VLAN Manager tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
John-Mark Gurney c00eb02867 add support for detecting missing vlans, and creating them if needed... 2 weeks ago
vlanmang add support for detecting missing vlans, and creating them if needed... 2 weeks ago
.gitignore ignore some files that shouldn't be added to the repo.. 11 months ago
LICENSE.txt make it a proper installable package... 11 months ago
Makefile add some additional data that the tests depend upon to entr.. 3 months ago
NOTES.md add support for detecting missing vlans, and creating them if needed... 2 weeks ago
README.md add support for setting arbitrary MIB values... 3 months ago
requirements.txt make it a proper installable package... 11 months ago
setup.py make it a proper installable package... 11 months ago
test_data.py add support for setting arbitrary MIB values... 3 months ago

README.md

vlanmang

There are two parts to the tool. The first part is the SNMPSwitch class. The second part is the configuration sync part.

The SNMPSwitch class is used to configure the switch, such as creating VLANs (todo) and configuring what parts belong to which VLANs.

The configuration sync part is done in two steps, first is to collect the differences between what the configuration is and what it should be. This is done by the function checkchanges. This function generates a list of changes that need to be made to the switches to make them match what is configured. Then the second part, which is implemented as part of the main function, is to apply those changes.

Usage

The vlanmang command will import the Python module named data, for example data.py. The easiest way is if there is a file named data.py in the current directory, if there is, it will use that. Note that this file is run as Python code, so it can write files, read files, or any thing else that a Python program can do. This means that putting untrusted data from users should never be done unless properly escaped, or handled appropriately.

The file consists of declarations of how the switches should be configured, and the credentials necessary to verify configuration and make the necessary changes. One slightly unusual part of the tool is that you have to declare ports that you do not care about. This is to help ensure that you have a configuration specified for all the ports you care about, not just some of them. Common ports that should be ignored are the cpu interfaces and any extra lag interfaces. You can specify the ports by the names the switch knows them by (the ifName column in SNMP) for convience, or they can be specified by their index in ifTable.

MIBs

I'm sorry that vlanmang has to subject you to PySNMP. It is a terrible library that has been a complete miseriable experience to work with. If someone suggests a better library, I will be more than glad to switch to it, but it HAS to be better, just not a different pile of crap like PySNMP is.

The issue with MIBs is that PySNMP does not parse MIB files to figure out what files have what definitions in them. It REQUIRES that the files have a specific name. NetSNMP does not have this requirement, and as such, vendors do not follow PySNMP's specific naming.

For example, the NetGear MIBs files have SNMPv2-MIB definitions in a file named v2-mib.my, but PySNMP will ONLY find them if the file is named SNMPv2-MIB.mib (or some other extension).

In order to make the mibdump.py utility be able to convert these files, you first need to run this command over your MIB files:

grep DEFINITIONS *.my | awk '{ gsub(":", " "); system( "ln -s " $1 " " $2 ".mib") }'

This command will find all the definitions in *.my files, and create a symlink to the file. This then allows you to run the command:

mibdump.py --mib-source=mibdir <MIB name>

You can specify the --mib-source multiple times, e.g. to include the NetSNMP definitions that are often located in /usr/share/snmp/mibs.

Note: There are may be errors in the MIB file, like NetGear's fastpathswitching.my file has a definition for agentKeepalivePortLastLoopDetectedTime that has a default value that is too short. It's a 4 byte octet string instead of an 8 byte octet string. If you modify the MIB files, you will need to rerun the mibdump.py command.

Example

Here is an example data.py file:

import vlanmang
from pysnmp.hlapi import usmDESPrivProtocol

# VLANs
base = 1
guest = 23
dmz = 58

# Range inclusive of the end points
def rng(s, e):
	return range(s, e + 1)

lag1 = 'ch1'	# sometimes switches don't give useful names

switchvlans = {
	base:	{
		'u':	rng(1, 10),
		't':	lag1,
	},
	guest:	{
		'u':	rng(11, 19),
		't':	lag1,
	},
	dmz:	{
		'u':	rng(20, 24),
		't':	lag1,
	},

mibsettings = [
	(('BRIDGE-MIB', 'dot1dStp', 1, 0), 3),
	# Bump this switch's STP priority
	(('BRIDGE-MIB', 'dot1dStp', 2, 0), 16384)
]
# You can put your passwords in another file for security
from passwords import switchvlankey

# Use SNMPv3, defaulting to SHA1 auth and DES encryption, the best
# supported by NetGear switches.
authdata = dict(username='admin', authKey=key, privKey=key,
    privProtocol=usmDESPrivProtocol)

switch = vlanmang.SwitchConfig('203.0.113.10', authdata, switchvlangs,
	rng(25,26) + # part of lag1
	[ 'ch%d' % x for x in rng(2,8) ], # ignore the extra lag interfaces
	mibsettings
)

Once that file is created and in the current directory, simply run the program vlanmang, and it will query the switch and print out a list of changes that need to be made to the switch to make it match the configuration specified. If the changes look correct, type the entire word yes in, and press enter and the necessary changes will be made.

The NOTES.md file has notes about dealing with particular switches. Please consult this if you are having troubles. Just because a switch isn't listed doesn't mean it doesn't have any issues, it is likely that it has not be tested, or if it has, the information has not been submitted for inclusion.