Hi Shaun,
Thus, if I not misunderstood your explanation, NetEdit collects/receives LLDP capabilities information from any neighbor devices not necessarily contacting (discovering) directly a specific device first (provided the device we are referring to belongs to a managed subnet) and then it filters only those ones that are being reported with ROUTER or SWITCH capability, only against those devices NetEdit applies the discovery process contacting them directly according to credentials it should have already configured.
So, if I'm not in error, it's a sort of two steps process: filtering devices with matching advertised LLDP Capabilities and then contacting them (logging into) through what you call "discovery".
Given the logic you explained shouldn't the message logged for any ROUTER/SWITCH capable device outside managed subnet(s) be properly rephrased as:
IP 10.0.4.99 not be discovered since it is not within any managed subnet.
instead?
But with such type of logged message we're supposing that a discovery attempt happened when instead it shouldn't have happened at all given the conditions explained.
I mean, if - as you wrote - the discovery process acts iteratively only within managed subnet(s) defined into NetEdit (about which credentials to devices are also properly defined) then NetEdit should not log a message saying that a particular device is not discovered because preliminarily it doesn't own matching credentials (exactly because matching credentials are supposed to be bound to managed subnet(s) only).
And to drill down it a little bit more...since you wrote that "...the check for the IP appearing within a managed subnet appears after the check for capabilities (we only discover neighbors with ROUTER/SWITCH capabilities)" I ask if the logged message should not be instead be totally different in terms of completeness (being dependent on the fact that first collected advertised LLDP capabilities are assessed and then, if matched, only device within managed subnet(s) will be really contacted/discovered):
IP 10.0.4.99 Advertised as LLDP ROUTER/SWITCH but will not be discovered since it is not within any managed subnet.