snmpit_cisco.pm 37.1 KB
Newer Older
1
#!/usr/bin/perl -w
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4 5 6 7 8

#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#

Mac Newbold's avatar
Mac Newbold committed
9 10 11
#
# snmpit module for Cisco Catalyst 6509 switches
#
12 13 14
# TODO: Standardize returning 0 on success/failure
# TODO: Fix uninitialized variable warnings in getStats()
#
Mac Newbold's avatar
Mac Newbold committed
15 16

package snmpit_cisco;
17
use strict;
Mac Newbold's avatar
Mac Newbold committed
18 19 20

$| = 1; # Turn off line buffering on output

Mac Newbold's avatar
Mac Newbold committed
21
use English;
Mac Newbold's avatar
Mac Newbold committed
22 23 24
use SNMP;
use snmpit_lib;

25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
#
# These are the commands that can be passed to the portControl function
# below
#
my %cmdOIDs =
(
    "enable" => ["ifAdminStatus","up"],
    "disable"=> ["ifAdminStatus","down"],
    "100mbit"=> ["portAdminSpeed","s100000000"],
    "10mbit" => ["portAdminSpeed","s10000000"],
    "full"   => ["portDuplex","full"],
    "half"   => ["portDuplex","half"],
    "auto"   => ["portAdminSpeed","autoDetect",
		 "portDuplex","auto"]
);
Mac Newbold's avatar
Mac Newbold committed
40

41 42 43 44 45 46 47 48 49 50 51 52 53 54
#
# Ports can be passed around in three formats:
# ifindex: positive integer corresponding to the interface index (eg. 42)
# modport: dotted module.port format, following the physical reality of
#	Cisco switches (eg. 5.42)
# nodeport: node:port pair, referring to the node that the switch port is
# 	connected to (eg. "pc42:1")
#
# See the function convertPortFormat below for conversions between these
# formats
#
my $PORT_FORMAT_IFINDEX  = 1;
my $PORT_FORMAT_MODPORT  = 2;
my $PORT_FORMAT_NODEPORT = 3;
Mac Newbold's avatar
Mac Newbold committed
55

56 57 58 59 60 61
#
# Creates a new object.
#
# usage: new($classname,$devicename,$debuglevel)
#        returns a new object, blessed into the snmpit_cisco class.
#
Robert Ricci's avatar
Robert Ricci committed
62
sub new($$$$$$) {
Mac Newbold's avatar
Mac Newbold committed
63

64 65 66
    # The next two lines are some voodoo taken from perltoot(1)
    my $proto = shift;
    my $class = ref($proto) || $proto;
67

68 69
    my $name = shift;
    my $debugLevel = shift;
70 71
    my $switchtype = shift;
    my $community = shift;
Robert Ricci's avatar
Robert Ricci committed
72
    my $supportsPrivate = shift;
73

74 75 76 77
    #
    # Create the actual object
    #
    my $self = {};
Mac Newbold's avatar
Mac Newbold committed
78

79 80 81 82 83 84 85 86 87
    #
    # Set the defaults for this object
    # 
    if (defined($debugLevel)) {
	$self->{DEBUG} = $debugLevel;
    } else {
	$self->{DEBUG} = 0;
    }
    $self->{BLOCK} = 1;
88
    $self->{BULK} = 1;
89
    $self->{NAME} = $name;
90
    $self->{COMMUNITY} = $community;
Robert Ricci's avatar
Robert Ricci committed
91
    $self->{SUPPORTS_PRIVATE} = $supportsPrivate;
92 93 94 95 96 97 98 99 100

    # Figure out some stuff about this switch
    $switchtype =~ /^(\w+)(-ios)?$/;
    $self->{SWITHCTYPE} = $1;
    if ($2) {
	$self->{OSTYPE} = "IOS";
    } else {
	$self->{OSTYPE} = "CatOS";
    }
101 102 103 104 105 106 107 108 109 110 111

    if ($self->{DEBUG}) {
	print "snmpit_cisco module initializing... debug level $self->{DEBUG}\n";
    }

    #
    # Set up SNMP module variables, and connect to the device
    #
    $SNMP::debugging = ($self->{DEBUG} - 2) if $self->{DEBUG} > 2;
    my $mibpath = '/usr/local/share/snmp/mibs';
    &SNMP::addMibDirs($mibpath);
112 113 114 115 116
    # We list all MIBs we use, so that we don't depend on a correct .index file
    my @mibs = ("$mibpath/SNMPv2-SMI.txt", "$mibpath/SNMPv2-TC.txt",
	    "$mibpath/SNMPv2-MIB.txt", "$mibpath/IANAifType-MIB.txt",
	    "$mibpath/IF-MIB.txt", "$mibpath/RMON-MIB.txt",
	    "$mibpath/CISCO-SMI.txt", "$mibpath/CISCO-TC.txt",
Robert Ricci's avatar
Robert Ricci committed
117 118
	    "$mibpath/CISCO-VTP-MIB.txt", "$mibpath/CISCO-PAGP-MIB.txt",
	    "$mibpath/CISCO-PRIVATE-VLAN-MIB.txt");
119 120 121 122 123 124 125 126 127 128 129
	    
    if ($self->{OSTYPE} eq "CatOS") {
	push @mibs, "$mibpath/CISCO-STACK-MIB.txt";
    } elsif ($self->{OSTYPE} eq "IOS") {
	push @mibs, "$mibpath/CISCO-VLAN-MEMBERSHIP-MIB.txt";
    } else {
	warn "ERROR: Unsupported switch OS $self->{OSTYPE}\n";
	return undef;
    }

    &SNMP::addMibFiles(@mibs);
130 131 132 133 134 135 136
    
    $SNMP::save_descriptions = 1; # must be set prior to mib initialization
    SNMP::initMib();		  # parses default list of Mib modules 
    $SNMP::use_enums = 1;	  # use enum values instead of only ints

    warn ("Opening SNMP session to $self->{NAME}...") if ($self->{DEBUG});
    $self->{SESS} =
137 138
	    new SNMP::Session(DestHost => $self->{NAME},Version => "2c",
		    Community => $self->{COMMUNITY});
139 140 141 142 143 144 145
    if (!$self->{SESS}) {
	#
	# Bomb out if the session could not be established
	#
	warn "ERROR: Unable to connect via SNMP to $self->{NAME}\n";
	return undef;
    }
Mac Newbold's avatar
Mac Newbold committed
146

147 148 149 150 151
    #
    # The bless needs to occur before readifIndex(), since it's a class 
    # method
    #
    bless($self,$class);
Mac Newbold's avatar
Mac Newbold committed
152

153
    $self->readifIndex();
Mac Newbold's avatar
Mac Newbold committed
154

155
    return $self;
Mac Newbold's avatar
Mac Newbold committed
156 157
}

158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204
#
# Set a variable associated with a port. The commands to execute are given
# in the cmdOIs hash above
#
# usage: portControl($self, $command, @ports)
#	 returns 0 on success.
#	 returns number of failed ports on failure.
#	 returns -1 if the operation is unsupported
#
sub portControl ($$@) {
    my $self = shift;

    my $cmd = shift;
    my @ports = @_;

    $self->debug("portControl: $cmd -> (@ports)\n");

    #
    # Find the command in the %cmdOIDs hash (defined at the top of this file)
    #
    if (defined $cmdOIDs{$cmd}) {
	my @oid = @{$cmdOIDs{$cmd}};
	my $errors = 0;

	#
	# Convert the ports from the format they were given in to the format
	# required by the command
	#
	my $portFormat;
	if ($cmd =~ /(en)|(dis)able/) {
	    $portFormat = $PORT_FORMAT_IFINDEX;
	} else { 
	    $portFormat = $PORT_FORMAT_MODPORT;
	}
	my @portlist = $self->convertPortFormat($portFormat,@ports);

