vmps-devel Mailing List for OpenVMPS
Brought to you by:
dori_seliskar
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
|
Oct
|
Nov
(2) |
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
|
Mar
(15) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(15) |
Dec
|
2006 |
Jan
|
Feb
|
Mar
(11) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(4) |
Dec
(1) |
2007 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Hermann L. <Her...@iw...> - 2007-04-02 13:47:04
|
Hello, I'm using vmps on solaris 9 and 10, and while I'm recompiled it for solaris 10 I found again I need the appended patch to prevent the bailing out of vmpsd on printing NULL vlans. Please consider including this or a equivalent patch or tell me, if I'm doing something wrong. Thanks, greetings Hermann --- vmpsd/vqp.c.orig Tue Aug 3 14:54:04 2004 +++ vmpsd/vqp.c Wed Nov 17 19:32:33 2004 @@ -182,7 +182,7 @@ void print_action(VQP_REQUEST *r, char *str, char *vlan_name) { - + if(!vlan_name) vlan_name="<NULL>"; vmps_log(VQP|INFO, "%s: %02x%02x%02x%02x%02x%02x -> %s, switch %s port %s", str, r->mac[0], r->mac[1], r->mac[2], r->mac[3], r->mac[4], r->mac[5], -- Netzwerkadministration/Zentrale Dienste, Interdiziplinaeres Zentrum fuer wissenschaftliches Rechnen der Universitaet Heidelberg IWR; INF 368; 69120 Heidelberg; Tel: (06221)54-8236 Fax: -5224 Email: Her...@iw... |
From: Sean B. <se...@bo...> - 2006-12-01 09:31:09
|
> What I do not > understand is > how to specify what syslog facility to specify? Would you be > able to help > in that regard? Is it a setting in vmpsd, syslog or both? in log.c there is line that calls openlog with "LOG_LOCAL6", so change this to the facility you want and recompile > > My syslog.conf is as follows; to get facility local6 in syslog.conf: local6.* /var/log/openvmps.log (you must have TABS between the two fields). Then restart syslog. Sean |
From: Marc B. <mwb...@gm...> - 2006-11-29 22:59:45
|
AFAIK you'll need to modify the source to change the facility vmpsd logs to, I believe it is in log.c or log.h (I would check, but I don't have the source available to me at the moment). I think this would be a good thing to have configurable via either command line or config file. -Marc On 11/29/06, Ray H <ra...@me...> wrote: > > Hello Sean, thank you for the fast response. I see how and where to set > logging level when the vmpsd is started, -l. What I do not understand is > how to specify what syslog facility to specify? Would you be able to help > in that regard? Is it a setting in vmpsd, syslog or both? > > My syslog.conf is as follows; > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > authpriv.* /var/log/secure > mail.* -/var/log/maillog > cron.* /var/log/cron > *.emerg * > uucp,news.crit /var/log/spooler > local7.* /var/log/boot.log > > We start vmpsd by the absolute path /usr/local/bin/vmpsd, no extra options > and it knows where the db file is and I believe the logging level is at > informational in /var/log/messages. According to the man page it says you > must specify the db file but we do not. Any help would be greatly > appreciated. > > V/r, > Ray H. > > > > > I'd suggest tweaking openvmps to log to 'local7' or some unused syslog > > level, and then adapting /etc/syslog.conf to log local7.* to a separate > > file. > > > > Sean > > > > P.S. As an openvmps user please also consider visiting freenac.net, you > > may > > be interested in the OpenVMPS +mysqlbackend + GUI that we have built. > > > > > > > >> Hello all, I hope this has been done before but I want to log all vmps > >> data that currently logs to /var/log/messages to a different file, say > >> /var/log/vmps.log. I'm running RHEL4 default syslog and > >> latest version of > >> openvmps. > >> > >> V/r, > >> Ray H. > > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: Ray H <ra...@me...> - 2006-11-29 19:39:25
|
Hello Sean, thank you for the fast response. I see how and where to set logging level when the vmpsd is started, -l. What I do not understand is how to specify what syslog facility to specify? Would you be able to help in that regard? Is it a setting in vmpsd, syslog or both? My syslog.conf is as follows; *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log We start vmpsd by the absolute path /usr/local/bin/vmpsd, no extra options and it knows where the db file is and I believe the logging level is at informational in /var/log/messages. According to the man page it says you must specify the db file but we do not. Any help would be greatly appreciated. V/r, Ray H. > > I'd suggest tweaking openvmps to log to 'local7' or some unused syslog > level, and then adapting /etc/syslog.conf to log local7.* to a separate > file. > > Sean > > P.S. As an openvmps user please also consider visiting freenac.net, you > may > be interested in the OpenVMPS +mysqlbackend + GUI that we have built. > > > >> Hello all, I hope this has been done before but I want to log all vmps >> data that currently logs to /var/log/messages to a different file, say >> /var/log/vmps.log. I'm running RHEL4 default syslog and >> latest version of >> openvmps. >> >> V/r, >> Ray H. > |
From: Sean B. <se...@bo...> - 2006-11-29 17:51:04
|
I'd suggest tweaking openvmps to log to 'local7' or some unused syslog level, and then adapting /etc/syslog.conf to log local7.* to a separate file. Sean P.S. As an openvmps user please also consider visiting freenac.net, you may be interested in the OpenVMPS +mysqlbackend + GUI that we have built. > Hello all, I hope this has been done before but I want to log all vmps > data that currently logs to /var/log/messages to a different file, say > /var/log/vmps.log. I'm running RHEL4 default syslog and > latest version of > openvmps. > > V/r, > Ray H. |
From: Ray H <ra...@me...> - 2006-11-29 14:28:28
|
Hello all, I hope this has been done before but I want to log all vmps data that currently logs to /var/log/messages to a different file, say /var/log/vmps.log. I'm running RHEL4 default syslog and latest version of openvmps. V/r, Ray H. |
From: <ed...@po...> - 2006-04-27 02:37:26
|
Thanks for the info. Regards, Elton ==============Original message text=============== On Wed, 26 Apr 2006 15:26:31 +1000 Dori Seliskar wrote: Dne sreda 26 april 2006 05:43 je ed...@po... napisal(a): > Gday all, > I was just wondering, > Within the source, which is the file that reads the config info from text > database? I am not > crash hot at C and am struggling to follow the code. > > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel parser.c br, ds ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________ Vmps-devel mailing list Vmp...@li... https://lists.sourceforge.net/lists/listinfo/vmps-devel ===========End of original message text=========== |
From: Dori S. <Dor...@de...> - 2006-04-26 05:25:31
|
Dne sreda 26 april 2006 05:43 je ed...@po... napisal(a): > Gday all, > I was just wondering, > Within the source, which is the file that reads the config info from text > database? I am not > crash hot at C and am struggling to follow the code. > > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel parser.c br, ds |
From: <ed...@po...> - 2006-04-26 03:43:25
|
Gday all, I was just wondering, Within the source, which is the file that reads the config info from text database? I am not crash hot at C and am struggling to follow the code. |
From: Sean B. <se...@bo...> - 2006-03-15 06:39:05
|
