RE: [OpenVMPS-devel] Changing VLANs while the host is connected
Brought to you by:
dori_seliskar
Menu
▾
▴
RE: [OpenVMPS-devel] Changing VLANs while the host is connected
|
From: Sean B. <se...@bo...> - 2005-11-03 09:14:21
|
Hi,
Here you are.
the script is below. It also expects some settings in a file config.inc:
$snmpwalk="/usr/bin/snmpwalk -c mysecret1 "; # SNMP Read community
$snmpset ="/usr/bin/snmpset -c msecret2"; # SNMP Write community
#!/usr/bin/php -f
<?php
#
# /opt/vmps/restart_port
#
# Use SNMP to connect to the Switch, check the port status (up/down), and
# reset the port (set down, then up).
#
# Example:
# /opt/vmps/restart_port 2/10 sw0503
#
# 2005.9.30/Sean Boran
#
#############################################################
$debug_flag1=true;
$debug_flag2=false;
$catos=TRUE;
include_once "funcs.inc"; # Load settings & common functions
define_syslog_variables(); # not used yet, but anyway..
openlog("check_port", LOG_PID | LOG_PERROR, LOG_LOCAL5);
#$snmpwalk="/opt/OV/bin/snmpwalk -c mysecret1 "; # SNMP Read community
#$snmpset ="/opt/OV/bin/snmpset -c mysecret2"; # SNMP Write community
# ------------------ functions ----------------
function get_switch_type($switch)
{
global $snmpwalk, $debug_flag1, $debug_flag2, $catos;
$found=FALSE;
## Get all port status and find the one that interests us
debug2("$snmpwalk $switch system.sysDescr");
$answer=explode("\n", syscall("$snmpwalk $switch system.sysDescr"));
for ($j = 0; $j < count($answer); $j++){
debug2($answer[$j]);
if (preg_match("/Invalid destination/", $answer[$j], $matches)) {
echo($answer[$j] . " - ABORTED.\n");
exit(2);
} else if (preg_match("/Timeout: No Response/", $answer[$j],
$matches)) {
echo($answer[$j] . " - ABORTED.\n");
exit(2);
} else if (preg_match("/Internetwork Operating System/", $answer[$j],
$matches)) {
$catos=FALSE;
$found=TRUE;
debug1('IOS !');
} else if (preg_match("/Catalyst Operating System/", $answer[$j],
$matches)) {
$catos=TRUE;
$found=TRUE;
debug1('CATOS !');
}
}
if (found==FALSE) {
echo("ABORTED: Could not contact switch, or unknown Switch (neither
IOS nor CATOS).\n");
echo($answer[$j]);
exit(2);
}
}
function get_port_status($port_index, $switch)
{
global $snmpwalk, $debug_flag1, $debug_flag2;
$result='';
// use index to check port status
if ($port_index>0 ) {
debug2("Index=$port_index");
$mymatch="ifEntry.ifAdminStatus.$port_index : INTEGER:";
## Get all port status and find the one that interests us
$stat_list=explode("\n", syscall("$snmpwalk $switch ifAdminStatus"));
for ($j = 0; $j < count($stat_list); $j++){
#debug1($stat_list[$j]);
# Invalid smp will give "no MIB objects contained under subtree."
if (preg_match("/$mymatch (.+)/", $stat_list[$j], $matches)) {
debug1("STATUS " . $matches[1]);
$result=$matches[1];
} // if match
}
}
return $result;
}
function restart_port($port_index, $switch)
{
global $snmpset, $debug_flag1, $debug_flag2;
$result='';
// use index to check port status
if ($port_index>0 ) {
# Example
# /opt/OV/bin/snmpset -c MYSECRET SWITCHNAME ifAdminStatus.18 integer 2
$cmd="$snmpset $switch ifAdminStatus.$port_index integer 2"; // down
$answer=explode("\n", syscall($cmd));
for ($j = 0; $j < count($answer); $j++){
debug1($answer[$j]);
}
#get_port_status($port_index, $switch);
$cmd="$snmpset $switch ifAdminStatus.$port_index integer 1"; // up
$answer=explode("\n", syscall($cmd));
for ($j = 0; $j < count($answer); $j++){
debug1($answer[$j]);
}
#get_port_status($port_index, $switch);
} // if index>0
} // function
## ------- main() ---------------------
if ($argc != 3 || in_array($argv[1], array('--help', '-help', '-h', '-?')))