	#
	# Some commands involve multiple SNMP commands, so we need to make
	# sure we get all of them
	#
	while (@oid) {
	    my $myoid = shift @oid;
	    my $myval = shift @oid;
	    $errors += $self->UpdateField($myoid,$myval,@portlist);
	}
	return $errors;

Mac Newbold's avatar
Mac Newbold committed
205
    } else {
206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
	#
	# Command not supported
	#
	print STDERR "Unsupported port control command '$cmd' ignored.\n";
	return -1;
    }
}

#
# Convert a set of ports to an alternate format. The input format is detected
# automatically. See the declarations of the constants at the top of this
# file for a description of the different port formats.
#
# usage: convertPortFormat($self, $output format, @ports)
#        returns a list of ports in the specified output format
#        returns undef if the output format is unknown
#
# TODO: Add debugging output, better comments, more sanity checking
#
sub convertPortFormat($$@) {
    my $self = shift;
    my $output = shift;
    my @ports = @_;


    #
    # Avoid warnings by exiting if no ports given
    # 
    if (!@ports) {
	return ();
    }

    #
    # We determine the type by sampling the first port given
    #
    my $sample = $ports[0];
242
    if (!defined($sample)) {
243 244 245 246 247 248 249 250
	warn "convertPortFormat: Given a bad list of ports\n";
	return undef;
    }

    my $input;
    SWITCH: for ($sample) {
	(/^\d+$/) && do { $input = $PORT_FORMAT_IFINDEX; last; };
	(/^\d+\.\d+$/) && do { $input = $PORT_FORMAT_MODPORT; last; };
Robert Ricci's avatar
Robert Ricci committed
251 252
	(/^$self->{NAME}\.\d+\/\d+$/) && do { $input = $PORT_FORMAT_MODPORT;
		@ports = map {/^$self->{NAME}\.(\d+)\/(\d+)$/; "$1.$2";} @ports; last; };
253 254 255 256 257 258 259
	$input = $PORT_FORMAT_NODEPORT; last;
    }

    #
    # It's possible the ports are already in the right format
    #
    if ($input == $output) {
260
	$self->debug("Not converting, input format = output format\n",2);
261 262 263 264 265 266 267 268 269
	return @ports;
    }

    # Shark hack
    @ports = map {if (/(sh\d+)-\d(:\d)/) { "$1$2" } else { $_ }} @ports;
    # End shark hack

    if ($input == $PORT_FORMAT_IFINDEX) {
	if ($output == $PORT_FORMAT_MODPORT) {
270
	    $self->debug("Converting ifindex to modport\n",2);
271 272
	    return map $self->{IFINDEX}{$_}, @ports;
	} elsif ($output == $PORT_FORMAT_NODEPORT) {
273
	    $self->debug("Converting ifindex to nodeport\n",2);
274
	    return map portnum($self->{NAME}.":".$self->{IFINDEX}{$_}), @ports;
275
	}
276 277
    } elsif ($input == $PORT_FORMAT_MODPORT) {
	if ($output == $PORT_FORMAT_IFINDEX) {
278
	    $self->debug("Converting modport to ifindex\n",2);
279 280
	    return map $self->{IFINDEX}{$_}, @ports;
	} elsif ($output == $PORT_FORMAT_NODEPORT) {
281 282
	    $self->debug("Converting modport to nodeport\n",2);
	    return map portnum($self->{NAME} . ":$_"), @ports;
283
	}
284 285
    } elsif ($input == $PORT_FORMAT_NODEPORT) {
	if ($output == $PORT_FORMAT_IFINDEX) {
286
	    $self->debug("Converting nodeport to ifindex\n",2);
287 288
	    return map $self->{IFINDEX}{(split /:/,portnum($_))[1]}, @ports;
	} elsif ($output == $PORT_FORMAT_MODPORT) {
289
	    $self->debug("Converting nodeport to modport\n",2);
290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316
	    return map { (split /:/,portnum($_))[1] } @ports;
	}
    }

    #
    # Some combination we don't know how to handle
    #
    warn "convertPortFormat: Bad input/output combination ($input/$output)\n";
    return undef;