Hi, I have several 3 sites running VMPS with MySQL as a backend. I use a PHP script called as an external to OpenVMPS, and have written many additonal PHP programs for improvement management and usability, including a windows based GUI front end. I once noted this on this OpenVMPS-devel list, but did not get feedback, there seems to be very little interest in VMPS at the moment. Probably because 802.1x is on the rise. A DB schema is attached. If there is sufficient interest I can start the process (here) to publish the scripts. Regards, Sean Boran > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > ed...@po... > Sent: mercredi, 15. mars 2006 05:12 > To: vmp...@li... > Subject: Re: [OpenVMPS-devel] Installation and Software creation > > I have taken a look in the external folder(within the source) > I only have > a simple script and readme. I have OpenVMPS 1.3. Is there > something else > that I should look at downloading? > The readme only indicates that there should be the simple script. > > Please excuse my ignorence. This is my first experience in > working with > C, Unix and VMPS. > > ==============Original message text=============== > On Wed, 15 Mar 2006 12:58:39 +1000 Marc Bourgeois wrote: > > To the best of my knowledge all MySQL extentions have been > implemented as > external scripts (see external folder of development tree). > I currently > have one, although it is very site specific. > > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > ed...@po... > Sent: Tuesday, March 14, 2006 8:27 PM > To: vmp...@li... > Subject: [OpenVMPS-devel] Installation and Software creation > > Hello. > I am creating an application of centrally manage multiple > VMPS sites. The > software will be made open source once finished to the point > that i need it. > First thing i need to do is make OpenVMPS interface with a > remote MySQL > database rather then using the flat textfile that it does at > the moment. I > read earlier in the thread that there is a MySQL plugin. > Where would i find > this? > > I am also wondering if there are any detailed OpenVMPS installation > instructions around? I have never done an installation of > this and i think > it would help my understanding of how this project has to > come together. I > am finding it really hard to find usefull documentation about > installation > and available resources. > > Anyone have any good resources that I can use? > > Cheers, > Elton > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking > scripting language > that extends applications into web and mobile media. Attend > the live webcast > and join the prime developer group breaking into this new > coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720& > dat=121642_______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking > scripting language > that extends applications into web and mobile media. Attend > the live webcast > and join the prime developer group breaking into this new > coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720& > dat=121642_______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > ===========End of original message text=========== > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking > scripting language > that extends applications into web and mobile media. Attend > the live webcast > and join the prime developer group breaking into this new > coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720& > dat=121642 > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: <ed...@po...> - 2006-03-15 04:12:22
|
I have taken a look in the external folder(within the source) I only have a simple script and readme. I have OpenVMPS 1.3. Is there something else that I should look at downloading? The readme only indicates that there should be the simple script. Please excuse my ignorence. This is my first experience in working with C, Unix and VMPS. ==============Original message text=============== On Wed, 15 Mar 2006 12:58:39 +1000 Marc Bourgeois wrote: To the best of my knowledge all MySQL extentions have been implemented as external scripts (see external folder of development tree). I currently have one, although it is very site specific. -----Original Message----- From: vmp...@li... [mailto:vmp...@li...] On Behalf Of ed...@po... Sent: Tuesday, March 14, 2006 8:27 PM To: vmp...@li... Subject: [OpenVMPS-devel] Installation and Software creation Hello. I am creating an application of centrally manage multiple VMPS sites. The software will be made open source once finished to the point that i need it. First thing i need to do is make OpenVMPS interface with a remote MySQL database rather then using the flat textfile that it does at the moment. I read earlier in the thread that there is a MySQL plugin. Where would i find this? I am also wondering if there are any detailed OpenVMPS installation instructions around? I have never done an installation of this and i think it would help my understanding of how this project has to come together. I am finding it really hard to find usefull documentation about installation and available resources. Anyone have any good resources that I can use? Cheers, Elton ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642_______________________________________________ Vmps-devel mailing list Vmp...@li... https://lists.sourceforge.net/lists/listinfo/vmps-devel ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642_______________________________________________ Vmps-devel mailing list Vmp...@li... https://lists.sourceforge.net/lists/listinfo/vmps-devel ===========End of original message text=========== |
From: Marc B. <mwb...@wi...> - 2006-03-15 02:58:39
|
To the best of my knowledge all MySQL extentions have been implemented as external scripts (see external folder of development tree). I currently have one, although it is very site specific. -----Original Message----- From: vmp...@li... [mailto:vmp...@li...] On Behalf Of ed...@po... Sent: Tuesday, March 14, 2006 8:27 PM To: vmp...@li... Subject: [OpenVMPS-devel] Installation and Software creation Hello. I am creating an application of centrally manage multiple VMPS sites. The software will be made open source once finished to the point that i need it. First thing i need to do is make OpenVMPS interface with a remote MySQL database rather then using the flat textfile that it does at the moment. I read earlier in the thread that there is a MySQL plugin. Where would i find this? I am also wondering if there are any detailed OpenVMPS installation instructions around? I have never done an installation of this and i think it would help my understanding of how this project has to come together. I am finding it really hard to find usefull documentation about installation and available resources. Anyone have any good resources that I can use? Cheers, Elton ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Vmps-devel mailing list Vmp...@li... https://lists.sourceforge.net/lists/listinfo/vmps-devel |
From: <ed...@po...> - 2006-03-15 02:26:48
|
Hello. I am creating an application of centrally manage multiple VMPS sites. The software will be made open source once finished to the point that i need it. First thing i need to do is make OpenVMPS interface with a remote MySQL database rather then using the flat textfile that it does at the moment. I read earlier in the thread that there is a MySQL plugin. Where would i find this? I am also wondering if there are any detailed OpenVMPS installation instructions around? I have never done an installation of this and i think it would help my understanding of how this project has to come together. I am finding it really hard to find usefull documentation about installation and available resources. Anyone have any good resources that I can use? Cheers, Elton |
From: Phil M. <p.m...@im...> - 2006-03-14 00:58:52
|
Phil Mayers wrote: > All, > > Please find attached a patch that adds an "--enable-tdb" feature. This Ahem - patch now attached :o) |
From: Phil M. <p.m...@im...> - 2006-03-14 00:58:15
|
All, Please find attached a patch that adds an "--enable-tdb" feature. This wholly replaces the vlan.db file with a vlan.tdb file (path currently hardcoded - bad I know). The patch is more than a little rough around the edges. (TDB is a DBM-like multiple-reader/single-writer binary DB, used by projects such as Samba, pppd, etc. You can update the TDB whilst the vmpsd is running. We were concerned about possible performance issues with running external plugins, but still wanted fast updates, so we are planning to use an SQL watcher + incremental updates to the TDB) Entries are looked for in the TDB in the following formats: IN:switchip:portname:mac IN:switchip:*:mac IN:*:*:mac IN:switchip:portname:* IN:switchip:*:* (including a terminating NULL on the string). So, you could do this: ./configure --enable-tdb make ./vmpsd -p 3000 -d -f /etc/vmps/db & tdbtool tdb> create vlan.tdb tdb> insert IN:*:*:112233445566 FOOBAR tdb> insert IN:127.0.0.1:*:112233445577 BAZBAN tdb> q Then run: $ tools/vqpcli.pl -s localhost -p 3000 -m 1122.3344.5566 Vlan: FOOBAR MAC Address: 112233445566 Status: ALLOW looking for[32]: IN:127.0.0.1:Fa0/1:112233445566 looking for[28]: IN:127.0.0.1:*:112233445566 looking for[20]: IN:*:*:112233445566 found[7]: FOOBAR ALLOW: 112233445566 -> FOOBAR, switch 127.0.0.1 port Fa0/1 As far as I can tell it ought to be possible to implement most of the same policies as the file-backed store, though you have to flatten them out somewhat. The patch also adds an argument to vqpcli.pl for port number, fixes the SNMP linking and contains a patch to accept VMPS from any domain for multi-domain operation (we have a need for such). Hope someone finds this useful, thanks for the excellent software Phil |