{
echo " Usage: $argv[0] <PORT> <SWITCH>\n";
echo " Example: $argv[0] Fa0/19 sw0120\n";
exit(2);
} else {
$port=$argv[1];
$switch=$argv[2];
}
debug1("Port $port on $switch");
$port = preg_replace('/\//', '\/', $port); # Escape slashes
if ($catos===TRUE) { $ifquery='ifName'; }
## Go!
get_switch_type($switch);
// query interface list and split into an array
$if_list=explode("\n", syscall("$snmpwalk $switch $ifquery"));
for ($i = 0; $i < count($if_list); $i++){
#debug2($if_list[$i]);
if (preg_match("/ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.(.+) : .*
$port$/", $if_list[$i], $matches)) {
debug2($if_list[$i]);
$port_index=$matches[1];
get_port_status($port_index, $switch);
restart_port($port_index, $switch);
} // if preg_match interface
} //for if_list
?>
Regards,
Sean
> -----Original Message-----
> From: vmp...@li...
> [mailto:vmp...@li...] On Behalf Of
> David Smith
> Sent: jeudi, 3. novembre 2005 09:55
> To: vmp...@li...
> Subject: RE: [OpenVMPS-devel] Changing VLANs while the host
> is connected
>
> Would you be able to send the part of the PHP script that
> shutsdown and
> restarts the individual port?
>
> Thanks
> Dave
> System Administrator
> m/v Africa Mercy
> Mercy Ships
> tel: 0191 483 8413 ex 108
> fax: 0870 460 0764
>
>
> > -----Original Message-----
> > From: vmp...@li...
> > [mailto:vmp...@li...] On Behalf Of
> > Sean Boran
> > Sent: 03 November 2005 08:41
> > To: vmp...@li...
> > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host
> > is connected
> >
> >
> >
> > I've a PHP script that shutdown/starts the Switch port via SNMP.
> > Is that what you mean?
> >
> > I've a major problem with hubs though, individualt ports work OK.
> >
> > Sean
> >
> > > -----Original Message-----
> > > From: vmp...@li...
> > > [mailto:vmp...@li...] On Behalf Of
> > > David Smith
> > > Sent: jeudi, 3. novembre 2005 09:26
> > > To: vmp...@li...
> > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host
> > > is connected
> > >
> > > How do you deal with a changed vLan? In our system, when we
> > > change a vLan,
> > > we also need the client to get a new IP address to continue
> > > operation. Doing
> > > a reboot is sufficient for us, how do you tell the switch to
> > > recheck it's
> > > ports?
> > >
> > > Dave
> > > System Administrator
> > > m/v Africa Mercy
> > > Mercy Ships
> > > tel: 0191 483 8413 ex 108
> > > fax: 0870 460 0764
> > >
> > >
> > > > -----Original Message-----
> > > > From: vmp...@li...
> > > > [mailto:vmp...@li...] On Behalf Of
> > > > Sean Boran
> > > > Sent: 03 November 2005 07:34
> > > > To: vmp...@li...
> > > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host
> > > > is connected
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I use 1.3 too, but I found that I often have to restart ports
> > > > to get them to
> > > > change Vlan. But for me the problem was the switch not
> > sending a VQP
> > > > request, as opposed to vmpsd giving the wrong answer.
> > > >
> > > > Sean
> > > >
> > > > > -----Original Message-----
> > > > > From: vmp...@li...
> > > > > [mailto:vmp...@li...] On Behalf Of
> > > > > Matthew Wilson
> > > > > Sent: mercredi, 2. novembre 2005 20:46
> > > > > To: vmp...@li...
> > > > > Subject: [OpenVMPS-devel] Changing VLANs while the host
> > > is connected
> > > > >
> > > > > Hello! First off, thanks so much to the writers of OpenVMPS,
> > > > > we've been
> > > > > able to do wonderful things with it for the past couple
> > > > years (~2,000
> > > > > clients).
> > > > >
> > > > > We use OpenVMPS to help us quarentine virus infected hosts.