}

#
# Obtain a lock on the VLAN edit buffer. This must be done before VLANS
# are created or removed. Will retry 5 times before failing
#
# usage: vlanLock($self)
#        returns 1 on success
#        returns 0 on failure
#
sub vlanLock($) {
    my $self = shift;

    my $EditOp = 'vtpVlanEditOperation'; # use index 1
    my $BufferOwner = 'vtpVlanEditBufferOwner'; # use index 1

    #
317
    # Try max_tries times before we give up, in case some other process just
318 319 320
    # has it locked.
    #
    my $tries = 1;
321
    my $max_tries = 40;
322
    while ($tries <= $max_tries) {
323 324 325 326 327 328 329 330 331 332 333 334
    
	#
	# Attempt to grab the edit buffer
	#
	my $grabBuffer = $self->{SESS}->set([$EditOp,1,"copy","INTEGER"]);

	#
	# Check to see if we were sucessful
	#
	$self->debug("Buffer Request Set gave " .
		(defined($grabBuffer)?$grabBuffer:"undef.") . "\n");
	if (! $grabBuffer) {
335 336 337 338 339 340 341
	    #
	    # Only print this message every five tries
	    #
	    if (!($tries % 5)) {
		print STDERR "VLAN edit buffer request failed - " .
			     "try $tries of $max_tries.\n";
	    }
342 343 344 345 346
	} else {
	    last;
	}
	$tries++;

347
	sleep(3);
348 349
    }

350
    if ($tries > $max_tries) {
351 352 353 354 355
	#
	# Admit defeat and exit
	#
	print STDERR "ERROR: Failed to obtain VLAN edit buffer lock\n";
	return 0;
356
    } else {
357 358 359 360 361 362 363 364
	#
	# Set the owner of the buffer to be the machine we're running on
	#
	my $me = `/usr/bin/uname -n`;
	chomp $me;
	$self->{SESS}->set([$BufferOwner,1,$me,"OCTETSTR"]);

	return 1;
365
    }
366

Mac Newbold's avatar
Mac Newbold committed
367 368
}

369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385
#
# Release a lock on the VLAN edit buffer. As part of releasing, applies the
# VLAN edit buffer.
#
# usage: vlanUnlock($self)
#
# TODO: Finish commenting, major cleanup, removal of obsolete features
#        
sub vlanUnlock($;$) {
    my $self = shift;
    my $force = shift;

    my $EditOp = 'vtpVlanEditOperation'; # use index 1
    my $ApplyStatus = 'vtpVlanApplyStatus'; # use index 1
    my $RetVal = $self->{SESS}->set([[$EditOp,1,"apply","INTEGER"]]);
    $self->debug("Apply set: '$RetVal'\n");

386
    $RetVal = snmpitGetWarn($self->{SESS},[$ApplyStatus,1]);
387 388
    $self->debug("Apply gave $RetVal\n");
    while ($RetVal eq "inProgress") { 
389
	$RetVal = snmpitGetWarn($self->{SESS},[$ApplyStatus,1]);
390 391 392 393 394 395 396 397 398 399 400 401
	$self->debug("Apply gave $RetVal\n");
    }

    my $ApplyRetVal = $RetVal;

    if ($RetVal ne "succeeded") {
	$self->debug("Apply failed: Gave $RetVal\n");
	# Only release the buffer if they've asked to force it.
	if (!$force) {
	    $RetVal = $self->{SESS}->set([[$EditOp,1,"release","INTEGER"]]);
	    $self->debug("Release: '$RetVal'\n");
	    if (! $RetVal ) {
402 403
		warn("VLAN Reconfiguration Failed. No changes saved.\n");
		return 0;
404 405 406 407 408 409 410
	    }
	}
    } else { 
	$self->debug("Apply Succeeded.\n");
	# If I succeed, release buffer
	$RetVal = $self->{SESS}->set([[$EditOp,1,"release","INTEGER"]]);
	if (! $RetVal ) {
411 412
	    warn("VLAN Reconfiguration Failed. No changes saved.\n");
	    return 0;
413 414 415 416 417
	}
	$self->debug("Release: '$RetVal'\n");
    }
    
    return $ApplyRetVal;
Mac Newbold's avatar
Mac Newbold committed
418 419
}

420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444
# 
# Check to see if the given (cisco-specific) VLAN number exists on the switch
#
# usage: vlanNumberExists($self, $vlan_number)
#        returns 1 if the VLAN exists, 0 otherwise
#
sub vlanNumberExists($$) {
    my $self = shift;
    my $vlan_number = shift;

    my $VlanName = "vtpVlanName";

