Benutzer-Werkzeuge

Webseiten-Werkzeuge


english:modify-administrative-port-state-via-snmp

Modify the administrative port state via SNMP

This TechTip has been written based on the following hardware and AOS software:

OS6850-48L-Lab-> show chassis 

Chassis 1
  Model Name:                    OS6850-48L,
  Description:                   48 10/100,
  Part Number:                   902545-90,
  Hardware Revision:             02,
  Serial Number:                 H12xxxxx,
  Manufacture Date:              MAR 22 2007,
  Admin Status:                  POWER ON,
  Operational Status:            UP,
  Number Of Resets:              81
  MAC Address:                   00:e0:b1:xx:xx:xx,


OS6850-48L-Lab-> show microcode 
   Package           Release       Size     Description
-----------------+---------------+--------+-----------------------------------
Kbase.img         6.4.4.569.R01   18614259 Alcatel-Lucent Base Software
Kadvrout.img      6.4.4.569.R01    2878998 Alcatel-Lucent Advanced Routing
K2os.img          6.4.4.569.R01    1959603 Alcatel-Lucent OS
Keni.img          6.4.4.569.R01    5760585 Alcatel-Lucent NI software
Ksecu.img         6.4.4.569.R01     649215 Alcatel-Lucent Security Management
Kencrypt.img      6.4.4.569.R01       3437 Alcatel-Lucent Encryption Management

At the very beginning we'll create a user that has rights to use SNMP:

OS6850-48L-Lab-> user snmp password snmp12345 no auth read-write all 
OS6850-48L-Lab-> show user 
User name = snmp,
  Password expiration     = None,
  Password allow to be modified date     = None,
  Account lockout     = None,
  Password bad attempts     = 0,
  Read Only for domains   = None,
  Read/Write for domains  = All ,
  Snmp allowed     = YES,
  Snmp authentication     = NONE,
  Snmp encryption     = NONE,
  Console-Only    = Disabled

In live networks we strongly suggest to use SNMPv3!

Enable SNMPv2 access via „public“ community and map it to user:

OS6850-48L-Lab-> snmp community map public user snmp enable 

In the next step we instruct the switch to authenticate the user against local database:

OS6850-48L-Lab-> aaa authentication default local 
OS6850-48L-Lab-> show aaa authentication 
Service type = Default
  1rst authentication server = local
Service type = Console
  1rst authentication server = local
Service type = Telnet
  Authentication = Use Default,
  1rst authentication server = local
Service type = Ftp
  Authentication = Use Default,
  1rst authentication server = local
Service type = Http
  Authentication = Use Default,
  1rst authentication server = local
Service type = Snmp
  Authentication = Use Default,
  1rst authentication server = local
Service type = Ssh
  Authentication = Use Default,
  1rst authentication server = local

In live networks you should use RADIUS authentication!

As we need to reach the OmniSwitch via SNMP, we create an IP-Interface:

OS6850-48L-Lab-> ip interface vlan-1 address 192.168.10.1/24 vlan 1

The following tests shows that SNMP works as expected:

localhost:OS6850&OS6850E_644569R01 benny$ snmpwalk -v 2c -c public 192.168.10.1
SNMPv2-MIB::sysDescr.0 = STRING: Alcatel-Lucent OS6850-48L 6.4.4.569.R01 Service Release, October 29, 2012.
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6486.800.1.1.2.1.7.1.12
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (172600) 0:28:46.00
SNMPv2-MIB::sysContact.0 = STRING: Benny Eggerstedt - Alcatel-Lucent
SNMPv2-MIB::sysName.0 = STRING: OS6850-48L-Lab
SNMPv2-MIB::sysLocation.0 = STRING: Hamburg
SNMPv2-MIB::sysServices.0 = INTEGER: 78
IF-MIB::ifNumber.0 = INTEGER: 51
IF-MIB::ifIndex.1001 = INTEGER: 1001
...

Assuming that we want to modify/verify the administrative port state of 1/3, we first need to find the corresponding MIB-OBJECT.

Der Slot/Port 1/3 wird dabei durch 1003 repräsentiert, 2003 wäre 2/3 usw.

The slot/port 1/3 is represented as 1003, while 2003 would be slot/port 2/3 etc.

We identfy the MIB through the „Alcatel-Lucent OmniSwitch AOS 6.4.4.R01 CLI Reference Guide“ simply by searching for the CLI command that we want to apply via SNMP:

interfaces {slot | slot/port[-port2]} admin {up | down}
...
MIB Objects
ifTable
   ifAdminStatus

We can simply identify the corresponding OID (converting-mib-to-oid-and-oid-to-mib-through-aos-cli) and add the port to it:

localhost:OS6850&OS6850E_644569R01 benny$ snmpget -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003
IF-MIB::ifAdminStatus.1003 = INTEGER: up(1)

The same could be achieved through CLI:

OS6850-48L-Lab-> show interfaces 1/3 port 
Legends: WTR - Wait To Restore
         #   - WTR Timer is Running & Port is in wait-to-restore state
         *   - Permanent Shutdown

Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
Port     Status   Status                 Time       Max        (sec)
------+----------+---------+----------+----------+----------+----------+-----------------
  1/3    enable      up        none           300         10          0 ""

If you review the MIB, you can find out the parameters that are available via SNMP:

ifAdminStatus OBJECT-TYPE
    SYNTAX  INTEGER {
                up(1),       -- ready to pass packets
                down(2),
                testing(3)   -- in some test mode
            }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "The desired state of the interface.  The testing(3) state
            indicates that no operational packets can be passed.  When a
            managed system initializes, all interfaces start with
            ifAdminStatus in the down(2) state.  As a result of either
            explicit management action or per configuration information
            retained by the managed system, ifAdminStatus is then
            changed to either the up(1) or testing(3) states (or remains
            in the down(2) state)."
    ::= { ifEntry 7 }

If you now modify the administrative port state via SNMP to down(2), you'll observe the same on CLI immediately:

localhost:OS6850&OS6850E_644569R01 benny$ snmpset -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003 i 2
IF-MIB::ifAdminStatus.1003 = INTEGER: down(2)
localhost:OS6850&OS6850E_644569R01 benny$ snmpget -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003
IF-MIB::ifAdminStatus.1003 = INTEGER: down(2)

CLI:

OS6850-48L-Lab-> show interfaces 1/3 port
Legends: WTR - Wait To Restore
         #   - WTR Timer is Running & Port is in wait-to-restore state
         *   - Permanent Shutdown

Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
Port     Status   Status                 Time       Max        (sec)
------+----------+---------+----------+----------+----------+----------+-----------------
  1/3    disable     down      none           300         10          0 ""

You can set the administrative port state back to up(1) the same way:

localhost:OS6850&OS6850E_644569R01 benny$ snmpset -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003 i 1
IF-MIB::ifAdminStatus.1003 = INTEGER: up(1)

OS6850-48L-Lab-> show interfaces 1/3 port
Legends: WTR - Wait To Restore
         #   - WTR Timer is Running & Port is in wait-to-restore state
         *   - Permanent Shutdown

Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
Port     Status   Status                 Time       Max        (sec)
------+----------+---------+----------+----------+----------+----------+-----------------
  1/3    enable      up        none           300         10          0 ""
english/modify-administrative-port-state-via-snmp.txt · Zuletzt geändert: 2014/06/19 13:28 von benny

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki