Greetings all,
I'm currently using Switchmap 12.5.... It's been solid so there's been no overriding need for me to upgrade to the latest. Question: Does the latest version support Private VLANs (I know 12.5 calls those ports "routed")? If not, how might I help to get PVLAN support in the next release?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The latest version doesn't support PVLANs. There is a MIB named CISCO-PRIVATE-VLAN-MIB, which no doubt contains the information that SwitchMap would need. We don't use PVLANs at my site, so I can't really justify adding PVLAN support myself. If you'd like to try hacking SwitchMap to add support for it, I'd be happy to help. Another SwitchMap user ask for this in the past few days, so there might some extra help.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Pete,
So for I've determined that a Cisco 3560G running 12.2(58)SE2 does not support returning the private VLAN number from CISCO-STACK-MIB (vlanPortVlan) however a 3560X running 12.2(55)SE3 DOES return the "child" PVLAN number in vlanPortVlan. This means that, depending on your hardware (and possibly IOS version) you might get VPLAN information from SwitchMap with no modifications at all.
Note that vlanPortVlan only returns the "child" VLAN, not the parent... but if one wanted to discover it, the Parent is easily found. For example, if vlanPortVlan returns 101 we can look at
Good work. Makes sense. I mentioned another SwitchMap user who has asked about support for private VLANs. His name is Jonathan Benson, and I've suggested to him that he join this discussion. Here what I just wrote to him:
As Dan wrote in the Sourceforge discussion, perhaps the CISCO-PRIVATE-VLAN-MIB won't provide that much useful data. What you want to do is find out where in SwitchMap's sequence of queries to inject a new query to get the private VLAN information. Dan describes getting the vlanPortVlan table and using it's values to identify the VLAN type ("normal" or "not normal") to identify the private VLANs.
It sounds like it wouldn't be too hard to generate the right SNMP queries and logic. As I wrote earlier, I'd take a whack at it, but to test it I'd have to configure some private VLANs into a test switch. Given my other tasks, that seems kinda out-of-bounds :-)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Insert hilarity... I know Jonathan well, and we've had many a chat about PVLANs over beers, etc (#TheNerdLife). I wonder if he has the same issue re: IOS hardware or versions? I'll check with him "off line" and feed back info to this thread afterward.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Pete,
I notice that Private VLAN ports are marked as "routed." Can you give me some guidance on how/where SwitchMap makes the determination that a port is "routed?" I see this
$Port->{IsSwitching} = 1;
in PopulatePorts.pm.... I'd like to identify my PVLAN ports as IsSwitching=1, and this alone may work around the bug I'm seeing....
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all,
There is code in PopulatePorts.pm which might be modified to check for if an interface is configured to be a Private VLAN port, i.e. set IsSwitching based on whether it is in a Private VLAN
The trick is to set $Port->{IsPVLAN} correctly. To do this we'd want to crawl cpvlanVlanPrivateVlanType at the switch-level to identify which VLANs are Private VLANs.
Then if this particular port is assigned to a private VLAN (by comparing the list to $Port->{VlanNbr}) we can set $Port->{IsPVLAN}
My question is: what's the best place to identify all the PVLAN numbers for the switch (remaining consistent with switchmap's architecture), and what's the best way to store that info on a per-switch basis?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Greetings all,
I'm currently using Switchmap 12.5.... It's been solid so there's been no overriding need for me to upgrade to the latest. Question: Does the latest version support Private VLANs (I know 12.5 calls those ports "routed")? If not, how might I help to get PVLAN support in the next release?
The latest version doesn't support PVLANs. There is a MIB named CISCO-PRIVATE-VLAN-MIB, which no doubt contains the information that SwitchMap would need. We don't use PVLANs at my site, so I can't really justify adding PVLAN support myself. If you'd like to try hacking SwitchMap to add support for it, I'd be happy to help. Another SwitchMap user ask for this in the past few days, so there might some extra help.
Pete,
So for I've determined that a Cisco 3560G running 12.2(58)SE2 does not support returning the private VLAN number from CISCO-STACK-MIB (vlanPortVlan) however a 3560X running 12.2(55)SE3 DOES return the "child" PVLAN number in vlanPortVlan. This means that, depending on your hardware (and possibly IOS version) you might get VPLAN information from SwitchMap with no modifications at all.