    #
    # Just look up the name for this VLAN, and see if we get an answer back
    # or not
    #
    my $rv = $self->{SESS}->get([$VlanName,"1.$vlan_number"]);
    if (!$rv) {
	print "rv was $rv\n";
	return 0;
    } else {
    	return 1;
    }
}

445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486
#
# Given VLAN indentifiers from the database, finds the cisco-specific VLAN
# number for them. If not VLAN id is given, returns mappings for the entire
# switch.
# 
# usage: findVlans($self, @vlan_ids)
#        returns a hash mapping VLAN ids to Cisco VLAN numbers
#        any VLANs not found have NULL VLAN numbers
#
sub findVlans($@) { 
    my $self = shift;
    my @vlan_ids = @_;

    my $VlanName = "vtpVlanName"; # index by 1.vlan #

    #
    # Walk the tree to find the VLAN names
    # TODO - we could optimize a bit, since, if we find all VLAN, we can stop
    # looking, potentially saving us a lot of time. But, it would require a
    # more complex walk.
    #
    my %mapping = ();
    @mapping{@vlan_ids} = undef;
    my ($rows) = $self->{SESS}->bulkwalk(0,32,[$VlanName]);
    foreach my $rowref (@$rows) {
	my ($name,$vlan_number,$vlan_name) = @$rowref;
	#
	# We get the VLAN number in the form 1.number - we need to strip
	# off the '1.' to make it useful
	#
	$vlan_number =~ s/^1\.//;

	$self->debug("Got $name $vlan_number $vlan_name\n",2);
	if (!@vlan_ids || exists $mapping{$vlan_name}) {
	    $self->debug("Putting in mapping from $vlan_name to $vlan_number\n",2);
	    $mapping{$vlan_name} = $vlan_number;
	}
    }

    return %mapping;
}

487 488
#
# Given a VLAN identifier from the database, find the cisco-specific VLAN
489 490
# number that is assigned to that VLAN. Retries several times (to account
# for propagation delays) unless the $no_retry option is given.
491
#
492
# usage: findVlan($self, $vlan_id,$no_retry)
493 494 495
#        returns the VLAN number for the given vlan_id if it exists
#        returns undef if the VLAN id is not found
#
496
sub findVlan($$;$) { 
497 498
    my $self = shift;
    my $vlan_id = shift;
499 500 501 502 503 504 505 506
    my $no_retry = shift;

    my $max_tries;
    if ($no_retry) {
	$max_tries = 1;
    } else {
	$max_tries = 10;
    }
507 508

    #
509 510
    # We try this a few time, with 1 second sleeps, since it can take
    # a while for VLAN information to propagate
511
    #
512 513
    foreach my $try (1 .. $max_tries) {

514 515 516
	my %mapping = $self->findVlans($vlan_id);
	if (defined($mapping{$vlan_id})) {
	    return $mapping{$vlan_id};
517 518
	}

519 520 521
	#
	# Wait before we try again
	#
522 523 524 525
	if ($try != $max_tries) {
	    $self->debug("VLAN find failed, trying again\n");
	    sleep 1;
	}
526
    }
527 528 529 530
    #
    # Didn't find it
    #
    return undef;
Mac Newbold's avatar
Mac Newbold committed
531 532
}