From: David L. <dav...@ca...> - 2006-03-07 20:41:01
|
I have loaded OpenVMPS into /tmp on my Suse 9.1 box. I have copied my Cisco VMPS file over to /tftpboot. From here I am lost. Is there a README or INSTALL file or other docs that will give me installation and configuration information? I have looked thru the files created by the OpenVMPS tarball but did not find any specific info relating to installation and configuration. Also, I do not have a vlan.db.example file to test with. The compile was flawless and without errors. Has that been removed from the 0.3 version? Thanks, This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. |
From: Sean B. <se...@bo...> - 2005-11-22 14:36:00
|
Hi, I'd should have posted a followup... in fact I was not separating stdin/out properly. Its working fine and looks like below. In fact its now quite intelligent and detects hubs (assigning a vlan based on a lookupto see what vlan is already active on a port), and allows a default vlan to be set per port (if needed). I can share code if its of interest, but its very specific to my setup/DB here.. Sean logit("Connect to DB" ); db_connect(); while (true) { $in = fopen("php://stdin", "r"); $out = fopen("php://stdout", "w"); if ($out and $in) { $line=rtrim( fgets($in, 1024) ); if (strlen($line) > 0) { list($domain, $switch, $port, $lastvlan, $mac)=explode(" ", $line); // The meat come here, decisional logic } fclose($in); fclose($out); #sleep(1); # wait 1 secs, before retrying } logit("Log /DB close, reconnect"); mysql_close($connect); ?> > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > David Smith > Sent: mardi, 22. novembre 2005 13:39 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] External program: answer not > being accepted > > What I have is based differently. Can you try changing your > application? > > $fd = fopen("php://stdin", "r"); > while (true) { > $line=rtrim( fgets($fd, 1024) ); > if (strlen($line) > 0) { > list($domain, $switch, $port, $lastvlan, > $mac)=explode(" ", $line); > echo("ALLOW $lastvlan\n"); > flush(); // don't know if this needed, but doesn't > seem to matter > } > } > fclose($fd); > > > The program will block on the read string until it gets > passed something. > > The external application starts at the same time as vmpsd, or > at least the > first time it's used. > > The flush is required, maybe needing to specify stdout?? > > Dave > System Administrator > m/v Africa Mercy > Mercy Ships > tel: 0191 483 8413 ex 108 > fax: 0870 460 0764 > > > > -----Original Message----- > > From: vmp...@li... > > [mailto:vmp...@li...] On Behalf Of > > Sean Boran > > Sent: 04 November 2005 15:27 > > To: vmp...@li... > > Subject: [OpenVMPS-devel] External program: answer not > being accepted > > > > > > Hi, > > > > I've having problems getting a basic external plug-in to work. > > > > I have a simple PHP script: > > > > while (true) { > > $fd = fopen("php://stdin", "r"); > > > > $line=rtrim( fgets($fd, 1024) ); > > if (strlen($line) > 0) { > > list($domain, $switch, $port, $lastvlan, > > $mac)=explode(" ", $line); > > echo("ALLOW $lastvlan\n"); > > flush(); // don't know if this needed, but doesn't > > seem to matter > > } > > fclose($fd); > > sleep(1); # wait 1 secs, before retrying > > } > > > > The data arrives OK, but what I send back never seems to be > > sent by vmpsd, > > I've tried > > echo("ALLOW $lastvlan\n\n"); > > echo("ALLOW $lastvlan\n"); > > echo("ALLOW $lastvlan"); > > > > but no luck. > > > > IN vmpsd's external.c is seems to happen around here: > > write(tocli[1], str, strlen(str)); > > n = readline(fromcli[0], buf, 255); > > The first line seems to work fine, the second never comes back. > > I added in > > vmps_log(VQP|DEBUG, ">>>> Sending: %s ", str); > > before the "write" line and this works. > > > > When I look at the code for readline() it seems to read char > > by char until > > it hits 255 or \n. So it should work. > > > > In syslog I see: > > > > Nov 3 23:04:37 INOCESvmps1 vmpsd: > ================================== > > Nov 3 23:04:37 INOCESvmps1 vmpsd: VQP Request > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Unknown: 1 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Request Type: 1 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Response: 0 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: No. Data Items: 6 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Sequence No.: 4660 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Client IP address: 193.111.222.1 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Port name: Fa0/17 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Vlan name: test > > Nov 3 23:04:37 INOCESvmps1 vmpsd: Domain name: Domain > > Nov 3 23:04:37 INOCESvmps1 vmpsd: MAC address: 080020b0cb95 > > Nov 3 23:04:37 INOCESvmps1 vmpsd: >>>> Sending: Domain > > 193.111.222.1 Fa0/17 > > switch1 0800.20b0.cb95 > > > > My external sends back: "ALLOW test", but vmpsd never sees it > > arriving and > > vmpsd just sits there waiting. > > > > Any sugsestions /tips? > > > > Thanks, > > > > Sean > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or > your very own > > Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. Get Certified Today > Register for a JBoss Training Course. Free Certification Exam > for All Training Attendees Through End of 2005. For more info visit: > http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: David S. <dav...@me...> - 2005-11-22 12:39:33
|
What I have is based differently. Can you try changing your application? $fd = fopen("php://stdin", "r"); while (true) { $line=rtrim( fgets($fd, 1024) ); if (strlen($line) > 0) { list($domain, $switch, $port, $lastvlan, $mac)=explode(" ", $line); echo("ALLOW $lastvlan\n"); flush(); // don't know if this needed, but doesn't seem to matter } } fclose($fd); The program will block on the read string until it gets passed something. The external application starts at the same time as vmpsd, or at least the first time it's used. The flush is required, maybe needing to specify stdout?? Dave System Administrator m/v Africa Mercy Mercy Ships tel: 0191 483 8413 ex 108 fax: 0870 460 0764 > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > Sean Boran > Sent: 04 November 2005 15:27 > To: vmp...@li... > Subject: [OpenVMPS-devel] External program: answer not being accepted > > > Hi, > > I've having problems getting a basic external plug-in to work. > > I have a simple PHP script: > > while (true) { > $fd = fopen("php://stdin", "r"); > > $line=rtrim( fgets($fd, 1024) ); > if (strlen($line) > 0) { > list($domain, $switch, $port, $lastvlan, > $mac)=explode(" ", $line); > echo("ALLOW $lastvlan\n"); > flush(); // don't know if this needed, but doesn't > seem to matter > } > fclose($fd); > sleep(1); # wait 1 secs, before retrying > } > > The data arrives OK, but what I send back never seems to be > sent by vmpsd, > I've tried > echo("ALLOW $lastvlan\n\n"); > echo("ALLOW $lastvlan\n"); > echo("ALLOW $lastvlan"); > > but no luck. > > IN vmpsd's external.c is seems to happen around here: > write(tocli[1], str, strlen(str)); > n = readline(fromcli[0], buf, 255); > The first line seems to work fine, the second never comes back. > I added in > vmps_log(VQP|DEBUG, ">>>> Sending: %s ", str); > before the "write" line and this works. > > When I look at the code for readline() it seems to read char > by char until > it hits 255 or \n. So it should work. > > In syslog I see: > > Nov 3 23:04:37 INOCESvmps1 vmpsd: ================================== > Nov 3 23:04:37 INOCESvmps1 vmpsd: VQP Request > Nov 3 23:04:37 INOCESvmps1 vmpsd: Unknown: 1 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Request Type: 1 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Response: 0 > Nov 3 23:04:37 INOCESvmps1 vmpsd: No. Data Items: 6 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Sequence No.: 4660 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Client IP address: 193.111.222.1 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Port name: Fa0/17 > Nov 3 23:04:37 INOCESvmps1 vmpsd: Vlan name: test > Nov 3 23:04:37 INOCESvmps1 vmpsd: Domain name: Domain > Nov 3 23:04:37 INOCESvmps1 vmpsd: MAC address: 080020b0cb95 > Nov 3 23:04:37 INOCESvmps1 vmpsd: >>>> Sending: Domain > 193.111.222.1 Fa0/17 > switch1 0800.20b0.cb95 > > My external sends back: "ALLOW test", but vmpsd never sees it > arriving and > vmpsd just sits there waiting. > > Any sugsestions /tips? > > Thanks, > > Sean > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: Sean B. <se...@bo...> - 2005-11-04 15:27:35
