Send Netdot-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-users digest..."
Today's Topics:
1. Manually added vlan information overwrited on updatedevice.pl
(Nico)
2. Device alias and searches (Nico)
3. Re: Multiple VLAN on Switch Port? (Nico)
4. Re: Netdot and ASA (Nico)
----------------------------------------------------------------------
Message: 1
Date: Tue, 27 Jan 2015 10:06:10 +0100
From: Nico <[email protected]>
Subject: [Netdot-users] Manually added vlan information overwrited on
updatedevice.pl
To: "[email protected]" <[email protected]>
Message-ID:
<CAKXQfmt=-h3fANYFud13qRw5r9eoR594g1iBS_R=ha8t0dc...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hello,
I have some devices from wich i cannot get the VLAN information for
the interfaces.
Specially the firewalls, cisco asa, cisco fwsm, netscreen and
fortinet, for none of them netdot/snmp::info seems to get the vlan
information right. And also old cisco switches like the 3524XL.
So i tried to add the respective vlan/s to each interface on the
firewalls, but when updatedevice.pl runs the information is lost, as
it seems to be overwritten.
How are you solving this kind of problem?. Is anyone getting the vlan
information from this kind of devices?.
Thanks
--
Nico
------------------------------
Message: 2
Date: Tue, 27 Jan 2015 10:27:16 +0100
From: Nico <[email protected]>
Subject: [Netdot-users] Device alias and searches
To: "[email protected]" <[email protected]>
Message-ID:
<CAKXQfmv_FV9MeJEmW5kzji=5cyak9rgh_3lnkaffyolupvx...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hello,
Not sure if this can be considered a bug.
I've noticed a problem with the device search function.
Let's say you have a Stack of 3750 switches named sws01.
It is composed of 3 individual switches swt01, swt02,swt03.
If i have the stack defined in netdot with the name sws01, it is nice
to have in the alias the individual switch names, so i can find it if
i seach for that name (for example cpd operators can see the physical
switches and their names, but don't know if they are members of a
stack).
This works ok, but only if there is no rr defined for the individual switches.
If there is defined an rr with the name swt02, even if it doesn't have
an associated device,or it's an A record pointing to the snmp_target
address of sws01, or a CNAME to sws01 the search will say "swtc02 not
found". Like the search function stops there and don't look for alias
in devices for the searched string.
Workaround is easy anyway, deleting the offending rrs.
Greetings,
--
Nico
------------------------------
Message: 3
Date: Tue, 27 Jan 2015 17:59:45 +0100
From: Nico <[email protected]>
Subject: Re: [Netdot-users] Multiple VLAN on Switch Port?
To: "[email protected]" <[email protected]>
Message-ID:
<CAKXQfmvH3VXRtBK3b=9eenc4eSyFZsV5JwCOLY4yHNDRv-F_=a...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hi Christian,
To do it manually the way i found is going to VLAN section of the main
menu, search the vlan id and add the interface to that vlan, repeat
for all the needed vlans in wich that interface should be.
The problem i've found is it will be deleted on the next device
update, for example, i manually added vlan 527 to an interface, on the
next update (this is for a netscreen firewall):
DEBUG - utumno.defaultdomain: Interface with name ethernet2/5.527 found
DEBUG - utumno.defaultdomain: Interface 23 (ethernet2/5.527) updated
DEBUG - utumno.defaultdomain [ethernet2/5.527]: membership with VLAN
527 no longer exists. Removing.
DEBUG - utumno.defaultdomain [ethernet2/5.527]: Subnet configured in
interface is 192.168.129.0/24
DEBUG - utumno.defaultdomain [ethernet2/5.527]: IP 192.168.129.254/32
exists. Updating
I guess if it's a manually created interface, or you don't update that
device (or there exists a way not to update a given interface, wich i
think there is, tho i don't know where it is) it will be ok.
Greetings,
Nico
2014-10-29 23:24 GMT+01:00 Christian V?lker <[email protected]>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm currently testing Netdot (based on the Ubuntu VM image).
>
> I did not find a way to add multiple VLANs to a single switch port. But
> this appears to be a very common configuration (ie with vmWare).
>
> What do I do wrong?
>
> Thanks!