533 534
#
# Create a VLAN on this switch, with the given identifier (which comes from
535 536
# the database.) If $vlan_number is given, attempts to use it when creating
# the vlan - otherwise, picks its own Cisco-specific VLAN number.
537
#
538 539
# usage: createVlan($self, $vlan_id, $vlan_number, [,$private_type
# 		[,$private_primary, $private_port]])
540
#        returns the new VLAN number on success
541
#        returns 0 on failure
Robert Ricci's avatar
Robert Ricci committed
542 543 544
#        if $private_type is given, creates a private VLAN - if private_type
#        is 'community' or 'isolated', then the assocated primary VLAN and
#        promiscous port must also be given
545
#
Robert Ricci's avatar
Robert Ricci committed
546
sub createVlan($$;$$$) {
547 548
    my $self = shift;
    my $vlan_id = shift;
549
    my $vlan_number = shift;
550

Robert Ricci's avatar
Robert Ricci committed
551 552 553 554 555 556 557 558 559 560
    my ($private_type,$private_primary,$private_port);
    if (@_) {
	$private_type = shift;
	if ($private_type ne "primary") {
	    $private_primary = shift;
	    $private_port = shift;
	}
    } else {
	$private_type = "normal";
    }
561

Robert Ricci's avatar
Robert Ricci committed
562 563 564 565 566 567 568

    my $okay = 1;

    my $VlanType = 'vtpVlanEditType'; # vlan # is index
    my $VlanName = 'vtpVlanEditName'; # vlan # is index
    my $VlanSAID = 'vtpVlanEditDot10Said'; # vlan # is index
    my $VlanRowStatus = 'vtpVlanEditRowStatus'; # vlan # is index
569

570 571 572 573 574 575 576 577 578 579
    #
    # If they gave a VLAN number, make sure it exists
    #
    if ($vlan_number) {
	if ($self->vlanNumberExists($vlan_number)) {
	    print STDERR "ERROR: VLAN $vlan_number already exists\n";
	    return 0;
	}
    }
    
580
    #
581 582 583 584
    # We may have to do this multiple times - a few times, we've had the
    # Cisco give no errors, but fail to actually create the VLAN. So, we'll
    # make sure it gets created, and retry if it did not. Of course, we don't
    # want to try forever, though....
585
    #
586 587 588
    my $max_tries = 3;
    my $tries_remaining = $max_tries;
    while ($tries_remaining) {
589
	#
590
	# Try to wait out transient failures
591
	#
592 593 594 595 596 597
	if ($tries_remaining != $max_tries) {
	    print STDERR "VLAN creation failed, trying again " .
		"($tries_remaining tries left)\n";
	    sleep 5;
	}
	$tries_remaining--;
598

599 600 601
	if (!$self->vlanLock()) {
	    next;
	}
602

603
	if (!$vlan_number) {
604
	    #
605 606 607
	    # Find a free VLAN number to use. Since 1 is the default VLAN on
	    # Ciscos, we start with number 2.
	    # XXX: The maximum VLAN number is hardcoded at 1000
608
	    #
609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625
	    $vlan_number = 2; # We need to start at 2
	    my $RetVal = snmpitGetFatal($self->{SESS},
		[$VlanRowStatus,"1.$vlan_number"]);
	    $self->debug("Row $vlan_number got '$RetVal'\n",2);
	    while (($RetVal ne 'NOSUCHINSTANCE') && ($vlan_number <= 1000)) {
		$vlan_number += 1;
		$RetVal = snmpitGetFatal($self->{SESS},
		    [$VlanRowStatus,"1.$vlan_number"]);
		$self->debug("Row $vlan_number got '$RetVal'\n",2);
	    }
	    if ($vlan_number > 1000) {
		#
		# We must have failed to find one
		#
		print STDERR "ERROR: Failed to find a free VLAN number\n";
		next;
	    }
626
	}
627

628
	$self->debug("Using Row $vlan_number\n");
629

630 631 632 633 634
	#
	# SAID is a funky security identifier that _must_ be set for VLAN
	# creation to suceeed.
	#
	my $SAID = pack("H*",sprintf("%08x",$vlan_number + 100000));
635

636 637 638 639 640 641
	print "  Creating VLAN $vlan_id as VLAN #$vlan_number ... ";