|
Hi, I've having problems getting a basic external plug-in to work. I have a simple PHP script: while (true) { $fd = fopen("php://stdin", "r"); $line=rtrim( fgets($fd, 1024) ); if (strlen($line) > 0) { list($domain, $switch, $port, $lastvlan, $mac)=explode(" ", $line); echo("ALLOW $lastvlan\n"); flush(); // don't know if this needed, but doesn't seem to matter } fclose($fd); sleep(1); # wait 1 secs, before retrying } The data arrives OK, but what I send back never seems to be sent by vmpsd, I've tried echo("ALLOW $lastvlan\n\n"); echo("ALLOW $lastvlan\n"); echo("ALLOW $lastvlan"); but no luck. IN vmpsd's external.c is seems to happen around here: write(tocli[1], str, strlen(str)); n = readline(fromcli[0], buf, 255); The first line seems to work fine, the second never comes back. I added in vmps_log(VQP|DEBUG, ">>>> Sending: %s ", str); before the "write" line and this works. When I look at the code for readline() it seems to read char by char until it hits 255 or \n. So it should work. In syslog I see: Nov 3 23:04:37 INOCESvmps1 vmpsd: ================================== Nov 3 23:04:37 INOCESvmps1 vmpsd: VQP Request Nov 3 23:04:37 INOCESvmps1 vmpsd: Unknown: 1 Nov 3 23:04:37 INOCESvmps1 vmpsd: Request Type: 1 Nov 3 23:04:37 INOCESvmps1 vmpsd: Response: 0 Nov 3 23:04:37 INOCESvmps1 vmpsd: No. Data Items: 6 Nov 3 23:04:37 INOCESvmps1 vmpsd: Sequence No.: 4660 Nov 3 23:04:37 INOCESvmps1 vmpsd: Client IP address: 193.111.222.1 Nov 3 23:04:37 INOCESvmps1 vmpsd: Port name: Fa0/17 Nov 3 23:04:37 INOCESvmps1 vmpsd: Vlan name: test Nov 3 23:04:37 INOCESvmps1 vmpsd: Domain name: Domain Nov 3 23:04:37 INOCESvmps1 vmpsd: MAC address: 080020b0cb95 Nov 3 23:04:37 INOCESvmps1 vmpsd: >>>> Sending: Domain 193.111.222.1 Fa0/17 switch1 0800.20b0.cb95 My external sends back: "ALLOW test", but vmpsd never sees it arriving and vmpsd just sits there waiting. Any sugsestions /tips? Thanks, Sean |
From: Sean B. <se...@bo...> - 2005-11-03 15:01:32
|
I've done more thinking, I think I'll write a PHP external plugin for the authorisation. The plugin would work as follows (aside from the used mac to vlan lookup): - receive a request for Mac XX on Port XX - Check DB to see if any other hosts are already authorised in the lat ZZ minutes on that port (i.e. there is a hub) - If yes, attribute the valn used by other hosts on the port, if it in an allowed pool - otherwise attribute the default vlan.. Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > Matthew Wilson > Sent: jeudi, 3. novembre 2005 15:46 > To: vmp...@li... > Subject: Re: [OpenVMPS-devel] Changing VLANs while the host > is connected > > We have the same problem. If a vlan is changed, the host > would need to > get a new ip before the host could communicate again. We minimalize > impact by reducing our dhcp lease times to a minimum. The > reason this > feature is important to us, is we use a vlan to quarantine virus > infected pcs. So if they are caught at our firewall sending > malicious > packets, then they are immediately quarantined in a vlan and the > malicious traffic immediately stops. > > However, shutting down the port via snmp would also help solve our IP > lease problem. If the port is shutdown for a few seconds and turned > back on, wouldn't that force the PC renew it's dhcp lease? At least > Windows XP would work this way, correct? This could help us > avoid the > time between when the vlan changes and when the ip address is renewed > (or pc is restarted). > > Also, in 1.3, after the vlan has changed in the config, vmps > sends the > DENY message, the switch stops sending a vqp request for that > port. So > after the DENY message, I see the same thing you do, Sean.... > > Thanks! > Matthew > > Sean Boran wrote: |
From: Matthew W. <mw...@ui...> - 2005-11-03 14:46:34
|
We have the same problem. If a vlan is changed, the host would need to get a new ip before the host could communicate again. We minimalize impact by reducing our dhcp lease times to a minimum. The reason this feature is important to us, is we use a vlan to quarantine virus infected pcs. So if they are caught at our firewall sending malicious packets, then they are immediately quarantined in a vlan and the malicious traffic immediately stops. However, shutting down the port via snmp would also help solve our IP lease problem. If the port is shutdown for a few seconds and turned back on, wouldn't that force the PC renew it's dhcp lease? At least Windows XP would work this way, correct? This could help us avoid the time between when the vlan changes and when the ip address is renewed (or pc is restarted). Also, in 1.3, after the vlan has changed in the config, vmps sends the DENY message, the switch stops sending a vqp request for that port. So after the DENY message, I see the same thing you do, Sean.... Thanks! Matthew Sean Boran wrote: >Hi, > >Here you are. > >the script is below. It also expects some settings in a file config.inc: > $snmpwalk="/usr/bin/snmpwalk -c mysecret1 "; # SNMP Read community > $snmpset ="/usr/bin/snmpset -c msecret2"; # SNMP Write community > >#!/usr/bin/php -f ><?php ># ># /opt/vmps/restart_port ># ># Use SNMP to connect to the Switch, check the port status (up/down), and ># reset the port (set down, then up). ># ># Example: ># /opt/vmps/restart_port 2/10 sw0503 ># ># 2005.9.30/Sean Boran ># >############################################################# > >$debug_flag1=true; >$debug_flag2=false; > >$catos=TRUE; >include_once "funcs.inc"; # Load settings & common functions >define_syslog_variables(); # not used yet, but anyway.. >openlog("check_port", LOG_PID | LOG_PERROR, LOG_LOCAL5); >#$snmpwalk="/opt/OV/bin/snmpwalk -c mysecret1 "; # SNMP Read community >#$snmpset ="/opt/OV/bin/snmpset -c mysecret2"; # SNMP Write community > ># ------------------ functions ---------------- >function get_switch_type($switch) >{ > global $snmpwalk, $debug_flag1, $debug_flag2, $catos; > $found=FALSE; > > ## Get all port status and find the one that interests us > debug2("$snmpwalk $switch system.sysDescr"); > $answer=explode("\n", syscall("$snmpwalk $switch system.sysDescr")); > for ($j = 0; $j < count($answer); $j++){ > debug2($answer[$j]); > > if (preg_match("/Invalid destination/", $answer[$j], $matches)) { > echo($answer[$j] . " - ABORTED.\n"); > exit(2); > > } else if (preg_match("/Timeout: No Response/", $answer[$j], >$matches)) { > echo($answer[$j] . " - ABORTED.\n"); > exit(2); > > } else if (preg_match("/Internetwork Operating System/", $answer[$j], >$matches)) { > $catos=FALSE; > $found=TRUE; > debug1('IOS !'); > > } else if (preg_match("/Catalyst Operating System/", $answer[$j], >$matches)) { > $catos=TRUE; > $found=TRUE; > debug1('CATOS !'); > } > } > > if (found==FALSE) { > echo("ABORTED: Could not contact switch, or unknown Switch (neither >IOS nor CATOS).\n"); > echo($answer[$j]); > exit(2); > } >} > > >function get_port_status($port_index, $switch) >{ > global $snmpwalk, $debug_flag1, $debug_flag2; > $result=''; > > // use index to check port status > if ($port_index>0 ) { > debug2("Index=$port_index"); > $mymatch="ifEntry.ifAdminStatus.$port_index : INTEGER:"; > > ## Get all port status and find the one that interests us > $stat_list=explode("\n", syscall("$snmpwalk $switch ifAdminStatus")); > > for ($j = 0; $j < count($stat_list); $j++){ > #debug1($stat_list[$j]); > # Invalid smp will give "no MIB objects contained under subtree." > if (preg_match("/$mymatch (.+)/", $stat_list[$j], $matches)) { > debug1("STATUS " . $matches[1]); > $result=$matches[1]; > } // if match > } > } > return $result; >} > > > >function restart_port($port_index, $switch) >{ > global $snmpset, $debug_flag1, $debug_flag2; > $result=''; > > // use index to check port status > if ($port_index>0 ) { > # Example > # /opt/OV/bin/snmpset -c MYSECRET SWITCHNAME ifAdminStatus.18 integer 2 > > $cmd="$snmpset $switch ifAdminStatus.$port_index integer 2"; // down > $answer=explode("\n", syscall($cmd)); > for ($j = 0; $j < count($answer); $j++){ > debug1($answer[$j]); > } > #get_port_status($port_index, $switch); > > $cmd="$snmpset $switch ifAdminStatus.$port_index integer 1"; // up > $answer=explode("\n", syscall($cmd)); > for ($j = 0; $j < count($answer); $j++){ > debug1($answer[$j]); > } > #get_port_status($port_index, $switch); > > } // if index>0 > >} // function > > >## ------- main() --------------------- >if ($argc != 3 || in_array($argv[1], array('--help', '-help', '-h', '-?'))) >{ > echo " Usage: $argv[0] <PORT> <SWITCH>\n"; > echo " Example: $argv[0] Fa0/19 sw0120\n"; > exit(2); > >} else { > $port=$argv[1]; > $switch=$argv[2]; >} >debug1("Port $port on $switch"); > >$port = preg_replace('/\//', '\/', $port); # Escape slashes >if ($catos===TRUE) { $ifquery='ifName'; } > >## Go! >get_switch_type($switch); > >// query interface list and split into an array >$if_list=explode("\n", syscall("$snmpwalk $switch $ifquery")); > >for ($i = 0; $i < count($if_list); $i++){ > #debug2($if_list[$i]); > if (preg_match("/ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.(.+) : .* >$port$/", $if_list[$i], $matches)) { > debug2($if_list[$i]); > $port_index=$matches[1]; > > get_port_status($port_index, $switch); > restart_port($port_index, $switch); > > } // if preg_match interface >} //for if_list > > > >?> > > >Regards, > >Sean > > > > >>-----Original Message----- >>From: vmp...@li... >>[mailto:vmp...@li...] On Behalf Of >>David Smith >>Sent: jeudi, 3. novembre 2005 09:55 >>To: vmp...@li... >>Subject: RE: [OpenVMPS-devel] Changing VLANs while the host >>is connected >> >>Would you be able to send the part of the PHP script that >>shutsdown and >>restarts the individual port? >> >>Thanks >>Dave >>System Administrator >>m/v Africa Mercy >>Mercy Ships >>tel: 0191 483 8413 ex 108 >>fax: 0870 460 0764 >> >> >> >> >>>-----Original Message----- >>>From: vmp...@li... >>>[mailto:vmp...@li...] On Behalf Of >>>Sean Boran >>>Sent: 03 November 2005 08:41 >>>To: vmp...@li... >>>Subject: RE: [OpenVMPS-devel] Changing VLANs while the host >>>is connected >>> >>> >>> >>>I've a PHP script that shutdown/starts the Switch port via SNMP. >>>Is that what you mean? >>> >>>I've a major problem with hubs though, individualt ports work OK. >>> >>>Sean >>> >>> >>> >>>>-----Original Message----- >>>>From: vmp...@li... >>>>[mailto:vmp...@li...] On Behalf Of >>>>David Smith >>>>Sent: jeudi, 3. novembre 2005 09:26 >>>>To: vmp...@li... >>>>Subject: RE: [OpenVMPS-devel] Changing VLANs while the host >>>>is connected >>>> >>>>How do you deal with a changed vLan? In our system, when we >>>>change a vLan, >>>>we also need the client to get a new IP address to continue >>>>operation. Doing >>>>a reboot is sufficient for us, how do you tell the switch to >>>>recheck it's >>>>ports? >>>> >>>>Dave >>>>System Administrator >>>>m/v Africa Mercy >>>>Mercy Ships >>>>tel: 0191 483 8413 ex 108 >>>>fax: 0870 460 0764 >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: vmp...@li... >>>>>[mailto:vmp...@li...] On Behalf Of >>>>>Sean Boran >>>>>Sent: 03 November 2005 07:34 >>>>>To: vmp...@li... >>>>>Subject: RE: [OpenVMPS-devel] Changing VLANs while the host >>>>>is connected >>>>> >>>>> >>>>>Hi, >>>>> >>>>>I use 1.3 too, but I found that I often have to restart ports >>>>>to get them to >>>>>change Vlan. But for me the problem was the switch not >>>>> >>>>> >>>sending a VQP >>> >>> >>>>>request, as opposed to vmpsd giving the wrong answer. >>>>> >>>>>Sean >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: vmp...@li... >>>>>>[mailto:vmp...@li...] On Behalf Of >>>>>>Matthew Wilson >>>>>>Sent: mercredi, 2. novembre 2005 20:46 >>>>>>To: vmp...@li... >>>>>>Subject: [OpenVMPS-devel] Changing VLANs while the host >>>>>> >>>>>> >>>>is connected >>>> >>>> >>>>>>Hello! First off, thanks so much to the writers of OpenVMPS, >>>>>>we've been >>>>>>able to do wonderful things with it for the past couple >>>>>> >>>>>> >>>>>years (~2,000 >>>>> >>>>> >>>>>>clients). >>>>>> >>>>>>We use OpenVMPS to help us quarentine virus infected hosts. >>>>>>Problem is, >>>>>>when we find an infected host, change the vlan in the >>>>>> >>>>>> >>>config and >>> >>> >>>>>>reconfirm the switch while the PC is still connected, the >>>>>>vmps sends a >>>>>>DENY message. However, if I disconnected the host from the >>>>>>switch, and >>>>>>reconnect, it gets the appropriate vlan. This behavior >>>>>> >>>>>> >>>>>only became a >>>>> >>>>> >>>>>>problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps >>>>>>would send >>>>>>an ALLOW message along with the correct new vlan. >>>>>> >>>>>>Here is my config: >>>>>>================================== >>>>>>vmps domain ungoliant >>>>>>vmps mode open >>>>>>vmps fallback default >>>>>>vmps no-domain-req deny >>>>>>vmps-mac-addrs >>>>>>address 00d0.b7b3.6516 vlan-name VLAN0103 >>>>>> >>>>>>Here is the log in v1.3: >>>>>>================================== >>>>>>VQP Request >>>>>>Unknown: 1 >>>>>>Request Type: 3 >>>>>>Response: 0 >>>>>>No. Data Items: 6 >>>>>>Sequence No.: 48 >>>>>>Client IP address: 10.2.1.54 >>>>>>Port name: Fa0/10 >>>>>>Vlan name: VLAN0102 >>>>>>Domain name: Ungoliant >>>>>>MAC address: 00d0b7b36516 >>>>>>DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 >>>>>> >>>>>>And now the log (using the same config) using v1.0: >>>>>> ================================== >>>>>>VQP Request >>>>>>Unknown: 1 >>>>>>Request Type: 3 >>>>>>Response: 0 >>>>>>No. Data Items: 6 >>>>>>Sequence No.: 40 >>>>>>Client IP address: 10.2.1.54 >>>>>>Port name: Fa0/10 >>>>>>Vlan name: VLAN0102 >>>>>>Domain name: Ungoliant >>>>>>Vlan name: VLAN0102 >>>>>>MAC address: 00d0b7b36516 >>>>>>ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 >>>>>> >>>>>> >>>>>>Is this the expected result? I think it's reasonable >>>>>>that a VLAN could change while a PC is still connected >>>>>>to the port. Is this configurable? >>>>>> >>>>>>Thanks for any help you can give! >>>>>>Matthew >>>>>> >>>>>> >>>>>> >>>>>>------------------------------------------------------- >>>>>>SF.Net email is sponsored by: >>>>>>Tame your development challenges with Apache's Geronimo App >>>>>>Server. Download >>>>>>it for free - -and be entered to win a 42" plasma tv or >>>>>> >>>>>> >>>>>your very own >>>>> >>>>> >>>>>>Sony(tm)PSP. Click here to play: >>>>>> >>>>>> >>>>>http://sourceforge.net/geronimo.php >>>>> >>>>> >>>>>>_______________________________________________ >>>>>>Vmps-devel mailing list >>>>>>Vmp...@li... >>>>>>https://lists.sourceforge.net/lists/listinfo/vmps-devel >>>>>> >>>>>> >>>>>> >>>>> >>>>>------------------------------------------------------- >>>>>SF.Net email is sponsored by: >>>>>Tame your development challenges with Apache's Geronimo App >>>>>Server. Download >>>>>it for free - -and be entered to win a 42" plasma tv or >>>>> >>>>> >>>>your very own >>>> >>>> >>>>>Sony(tm)PSP. Click here to play: >>>>> >>>>> >>>>http://sourceforge.net/geronimo.php >>>> >>>> >>>>>_______________________________________________ >>>>>Vmps-devel mailing list >>>>>Vmp...@li... >>>>>https://lists.sourceforge.net/lists/listinfo/vmps-devel >>>>> >>>>> >>>>> >>>> >>>>------------------------------------------------------- >>>>SF.Net email is sponsored by: >>>>Tame your development challenges with Apache's Geronimo App >>>>Server. Download >>>>it for free - -and be entered to win a 42" plasma tv or >>>> >>>> >>>your very own >>> >>> >>>>Sony(tm)PSP. Click here to play: >>>> >>>> >>>http://sourceforge.net/geronimo.php >>> >>> >>>>_______________________________________________ >>>>Vmps-devel mailing list >>>>Vmp...