Benutzer-Werkzeuge

Webseiten-Werkzeuge


english:modify-administrative-port-state-via-snmp

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

english:modify-administrative-port-state-via-snmp [2014/06/19 15:28] (aktuell)
benny angelegt
Zeile 1: Zeile 1:
 +====== Modify the administrative port state via SNMP ======
  
 +This TechTip has been written based on the following hardware and AOS software:
 +<code>
 +OS6850-48L-Lab-> show chassis 
 +
 +Chassis 1
 +  Model Name:                    OS6850-48L,
 +  Description:                   48 10/100,
 +  Part Number:                   902545-90,
 +  Hardware Revision:             02,
 +  Serial Number:                 H12xxxxx,
 +  Manufacture Date:              MAR 22 2007,
 +  Admin Status:                  POWER ON,
 +  Operational Status:            UP,
 +  Number Of Resets:              81
 +  MAC Address:                   00:e0:b1:xx:xx:xx,
 +
 +
 +OS6850-48L-Lab-> show microcode 
 +   Package           Release       Size     Description
 +-----------------+---------------+--------+-----------------------------------
 +Kbase.img         6.4.4.569.R01   18614259 Alcatel-Lucent Base Software
 +Kadvrout.img      6.4.4.569.R01    2878998 Alcatel-Lucent Advanced Routing
 +K2os.img          6.4.4.569.R01    1959603 Alcatel-Lucent OS
 +Keni.img          6.4.4.569.R01    5760585 Alcatel-Lucent NI software
 +Ksecu.img         6.4.4.569.R01     649215 Alcatel-Lucent Security Management
 +Kencrypt.img      6.4.4.569.R01       3437 Alcatel-Lucent Encryption Management
 +</code>
 +
 +At the very beginning we'll create a user that has rights to use SNMP:
 +<code>
 +OS6850-48L-Lab-> user snmp password snmp12345 no auth read-write all 
 +OS6850-48L-Lab-> show user 
 +User name = snmp,
 +  Password expiration     = None,
 +  Password allow to be modified date     = None,
 +  Account lockout     = None,
 +  Password bad attempts     = 0,
 +  Read Only for domains   = None,
 +  Read/Write for domains  = All ,
 +  Snmp allowed     = YES,
 +  Snmp authentication     = NONE,
 +  Snmp encryption     = NONE,
 +  Console-Only    = Disabled
 +</code>
 +<WRAP center round tip 60%>
 +In live networks we strongly suggest to use SNMPv3!
 +</WRAP>
 +
 +
 +
 +Enable SNMPv2 access via "public" community and map it to user:
 +<code>
 +OS6850-48L-Lab-> snmp community map public user snmp enable 
 +</code>
 +
 +In the next step we instruct the switch to authenticate the user against local database:
 +<code>
 +OS6850-48L-Lab-> aaa authentication default local 
 +OS6850-48L-Lab-> show aaa authentication 
 +Service type = Default
 +  1rst authentication server = local
 +Service type = Console
 +  1rst authentication server = local
 +Service type = Telnet
 +  Authentication = Use Default,
 +  1rst authentication server = local
 +Service type = Ftp
 +  Authentication = Use Default,
 +  1rst authentication server = local
 +Service type = Http
 +  Authentication = Use Default,
 +  1rst authentication server = local
 +Service type = Snmp
 +  Authentication = Use Default,
 +  1rst authentication server = local
 +Service type = Ssh
 +  Authentication = Use Default,
 +  1rst authentication server = local
 +</code>
 +<WRAP center round tip 60%>
 +In live networks you should use RADIUS authentication!
 +</WRAP>
 +
 +
 +As we need to reach the OmniSwitch via SNMP, we create an IP-Interface:
 +<code>
 +OS6850-48L-Lab-> ip interface vlan-1 address 192.168.10.1/24 vlan 1
 +</code>
 +
 +The following tests shows that SNMP works as expected:
 +<code>
 +localhost:OS6850&OS6850E_644569R01 benny$ snmpwalk -v 2c -c public 192.168.10.1
 +SNMPv2-MIB::sysDescr.0 = STRING: Alcatel-Lucent OS6850-48L 6.4.4.569.R01 Service Release, October 29, 2012.
 +SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6486.800.1.1.2.1.7.1.12
 +DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (172600) 0:28:46.00
 +SNMPv2-MIB::sysContact.0 = STRING: Benny Eggerstedt - Alcatel-Lucent
 +SNMPv2-MIB::sysName.0 = STRING: OS6850-48L-Lab
 +SNMPv2-MIB::sysLocation.0 = STRING: Hamburg
 +SNMPv2-MIB::sysServices.0 = INTEGER: 78
 +IF-MIB::ifNumber.0 = INTEGER: 51
 +IF-MIB::ifIndex.1001 = INTEGER: 1001
 +...
 +</code>
 +