	#
	# Perform the actual creation. Yes, this next line MUST happen all in
	# one set command....
	#
642
	my $RetVal = $self->{SESS}->set([[$VlanRowStatus,"1.$vlan_number",
643
			"createAndGo","INTEGER"],
Robert Ricci's avatar
Robert Ricci committed
644 645 646
		[$VlanType,"1.$vlan_number","ethernet","INTEGER"],
		[$VlanName,"1.$vlan_number",$vlan_id,"OCTETSTR"],
		[$VlanSAID,"1.$vlan_number",$SAID,"OCTETSTR"]]);
647 648 649 650 651 652 653 654
	print "",($RetVal? "Succeeded":"Failed"), ".\n";

	#
	# Check for success
	#
	if (!$RetVal) {
	    print STDERR "VLAN Create '$vlan_id' as VLAN $vlan_number " .
		    "failed.\n";
Robert Ricci's avatar
Robert Ricci committed
655
	    $self->vlanUnlock();
656 657
	    next;
	} else {
Robert Ricci's avatar
Robert Ricci committed
658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698
	    #
	    # Handle private VLANs - Part I: Stuff that has to be done while we
	    # have the edit buffer locked
	    #
	    if ($self->{SUPPORTS_PRIVATE} && $private_type ne "normal") {
		#
		# First, set the private VLAN type
		#
		my $PVlanType = "cpvlanVlanEditPrivateVlanType";
		print "    Setting private VLAN type to $private_type ... ";
		$RetVal = $self->{SESS}->set([$PVlanType,"1.$vlan_number",$private_type,
		    'INTEGER']);
		print "",($RetVal? "Succeeded":"Failed"), ".\n";
		if (!$RetVal) {
		    $okay = 0;
		}
		if ($okay) {
		    #
		    # Now, if this isn't a primary VLAN, associate it with its
		    # primary VLAN
		    #
		    if ($private_type ne "primary") {
			my $PVlanAssoc = "cpvlanVlanEditAssocPrimaryVlan";
			my $primary_number = $self->findVlan($private_primary);
			if (!$primary_number) {
			    print "    **** Error - Primary VLAN " .
			    	"$private_primary could not be found\n";
			    $okay = 0;
			} else {
			    print "    Associating with $private_primary (#$primary_number) ... ";
			    $RetVal = $self->{SESS}->set([[$PVlanAssoc,"1.$vlan_number",
				$primary_number,"INTEGER"]]);
			    print "", ($RetVal? "Succeeded":"Failed"), ".\n";
			    if (!$RetVal) {
				$okay = 0;
			    }
			}
		    }
		}
	    }

699 700 701 702 703 704 705 706 707 708 709 710 711
	    $RetVal = $self->vlanUnlock();
	    $self->debug("Got $RetVal from vlanUnlock\n");

	    #
	    # Unfortunately, there are some rare circumstances in which it
	    # seems that we can't trust the switch to tell us the truth.
	    # So, let's use findVlan to see if it really got created.
	    #
	    if (!$self->findVlan($vlan_id)) {
		print STDERR "*** Switch reported success, but VLAN did not " .
			     "get created - trying again\n";
		next;	     
	    }
Robert Ricci's avatar
Robert Ricci committed
712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766
	    if ($self->{SUPPORTS_PRIVATE} && $private_type ne "normal" &&
		$private_type ne "primary") {

		#
		# Handle private VLANs - Part II: Set up the promiscuous port -
		# this has to be done after we release the edit buffer
		#

		my $SecondaryPort = 'cpvlanPromPortSecondaryRemap';

		my ($ifIndex) = $self->convertPortFormat($PORT_FORMAT_IFINDEX,
		    $private_port);

		if (!$ifIndex) {
		    print STDERR "    **** ERROR - unable to find promiscous " .
			"port $private_port!\n";
		    $okay = 0;
		}

		if ($okay) {
		    print "    Setting promiscuous port to $private_port ... ";

		    #
		    # Get the existing bitfield used to maintain the mapping
		    # for the port
		    #
		    my $bitfield = $self->{SESS}->get([$SecondaryPort,$ifIndex]);
		    my $unpacked = unpack("B*",$bitfield);