@li... >>>>https://lists.sourceforge.net/lists/listinfo/vmps-devel >>>> >>>> >>>> >>> >>>------------------------------------------------------- >>>SF.Net email is sponsored by: >>>Tame your development challenges with Apache's Geronimo App >>>Server. Download >>>it for free - -and be entered to win a 42" plasma tv or >>> >>> >>your very own >> >> >>>Sony(tm)PSP. Click here to play: >>> >>> >>http://sourceforge.net/geronimo.php >> >> >>>_______________________________________________ >>>Vmps-devel mailing list >>>Vmp...@li... >>>https://lists.sourceforge.net/lists/listinfo/vmps-devel >>> >>> >>> >> >>------------------------------------------------------- >>SF.Net email is sponsored by: >>Tame your development challenges with Apache's Geronimo App >>Server. Download >>it for free - -and be entered to win a 42" plasma tv or your very own >>Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php >>_______________________________________________ >>Vmps-devel mailing list >>Vmp...@li... >>https://lists.sourceforge.net/lists/listinfo/vmps-devel >> >> >> > > > >------------------------------------------------------- >SF.Net email is sponsored by: >Tame your development challenges with Apache's Geronimo App Server. Download >it for free - -and be entered to win a 42" plasma tv or your very own >Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php >_______________________________________________ >Vmps-devel mailing list >Vmp...@li... >https://lists.sourceforge.net/lists/listinfo/vmps-devel > > k |
From: Sean B. <se...@bo...> - 2005-11-03 09:14:21
|
Hi, Here you are. the script is below. It also expects some settings in a file config.inc: $snmpwalk="/usr/bin/snmpwalk -c mysecret1 "; # SNMP Read community $snmpset ="/usr/bin/snmpset -c msecret2"; # SNMP Write community #!/usr/bin/php -f <?php # # /opt/vmps/restart_port # # Use SNMP to connect to the Switch, check the port status (up/down), and # reset the port (set down, then up). # # Example: # /opt/vmps/restart_port 2/10 sw0503 # # 2005.9.30/Sean Boran # ############################################################# $debug_flag1=true; $debug_flag2=false; $catos=TRUE; include_once "funcs.inc"; # Load settings & common functions define_syslog_variables(); # not used yet, but anyway.. openlog("check_port", LOG_PID | LOG_PERROR, LOG_LOCAL5); #$snmpwalk="/opt/OV/bin/snmpwalk -c mysecret1 "; # SNMP Read community #$snmpset ="/opt/OV/bin/snmpset -c mysecret2"; # SNMP Write community # ------------------ functions ---------------- function get_switch_type($switch) { global $snmpwalk, $debug_flag1, $debug_flag2, $catos; $found=FALSE; ## Get all port status and find the one that interests us debug2("$snmpwalk $switch system.sysDescr"); $answer=explode("\n", syscall("$snmpwalk $switch system.sysDescr")); for ($j = 0; $j < count($answer); $j++){ debug2($answer[$j]); if (preg_match("/Invalid destination/", $answer[$j], $matches)) { echo($answer[$j] . " - ABORTED.\n"); exit(2); } else if (preg_match("/Timeout: No Response/", $answer[$j], $matches)) { echo($answer[$j] . " - ABORTED.\n"); exit(2); } else if (preg_match("/Internetwork Operating System/", $answer[$j], $matches)) { $catos=FALSE; $found=TRUE; debug1('IOS !'); } else if (preg_match("/Catalyst Operating System/", $answer[$j], $matches)) { $catos=TRUE; $found=TRUE; debug1('CATOS !'); } } if (found==FALSE) { echo("ABORTED: Could not contact switch, or unknown Switch (neither IOS nor CATOS).\n"); echo($answer[$j]); exit(2); } } function get_port_status($port_index, $switch) { global $snmpwalk, $debug_flag1, $debug_flag2; $result=''; // use index to check port status if ($port_index>0 ) { debug2("Index=$port_index"); $mymatch="ifEntry.ifAdminStatus.$port_index : INTEGER:"; ## Get all port status and find the one that interests us $stat_list=explode("\n", syscall("$snmpwalk $switch ifAdminStatus")); for ($j = 0; $j < count($stat_list); $j++){ #debug1($stat_list[$j]); # Invalid smp will give "no MIB objects contained under subtree." if (preg_match("/$mymatch (.+)/", $stat_list[$j], $matches)) { debug1("STATUS " . $matches[1]); $result=$matches[1]; } // if match } } return $result; } function restart_port($port_index, $switch) { global $snmpset, $debug_flag1, $debug_flag2; $result=''; // use index to check port status if ($port_index>0 ) { # Example # /opt/OV/bin/snmpset -c MYSECRET SWITCHNAME ifAdminStatus.18 integer 2 $cmd="$snmpset $switch ifAdminStatus.$port_index integer 2"; // down $answer=explode("\n", syscall($cmd)); for ($j = 0; $j < count($answer); $j++){ debug1($answer[$j]); } #get_port_status($port_index, $switch); $cmd="$snmpset $switch ifAdminStatus.$port_index integer 1"; // up $answer=explode("\n", syscall($cmd)); for ($j = 0; $j < count($answer); $j++){ debug1($answer[$j]); } #get_port_status($port_index, $switch); } // if index>0 } // function ## ------- main() --------------------- if ($argc != 3 || in_array($argv[1], array('--help', '-help', '-h', '-?'))) { echo " Usage: $argv[0] <PORT> <SWITCH>\n"; echo " Example: $argv[0] Fa0/19 sw0120\n"; exit(2); } else { $port=$argv[1]; $switch=$argv[2]; } debug1("Port $port on $switch"); $port = preg_replace('/\//', '\/', $port); # Escape slashes if ($catos===TRUE) { $ifquery='ifName'; } ## Go! get_switch_type($switch); // query interface list and split into an array $if_list=explode("\n", syscall("$snmpwalk $switch $ifquery")); for ($i = 0; $i < count($if_list); $i++){ #debug2($if_list[$i]); if (preg_match("/ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.(.+) : .* $port$/", $if_list[$i], $matches)) { debug2($if_list[$i]); $port_index=$matches[1]; get_port_status($port_index, $switch); restart_port($port_index, $switch); } // if preg_match interface } //for if_list ?> Regards, Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > David Smith > Sent: jeudi, 3. novembre 2005 09:55 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > is connected > > Would you be able to send the part of the PHP script that > shutsdown and > restarts the individual port? > > Thanks > Dave > System Administrator > m/v Africa Mercy > Mercy Ships > tel: 0191 483 8413 ex 108 > fax: 0870 460 0764 > > > > -----Original Message----- > > From: vmp...@li... > > [mailto:vmp...@li...] On Behalf Of > > Sean Boran > > Sent: 03 November 2005 08:41 > > To: vmp...@li... > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > is connected > > > > > > > > I've a PHP script that shutdown/starts the Switch port via SNMP. > > Is that what you mean? > > > > I've a major problem with hubs though, individualt ports work OK. > > > > Sean > > > > > -----Original Message----- > > > From: vmp...@li... > > > [mailto:vmp...@li...] On Behalf Of > > > David Smith > > > Sent: jeudi, 3. novembre 2005 09:26 > > > To: vmp...@li... > > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > > is connected > > > > > > How do you deal with a changed vLan? In our system, when we > > > change a vLan, > > > we also need the client to get a new IP address to continue > > > operation. Doing > > > a reboot is sufficient for us, how do you tell the switch to > > > recheck it's > > > ports? > > > > > > Dave > > > System Administrator > > > m/v Africa Mercy > > > Mercy Ships > > > tel: 0191 483 8413 ex 108 > > > fax: 0870 460 0764 > > > > > > > > > > -----Original Message----- > > > > From: vmp...@li... > > > > [mailto:vmp...@li...] On Behalf Of > > > > Sean Boran > > > > Sent: 03 November 2005 07:34 > > > > To: vmp...@li... > > > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > > > is connected > > > > > > > > > > > > Hi, > > > > > > > > I use 1.3 too, but I found that I often have to restart ports > > > > to get them to > > > > change Vlan. But for me the problem was the switch not > > sending a VQP > > > > request, as opposed to vmpsd giving the wrong answer. > > > > > > > > Sean > > > > > > > > > -----Original Message----- > > > > > From: vmp...@li... > > > > > [mailto:vmp...@li...] On Behalf Of > > > > > Matthew Wilson > > > > > Sent: mercredi, 2. novembre 2005 20:46 > > > > > To: vmp...