why I've put my question here to catch the attention (sorry for that). 

current numbers from Site 1:

Nmap: 75 devices, where 32 are from DHCP range

Router SNMP query: 33 devices, where 17 are from DHCP range

regarding your remarks about network complexity, the networks are "plain" one IP subnet networks without firewall in-between, cross-connected via pfSense site2site WireGuard (reason for usage of pfSense is here)

my suggestion is to make the router's DHCP list accessible at least via SNMP. 

Hi @ZoloNN

You scanned via Nmap, did you scan the whole subnet including the remote VPN site?

Run show arp and see what it reports. That should be the real local devices. You should get a clear view from that. Other tools are not accurate.

ARP contains the cache. I don't know how ASUS/merlin processes that. At least, I don't think they show the clients based on ARP.

Hi @Clive_A,

Clive_A wrote

You scanned via Nmap, did you scan the whole subnet including the remote VPN site?

 

Run show arp and see what it reports. That should be the real local devices. You should get a clear view from that. Other tools are not accurate.

ARP contains the cache. I don't know how ASUS/merlin processes that. At least, I don't think they show the clients based on ARP.

RE Nmap scan:

yes, 've scanned whole subnets in form of "192.168.xx.0/23"

RE arp cache:

arp has nothing to do with DHCP! arp protocol is initiated only when router wants to communicate with device, or device with router. and I definitely doubt, that any router makes regularly arp discovery of network.......

currently nmap detects on Site 1 73 active IPs, "show arp" outputs 31 hosts (including hosts with static IPs and upstream ISP router)

looking around the controller UI I've found, that router notifies the controller about every IP assigned via DHCP (Site Menu -> Logs -> Events -> Device), so the controller has all the information needed to show this info in separate table - like (not only) the Asus does.

all DCCP servers must keep track of all assigned IPs with remaining validity time, so there is IMHO absolutely no reason to hide it from admins

BTW: I'm freelance Windows Server and VMware admin