Note that vlanPortVlan only returns the "child" VLAN, not the parent... but if one wanted to discover it, the Parent is easily found. For example, if vlanPortVlan returns 101 we can look at
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.101 = INTEGER: normal(1)
and discover that VLAN 101 is a normal/traditional VLAN.
If, on the other hand, vlanPortVlan returns 1511 we can determine that it is a Private VLAN type (i.e. "not normal(1)").
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1511 = INTEGER: isolated(3)
Next we'd see what the Primary VLAN number is:
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1511 = INTEGER: 1510
This means that VLAN 1510 is the Primary private VLAN, and 1511 is a "child". Also...
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1510 = INTEGER: primary(2)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1511 = INTEGER: isolated(3)
So we can confirm that 1510 is a Primary VLAN and 1511 is a subordinate type, in this case, an isolate PVLAN.
Also note that the CISCO-PRIVATE-VLAN-MIB only tells you about VLANs, and not the interface VLAN assignments. SNMP walk follows:
VLAN 1, 101, 140 are normal VLANs
VLAN 1500 is a Primary PVLAN with one isolated PVLAN 1501
VLAN 1510 is a Primary PVLAN with one isolated PVLAN 1511 and one community PVLAN 1512
~~~~snmpwalk -c TEST -v2c test-cat3560g-04 ciscoPrivateVlanMIB
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1 = INTEGER: normal(1)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.101 = INTEGER: normal(1)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.140 = INTEGER: normal(1)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1500 = INTEGER: primary(2)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1501 = INTEGER: isolated(3)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1510 = INTEGER: primary(2)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1511 = INTEGER: isolated(3)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanPrivateVlanType.1.1512 = INTEGER: community(4)
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1 = INTEGER: 0
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.101 = INTEGER: 0
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.140 = INTEGER: 0
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1500 = INTEGER: 0
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1501 = INTEGER: 1500
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1510 = INTEGER: 0
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1511 = INTEGER: 1510
CISCO-PRIVATE-VLAN-MIB::cpvlanVlanAssociatedPrimaryVlan.1.1512 = INTEGER: 1510
~~~~
Dan,
Good work. Makes sense. I mentioned another SwitchMap user who has asked about support for private VLANs. His name is Jonathan Benson, and I've suggested to him that he join this discussion. Here what I just wrote to him:
As Dan wrote in the Sourceforge discussion, perhaps the CISCO-PRIVATE-VLAN-MIB won't provide that much useful data. What you want to do is find out where in SwitchMap's sequence of queries to inject a new query to get the private VLAN information. Dan describes getting the vlanPortVlan table and using it's values to identify the VLAN type ("normal" or "not normal") to identify the private VLANs.
It sounds like it wouldn't be too hard to generate the right SNMP queries and logic. As I wrote earlier, I'd take a whack at it, but to test it I'd have to configure some private VLANs into a test switch. Given my other tasks, that seems kinda out-of-bounds :-)
Insert hilarity... I know Jonathan well, and we've had many a chat about PVLANs over beers, etc (#TheNerdLife). I wonder if he has the same issue re: IOS hardware or versions? I'll check with him "off line" and feed back info to this thread afterward.
It appears that no matter where I go I can't escape Dan. :)
Will catch up offline. Luckily Dan knows a lot more perl than I.
Pete,
I notice that Private VLAN ports are marked as "routed." Can you give me some guidance on how/where SwitchMap makes the determination that a port is "routed?" I see this
$Port->{IsSwitching} = 1;
in PopulatePorts.pm.... I'd like to identify my PVLAN ports as IsSwitching=1, and this alone may work around the bug I'm seeing....
Thanks.
Oh, one other thing. I have confirmed that walking dot1dTpFdbAddress does indeed return valid data for a PVLAN-configured port.
Hi all,
There is code in PopulatePorts.pm which might be modified to check for if an interface is configured to be a Private VLAN port, i.e. set IsSwitching based on whether it is in a Private VLAN
The trick is to set $Port->{IsPVLAN} correctly. To do this we'd want to crawl cpvlanVlanPrivateVlanType at the switch-level to identify which VLANs are Private VLANs.
Then if this particular port is assigned to a private VLAN (by comparing the list to $Port->{VlanNbr}) we can set $Port->{IsPVLAN}
My question is: what's the best place to identify all the PVLAN numbers for the switch (remaining consistent with switchmap's architecture), and what's the best way to store that info on a per-switch basis?