@li... > > > > > Subject: [OpenVMPS-devel] Changing VLANs while the host > > > is connected > > > > > > > > > > Hello! First off, thanks so much to the writers of OpenVMPS, > > > > > we've been > > > > > able to do wonderful things with it for the past couple > > > > years (~2,000 > > > > > clients). > > > > > > > > > > We use OpenVMPS to help us quarentine virus infected hosts. > > > > > Problem is, > > > > > when we find an infected host, change the vlan in the > > config and > > > > > reconfirm the switch while the PC is still connected, the > > > > > vmps sends a > > > > > DENY message. However, if I disconnected the host from the > > > > > switch, and > > > > > reconnect, it gets the appropriate vlan. This behavior > > > > only became a > > > > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps > > > > > would send > > > > > an ALLOW message along with the correct new vlan. > > > > > > > > > > Here is my config: > > > > > ================================== > > > > > vmps domain ungoliant > > > > > vmps mode open > > > > > vmps fallback default > > > > > vmps no-domain-req deny > > > > > vmps-mac-addrs > > > > > address 00d0.b7b3.6516 vlan-name VLAN0103 > > > > > > > > > > Here is the log in v1.3: > > > > > ================================== > > > > > VQP Request > > > > > Unknown: 1 > > > > > Request Type: 3 > > > > > Response: 0 > > > > > No. Data Items: 6 > > > > > Sequence No.: 48 > > > > > Client IP address: 10.2.1.54 > > > > > Port name: Fa0/10 > > > > > Vlan name: VLAN0102 > > > > > Domain name: Ungoliant > > > > > MAC address: 00d0b7b36516 > > > > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > > > > > > > > > > And now the log (using the same config) using v1.0: > > > > > ================================== > > > > > VQP Request > > > > > Unknown: 1 > > > > > Request Type: 3 > > > > > Response: 0 > > > > > No. Data Items: 6 > > > > > Sequence No.: 40 > > > > > Client IP address: 10.2.1.54 > > > > > Port name: Fa0/10 > > > > > Vlan name: VLAN0102 > > > > > Domain name: Ungoliant > > > > > Vlan name: VLAN0102 > > > > > MAC address: 00d0b7b36516 > > > > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > > > > > > > > > > > > > > > Is this the expected result? I think it's reasonable > > > > > that a VLAN could change while a PC is still connected > > > > > to the port. Is this configurable? > > > > > > > > > > Thanks for any help you can give! > > > > > Matthew > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > SF.Net email is sponsored by: > > > > > Tame your development challenges with Apache's Geronimo App > > > > > Server. Download > > > > > it for free - -and be entered to win a 42" plasma tv or > > > > your very own > > > > > Sony(tm)PSP. Click here to play: > > > > http://sourceforge.net/geronimo.php > > > > > _______________________________________________ > > > > > Vmps-devel mailing list > > > > > Vmp...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > SF.Net email is sponsored by: > > > > Tame your development challenges with Apache's Geronimo App > > > > Server. Download > > > > it for free - -and be entered to win a 42" plasma tv or > > > your very own > > > > Sony(tm)PSP. Click here to play: > > > http://sourceforge.net/geronimo.php > > > > _______________________________________________ > > > > Vmps-devel mailing list > > > > Vmp...@li... > > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: > > > Tame your development challenges with Apache's Geronimo App > > > Server. Download > > > it for free - -and be entered to win a 42" plasma tv or > > your very own > > > Sony(tm)PSP. Click here to play: > > http://sourceforge.net/geronimo.php > > > _______________________________________________ > > > Vmps-devel mailing list > > > Vmp...@li... > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or > your very own > > Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: David S. <dav...@me...> - 2005-11-03 08:54:54
|
Would you be able to send the part of the PHP script that shutsdown and restarts the individual port? Thanks Dave System Administrator m/v Africa Mercy Mercy Ships tel: 0191 483 8413 ex 108 fax: 0870 460 0764 > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > Sean Boran > Sent: 03 November 2005 08:41 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > is connected > > > > I've a PHP script that shutdown/starts the Switch port via SNMP. > Is that what you mean? > > I've a major problem with hubs though, individualt ports work OK. > > Sean > > > -----Original Message----- > > From: vmp...@li... > > [mailto:vmp...@li...] On Behalf Of > > David Smith > > Sent: jeudi, 3. novembre 2005 09:26 > > To: vmp...@li... > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > is connected > > > > How do you deal with a changed vLan? In our system, when we > > change a vLan, > > we also need the client to get a new IP address to continue > > operation. Doing > > a reboot is sufficient for us, how do you tell the switch to > > recheck it's > > ports? > > > > Dave > > System Administrator > > m/v Africa Mercy > > Mercy Ships > > tel: 0191 483 8413 ex 108 > > fax: 0870 460 0764 > > > > > > > -----Original Message----- > > > From: vmp...@li... > > > [mailto:vmp...@li...] On Behalf Of > > > Sean Boran > > > Sent: 03 November 2005 07:34 > > > To: vmp...@li... > > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > > is connected > > > > > > > > > Hi, > > > > > > I use 1.3 too, but I found that I often have to restart ports > > > to get them to > > > change Vlan. But for me the problem was the switch not > sending a VQP > > > request, as opposed to vmpsd giving the wrong answer. > > > > > > Sean > > > > > > > -----Original Message----- > > > > From: vmp...@li... > > > > [mailto:vmp...@li...] On Behalf Of > > > > Matthew Wilson > > > > Sent: mercredi, 2. novembre 2005 20:46 > > > > To: vmp...@li... > > > > Subject: [OpenVMPS-devel] Changing VLANs while the host > > is connected > > > > > > > > Hello! First off, thanks so much to the writers of OpenVMPS, > > > > we've been > > > > able to do wonderful things with it for the past couple > > > years (~2,000 > > > > clients). > > > > > > > > We use OpenVMPS to help us quarentine virus infected hosts. > > > > Problem is, > > > > when we find an infected host, change the vlan in the > config and > > > > reconfirm the switch while the PC is still connected, the > > > > vmps sends a > > > > DENY message. However, if I disconnected the host from the > > > > switch, and > > > > reconnect, it gets the appropriate vlan. This behavior > > > only became a > > > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps > > > > would send > > > > an ALLOW message along with the correct new vlan. > > > > > > > > Here is my config: > > > > ================================== > > > > vmps domain ungoliant > > > > vmps mode open > > > > vmps fallback default > > > > vmps no-domain-req deny > > > > vmps-mac-addrs > > > > address 00d0.b7b3.6516 vlan-name VLAN0103 > > > > > > > > Here is the log in v1.3: > > > > ================================== > > > > VQP Request > > > > Unknown: 1 > > > > Request Type: 3 > > > > Response: 0 > > > > No. Data Items: 6 > > > > Sequence No.: 48 > > > > Client IP address: 10.2.1.54 > > > > Port name: Fa0/10 > > > > Vlan name: VLAN0102 > > > > Domain name: Ungoliant > > > > MAC address: 00d0b7b36516 > > > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > > > > > > > > And now the log (using the same config) using v1.0: > > > > ================================== > > > > VQP Request > > > > Unknown: 1 > > > > Request Type: 3 > > > > Response: 0 > > > > No. Data Items: 6 > > > > Sequence No.: 40 > > > > Client IP address: 10.2.1.54 > > > > Port name: Fa0/10 > > > > Vlan name: VLAN0102 > > > > Domain name: Ungoliant > > > > Vlan name: VLAN0102 > > > > MAC address: 00d0b7b36516 > > > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > > > > > > > > > > > > Is this the expected result? I think it's reasonable > > > > that a VLAN could change while a PC is still connected > > > > to the port. Is this configurable? > > > > > > > > Thanks for any help you can give! > > > > Matthew > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > SF.Net email is sponsored by: > > > > Tame your development challenges with Apache's Geronimo App > > > > Server. Download > > > > it for free - -and be entered to win a 42" plasma tv or > > > your very own > > > > Sony(tm)PSP. Click here to play: > > > http://sourceforge.net/geronimo.php > > > > _______________________________________________ > > > > Vmps-devel mailing list > > > > Vmp...@li... > > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: > > > Tame your development challenges with Apache's Geronimo App > > > Server. Download > > > it for free - -and be entered to win a 42" plasma tv or > > your very own > > > Sony(tm)PSP. Click here to play: > > http://sourceforge.net/geronimo.php > > > _______________________________________________ > > > Vmps-devel mailing list > > > Vmp...@li... > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or > your very own > > Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: Sean B. <se...@bo...> - 2005-11-03 08:41:28