>
> Christian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlRRaQ8ACgkQ0XNIYlAXmzszbQCdHyhJJRFOfd5A9HR8L88bfBsd
> kkgAoICyEBxdldV8/59ng9kRw2Xh1/qH
> =ama0
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Netdot-users mailing list
> [email protected]
> https://osl.uoregon.edu/mailman/listinfo/netdot-users
--
Nico
--
Nico
------------------------------
Message: 4
Date: Tue, 27 Jan 2015 18:30:01 +0100
From: Nico <[email protected]>
Subject: Re: [Netdot-users] Netdot and ASA
To: Chip Pleasants <[email protected]>
Cc: "[email protected]" <[email protected]>
Message-ID:
<cakxqfmt5wfh0j3y72+5tguaeevcstit6xgqzrxnptz5zfyf...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
I'm sure i had that problem, can't remember what was it. Check:
- Perl module version, i have it working with
perl -MNet::Appliance::Session -e 'print "$Net::Appliance::Session::VERSION\n"'
4.140230
- The privileges of the user you are using on the firewall. check
that your enable (priveleged) password works, i used to use login
command to escalate privileges, i think the cli code use enable.
- You can turn on a debug flag on lib/Netdot/Model/Device/CLI.pm to
see what's going on as explained in
http://osl.uoregon.edu/pipermail/netdot-users/2012-September/001302.html
It's only uncommenting the line "#
$s->set_global_log_at('debug');" don't leave it on. run
unupdatedevice.pl for the device by hand and see what's in the output.
And also i can tell you what i have now as i have it working.
Relevant parts of etc/Site.conf
[...]
FETCH_DEVICE_INFO_VIA_CLI => {
'^ciscoASA' => 'CiscoFW',
# '^Cisco ASA' => 'CiscoFW',
'^ciscoPIXFirewall' => 'CiscoFW',
'^ciscoWsSvcFwm1sc' => 'CiscoFW',
[...]
DEVICE_CLI_CREDENTIALS => [
{ pattern => '.*samordo.*|.*gondor.*|.*mordor.*|gestion.*|fwsm.*',
login => 'fulanito',
password => 'askjdakjasd',
privileged => 'i83js8a',
transport => 'SSH',
timeout => '30',
},
[...]
And some debug on one of the asa firewalls (MACs and IPs have been
changed to dummy data (i hope)):
[...]
DEBUG - Device::_netdot_rebless: asamordor.defaultdomain: changed
class to Netdot::Model::Device::CLI::CiscoFW
[...]
DEBUG - asamordor.defaultdomain: issuing CLI command: 'show arp' over SSH
DEBUG - Device::CLI::_validate_arp: asamordor.defaultdomain: valid:
interface1 -> 1.1.1.1 -> 123456789ABC
[...]
DEBUG - PhysAddr::validate: VRRP: 123456789ABB
[...]
INFO - asamordor.defaultdomain: ARP cache fetched. 40 entries in 2 sec
DEBUG - asamordor.defaultdomain: issuing CLI command: 'show ipv6
neighbor' over SSH
INFO - asamordor.defaultdomain: IPv6 ND cache fetched. 0 entries in 4 sec
DEBUG - asamordor.defaultdomain: Updating ARP cache
DEBUG - PhysAddr::fast_update: Updating MAC addresses in DB
DEBUG - PhysAddr::fast_update: Done Updating: 24 addresses in 0 sec
DEBUG - Ipblock::fast_update: Updating IP addresses in DB
DEBUG - Ipblock::fast_update: Done Updating: 40 addresses in 1 sec
DEBUG - Ipblock::_build_tree_mem: Building hierarchy for IPv4 space
DEBUG - Ipblock::_tree_save: Saved iptree4
DEBUG - Ipblock::_buil_tree_mem done. 76827 v4 entries in 7 sec
DEBUG - Ipblock::build_tree: Applying hierarchy changes to DB
DEBUG - Ipblock::build_tree done saving 0 v4 entries in 0 sec
DEBUG - asamordor.defaultdomain: ARP cache updated. 40 entries in 9 sec
INFO - Device::snmp_update: asamordor.defaultdomain: Finished updating
INFO - bin/updatedevices.pl total runtime: 17 sec
Greetings,
2015-01-09 17:37 GMT+01:00 Chip Pleasants <[email protected]>:
> Hi All,
>
> I'm hoping someone could provide some direction for me. Looks like netdot
> can't login in to any of my ASA's. Never noticed it before today, so its
> probably always happened. I've configured netdot with the appropriate
> credentials. Any guidance would be appreciated. belos the log message I'm
> receiving.
>
>
>
> Jan 9 11:04:44 server netdot: ERROR - Device::CLI::_get_arp_from_cli:
> asa.poo.net: login failed to remote host - prompt does not match at
> /usr/share/perl5/vendor_perl/Net/Appliance/Session/Transport.pm line 77.#012
>
>
>
>
> Thanks,
> Chip
>
>
> _______________________________________________
> Netdot-users mailing list
> [email protected]
> https://osl.uoregon.edu/mailman/listinfo/netdot-users
>
--
Nico
------------------------------
_______________________________________________
Netdot-users mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-users
End of Netdot-users Digest, Vol 74, Issue 9
*******************************************