> > > > > Problem is,
> > > > > when we find an infected host, change the vlan in the
> > config and
> > > > > reconfirm the switch while the PC is still connected, the
> > > > > vmps sends a
> > > > > DENY message. However, if I disconnected the host from the
> > > > > switch, and
> > > > > reconnect, it gets the appropriate vlan. This behavior
> > > > only became a
> > > > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps
> > > > > would send
> > > > > an ALLOW message along with the correct new vlan.
> > > > >
> > > > > Here is my config:
> > > > > ==================================
> > > > > vmps domain ungoliant
> > > > > vmps mode open
> > > > > vmps fallback default
> > > > > vmps no-domain-req deny
> > > > > vmps-mac-addrs
> > > > > address 00d0.b7b3.6516 vlan-name VLAN0103
> > > > >
> > > > > Here is the log in v1.3:
> > > > > ==================================
> > > > > VQP Request
> > > > > Unknown: 1
> > > > > Request Type: 3
> > > > > Response: 0
> > > > > No. Data Items: 6
> > > > > Sequence No.: 48
> > > > > Client IP address: 10.2.1.54
> > > > > Port name: Fa0/10
> > > > > Vlan name: VLAN0102
> > > > > Domain name: Ungoliant
> > > > > MAC address: 00d0b7b36516
> > > > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10
> > > > >
> > > > > And now the log (using the same config) using v1.0:
> > > > > ==================================
> > > > > VQP Request
> > > > > Unknown: 1
> > > > > Request Type: 3
> > > > > Response: 0
> > > > > No. Data Items: 6
> > > > > Sequence No.: 40
> > > > > Client IP address: 10.2.1.54
> > > > > Port name: Fa0/10
> > > > > Vlan name: VLAN0102
> > > > > Domain name: Ungoliant
> > > > > Vlan name: VLAN0102
> > > > > MAC address: 00d0b7b36516
> > > > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10
> > > > >
> > > > >
> > > > > Is this the expected result? I think it's reasonable
> > > > > that a VLAN could change while a PC is still connected
> > > > > to the port. Is this configurable?
> > > > >
> > > > > Thanks for any help you can give!
> > > > > Matthew
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > SF.Net email is sponsored by:
> > > > > Tame your development challenges with Apache's Geronimo App
> > > > > Server. Download
> > > > > it for free - -and be entered to win a 42" plasma tv or
> > > > your very own
> > > > > Sony(tm)PSP. Click here to play:
> > > > http://sourceforge.net/geronimo.php
> > > > > _______________________________________________
> > > > > Vmps-devel mailing list
> > > > > Vmp...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF.Net email is sponsored by:
> > > > Tame your development challenges with Apache's Geronimo App
> > > > Server. Download
> > > > it for free - -and be entered to win a 42" plasma tv or
> > > your very own
> > > > Sony(tm)PSP. Click here to play:
> > > http://sourceforge.net/geronimo.php
> > > > _______________________________________________
> > > > Vmps-devel mailing list
> > > > Vmp...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > SF.Net email is sponsored by:
> > > Tame your development challenges with Apache's Geronimo App
> > > Server. Download
> > > it for free - -and be entered to win a 42" plasma tv or
> > your very own
> > > Sony(tm)PSP. Click here to play:
> > http://sourceforge.net/geronimo.php
> > > _______________________________________________
> > > Vmps-devel mailing list
> > > Vmp...@li...
> > > https://lists.sourceforge.net/lists/listinfo/vmps-devel
> > >
> >
> >
> >
> > -------------------------------------------------------
> > SF.Net email is sponsored by:
> > Tame your development challenges with Apache's Geronimo App
> > Server. Download
> > it for free - -and be entered to win a 42" plasma tv or
> your very own
> > Sony(tm)PSP. Click here to play:
> http://sourceforge.net/geronimo.php
> > _______________________________________________
> > Vmps-devel mailing list
> > Vmp...@li...
> > https://lists.sourceforge.net/lists/listinfo/vmps-devel
> >
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App
> Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Vmps-devel mailing list
> Vmp...@li...
> https://lists.sourceforge.net/lists/listinfo/vmps-devel
>
|