|
I've a PHP script that shutdown/starts the Switch port via SNMP. Is that what you mean? I've a major problem with hubs though, individualt ports work OK. Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > David Smith > Sent: jeudi, 3. novembre 2005 09:26 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > is connected > > How do you deal with a changed vLan? In our system, when we > change a vLan, > we also need the client to get a new IP address to continue > operation. Doing > a reboot is sufficient for us, how do you tell the switch to > recheck it's > ports? > > Dave > System Administrator > m/v Africa Mercy > Mercy Ships > tel: 0191 483 8413 ex 108 > fax: 0870 460 0764 > > > > -----Original Message----- > > From: vmp...@li... > > [mailto:vmp...@li...] On Behalf Of > > Sean Boran > > Sent: 03 November 2005 07:34 > > To: vmp...@li... > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > is connected > > > > > > Hi, > > > > I use 1.3 too, but I found that I often have to restart ports > > to get them to > > change Vlan. But for me the problem was the switch not sending a VQP > > request, as opposed to vmpsd giving the wrong answer. > > > > Sean > > > > > -----Original Message----- > > > From: vmp...@li... > > > [mailto:vmp...@li...] On Behalf Of > > > Matthew Wilson > > > Sent: mercredi, 2. novembre 2005 20:46 > > > To: vmp...@li... > > > Subject: [OpenVMPS-devel] Changing VLANs while the host > is connected > > > > > > Hello! First off, thanks so much to the writers of OpenVMPS, > > > we've been > > > able to do wonderful things with it for the past couple > > years (~2,000 > > > clients). > > > > > > We use OpenVMPS to help us quarentine virus infected hosts. > > > Problem is, > > > when we find an infected host, change the vlan in the config and > > > reconfirm the switch while the PC is still connected, the > > > vmps sends a > > > DENY message. However, if I disconnected the host from the > > > switch, and > > > reconnect, it gets the appropriate vlan. This behavior > > only became a > > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps > > > would send > > > an ALLOW message along with the correct new vlan. > > > > > > Here is my config: > > > ================================== > > > vmps domain ungoliant > > > vmps mode open > > > vmps fallback default > > > vmps no-domain-req deny > > > vmps-mac-addrs > > > address 00d0.b7b3.6516 vlan-name VLAN0103 > > > > > > Here is the log in v1.3: > > > ================================== > > > VQP Request > > > Unknown: 1 > > > Request Type: 3 > > > Response: 0 > > > No. Data Items: 6 > > > Sequence No.: 48 > > > Client IP address: 10.2.1.54 > > > Port name: Fa0/10 > > > Vlan name: VLAN0102 > > > Domain name: Ungoliant > > > MAC address: 00d0b7b36516 > > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > > > > > > And now the log (using the same config) using v1.0: > > > ================================== > > > VQP Request > > > Unknown: 1 > > > Request Type: 3 > > > Response: 0 > > > No. Data Items: 6 > > > Sequence No.: 40 > > > Client IP address: 10.2.1.54 > > > Port name: Fa0/10 > > > Vlan name: VLAN0102 > > > Domain name: Ungoliant > > > Vlan name: VLAN0102 > > > MAC address: 00d0b7b36516 > > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > > > > > > > > > Is this the expected result? I think it's reasonable > > > that a VLAN could change while a PC is still connected > > > to the port. Is this configurable? > > > > > > Thanks for any help you can give! > > > Matthew > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: > > > Tame your development challenges with Apache's Geronimo App > > > Server. Download > > > it for free - -and be entered to win a 42" plasma tv or > > your very own > > > Sony(tm)PSP. Click here to play: > > http://sourceforge.net/geronimo.php > > > _______________________________________________ > > > Vmps-devel mailing list > > > Vmp...@li... > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or > your very own > > Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |
From: David S. <dav...@me...> - 2005-11-03 08:26:16
|
How do you deal with a changed vLan? In our system, when we change a = vLan, we also need the client to get a new IP address to continue operation. = Doing a reboot is sufficient for us, how do you tell the switch to recheck = it's ports? Dave System Administrator m/v Africa Mercy Mercy Ships tel: 0191 483 8413 ex 108 fax: 0870 460 0764 > -----Original Message----- > From: vmp...@li...=20 > [mailto:vmp...@li...] On Behalf Of=20 > Sean Boran > Sent: 03 November 2005 07:34 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host=20 > is connected >=20 >=20 > Hi, >=20 > I use 1.3 too, but I found that I often have to restart ports=20 > to get them to > change Vlan. But for me the problem was the switch not sending a VQP > request, as opposed to vmpsd giving the wrong answer. >=20 > Sean =20 >=20 > > -----Original Message----- > > From: vmp...@li...=20 > > [mailto:vmp...@li...] On Behalf Of=20 > > Matthew Wilson > > Sent: mercredi, 2. novembre 2005 20:46 > > To: vmp...@li... > > Subject: [OpenVMPS-devel] Changing VLANs while the host is connected > >=20 > > Hello! First off, thanks so much to the writers of OpenVMPS,=20 > > we've been=20 > > able to do wonderful things with it for the past couple=20 > years (~2,000=20 > > clients). > >=20 > > We use OpenVMPS to help us quarentine virus infected hosts. =20 > > Problem is,=20 > > when we find an infected host, change the vlan in the config and=20 > > reconfirm the switch while the PC is still connected, the=20 > > vmps sends a=20 > > DENY message. However, if I disconnected the host from the=20 > > switch, and=20 > > reconnect, it gets the appropriate vlan. This behavior=20 > only became a=20 > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps=20 > > would send=20 > > an ALLOW message along with the correct new vlan.=20 > >=20 > > Here is my config: > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > vmps domain ungoliant > > vmps mode open > > vmps fallback default > > vmps no-domain-req deny > > vmps-mac-addrs > > address 00d0.b7b3.6516 vlan-name VLAN0103 > >=20 > > Here is the log in v1.3: > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > VQP Request > > Unknown: 1 > > Request Type: 3 > > Response: 0 > > No. Data Items: 6 > > Sequence No.: 48 > > Client IP address: 10.2.1.54 > > Port name: Fa0/10 > > Vlan name: VLAN0102 > > Domain name: Ungoliant > > MAC address: 00d0b7b36516 > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > >=20 > > And now the log (using the same config) using v1.0: > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > > VQP Request > > Unknown: 1 > > Request Type: 3 > > Response: 0 > > No. Data Items: 6 > > Sequence No.: 40 > > Client IP address: 10.2.1.54 > > Port name: Fa0/10 > > Vlan name: VLAN0102 > > Domain name: Ungoliant > > Vlan name: VLAN0102 > > MAC address: 00d0b7b36516 > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > >=20 > >=20 > > Is this the expected result? I think it's reasonable > > that a VLAN could change while a PC is still connected > > to the port. Is this configurable? > >=20 > > Thanks for any help you can give! > > Matthew > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App=20 > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or=20 > your very own > > Sony(tm)PSP. Click here to play:=20 > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App=20 > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel >=20 |