 +Assuming that we want to modify/verify the administrative port state of 1/3, we first need to find the corresponding MIB-OBJECT.
 +
 +Der Slot/Port 1/3 wird dabei durch 1003 repräsentiert, 2003 wäre 2/3 usw.
 +
 +The slot/port 1/3 is represented as 1003, while 2003 would be slot/port 2/3 etc.
 +
 +We identfy the MIB through the "Alcatel-Lucent OmniSwitch AOS 6.4.4.R01 CLI Reference Guide" simply by searching for the CLI command that we want to apply via SNMP:
 +<code>
 +interfaces {slot | slot/port[-port2]} admin {up | down}
 +...
 +MIB Objects
 +ifTable
 +   ifAdminStatus
 +</code>
 +
 +We can simply identify the corresponding OID ([[english:converting-mib-to-oid-and-oid-to-mib-through-aos-cli|]]) and add the port to it:
 +<code>
 +localhost:OS6850&OS6850E_644569R01 benny$ snmpget -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003
 +IF-MIB::ifAdminStatus.1003 = INTEGER: up(1)
 +</code>
 +
 +The same could be achieved through CLI:
 +<code>
 +OS6850-48L-Lab-> show interfaces 1/3 port 
 +Legends: WTR - Wait To Restore
 +         #   - WTR Timer is Running & Port is in wait-to-restore state
 +           - Permanent Shutdown
 +
 +Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
 +Port     Status   Status                 Time       Max        (sec)
 +------+----------+---------+----------+----------+----------+----------+-----------------
 +  1/3    enable      up        none           300         10          0 ""
 +
 +</code>
 +
 +If you review the MIB, you can find out the parameters that are available via SNMP:
 +<code>
 +ifAdminStatus OBJECT-TYPE
 +    SYNTAX  INTEGER {
 +                up(1),       -- ready to pass packets
 +                down(2),
 +                testing(3)   -- in some test mode
 +            }
 +    MAX-ACCESS  read-write
 +    STATUS      current
 +    DESCRIPTION
 +            "The desired state of the interface.  The testing(3) state
 +            indicates that no operational packets can be passed.  When a
 +            managed system initializes, all interfaces start with
 +            ifAdminStatus in the down(2) state.  As a result of either
 +            explicit management action or per configuration information
 +            retained by the managed system, ifAdminStatus is then
 +            changed to either the up(1) or testing(3) states (or remains
 +            in the down(2) state)."
 +    ::= { ifEntry 7 }
 +</code>
 +
 +If you now modify the administrative port state via SNMP to down(2), you'll observe the same on CLI immediately:
 +
 +<code>
 +localhost:OS6850&OS6850E_644569R01 benny$ snmpset -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003 i 2
 +IF-MIB::ifAdminStatus.1003 = INTEGER: down(2)
 +localhost:OS6850&OS6850E_644569R01 benny$ snmpget -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003
 +IF-MIB::ifAdminStatus.1003 = INTEGER: down(2)
 +</code>
 +CLI:
 +<code>
 +OS6850-48L-Lab-> show interfaces 1/3 port
 +Legends: WTR - Wait To Restore
 +         #   - WTR Timer is Running & Port is in wait-to-restore state
 +           - Permanent Shutdown
 +
 +Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
 +Port     Status   Status                 Time       Max        (sec)
 +------+----------+---------+----------+----------+----------+----------+-----------------
 +  1/3    disable     down      none           300         10          0 ""
 +</code>
 +
 +You can set the administrative port state back to up(1) the same way:
 +<code>
 +localhost:OS6850&OS6850E_644569R01 benny$ snmpset -v 2c -c public 192.168.10.1 1.3.6.1.2.1.2.2.1.7.1003 i 1
 +IF-MIB::ifAdminStatus.1003 = INTEGER: up(1)
 +
 +OS6850-48L-Lab-> show interfaces 1/3 port
 +Legends: WTR - Wait To Restore
 +         #   - WTR Timer is Running & Port is in wait-to-restore state
 +           - Permanent Shutdown
 +
 +Slot/    Admin     Link    Violations  Recovery   Recovery      WTR            Alias
 +Port     Status   Status                 Time       Max        (sec)
 +------+----------+---------+----------+----------+----------+----------+-----------------
 +  1/3    enable      up        none           300         10          0 ""
 +</code>
english/modify-administrative-port-state-via-snmp.txt · Zuletzt geändert: 2014/06/19 15:28 von benny