		    #
		    # Put this into an array of 1s and 0s for easy manipulation
		    # We have to pad this out to 128 bits, because it's given
		    # back as the empty string if no bits are set yet.
		    #
		    my @bits = split //,$unpacked;
		    foreach my $bit (0 .. 127) {
			if (!defined $bits[$bit]) {
			    $bits[$bit] = 0;
			}
		    }

		    $bits[$vlan_number] = 1;

		    # Pack it back up...
		    $unpacked = join('',@bits);

		    $bitfield = pack("B*",$unpacked);

		    # And save it back...
		    $RetVal = $self->{SESS}->set([$SecondaryPort,$ifIndex,$bitfield,
			"OCTETSTR"]);
		    print "", ($RetVal? "Succeeded":"Failed"), ".\n";

		}
	    }
767 768 769 770 771
	    if ($okay) {
		return $vlan_number;
	    } else {
		return 0;
	    }
772
	}
773
    }
774 775 776 777

    print STDERR "*** Failed to create VLAN $vlan_id after $max_tries tries " .
		 "- giving up\n";
    return 0;
778 779 780
}

#
781 782
# Put the given ports in the given VLAN. The VLAN is given as a cisco-specific
# VLAN number
783
#
784
# usage: setPortVlan($self, $vlan_number, @ports)
785 786 787 788 789
#	 returns 0 on sucess.
#	 returns the number of failed ports on failure.
#
sub setPortVlan($$@) {
    my $self = shift;
790
    my $vlan_number = shift;
791 792 793 794
    my @ports = @_;

    my $errors = 0;

795 796
    if (!$self->vlanNumberExists($vlan_number)) {
	print STDERR "ERROR: VLAN $vlan_number does not exist\n";
797 798 799 800
	return 1;
    }

    #
Robert Ricci's avatar
Robert Ricci committed
801 802
    # If this switch supports private VLANs, check to see if the VLAN we're
    # putting it into is a secondary private VLAN
803
    #
Robert Ricci's avatar
Robert Ricci committed
804 805 806 807 808 809 810 811 812 813 814 815 816 817 818
    my $privateVlan = 0;
    if ($self->{SUPPORTS_PRIVATE}) {
	$self->debug("Checking to see if vlan is private ... ");
	my $PrivateType = "cpvlanVlanPrivateVlanType";
	my $type = snmpitGetFatal($self->{SESS},[$PrivateType,"1.$vlan_number"]);
	$self->debug("type is $type ... ");
	if ($type eq "community" ||  $type eq "isolated") {
	    $self->debug("It is\n");
	    $privateVlan = 1;
	} else {
	    $self->debug("It isn't\n");
	}
    }

    my $PortVlanMemb;
819 820
    my $format;
    if ($self->{OSTYPE} eq "CatOS") {
Robert Ricci's avatar
Robert Ricci committed
821 822 823 824 825 826 827
	if (!$privateVlan) {
	    $PortVlanMemb = "vlanPortVlan"; #index is ifIndex
	    $format = $PORT_FORMAT_MODPORT;
	} else {
	    $PortVlanMemb = "cpvlanPrivatePortSecondaryVlan";
	    $format = $PORT_FORMAT_IFINDEX;
	}
828
    } elsif ($self->{OSTYPE} eq "IOS") {
Robert Ricci's avatar
Robert Ricci committed
829
	$PortVlanMemb = "vmVlan"; #index is ifIndex
830 831 832
	$format = $PORT_FORMAT_IFINDEX;
    }

Robert Ricci's avatar
Robert Ricci committed
833 834 835
    #
    # Convert ports from the format the were passed in to the correct format
    #
836
    my @portlist = $self->convertPortFormat($format,@ports);
837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863

    #
    # We'll keep track of which ports suceeded, so that we don't try to
    # enable/disable, etc. ports that failed.
    #
    my @okports = ();
    foreach my $port (@portlist) {

	# 
	# Make sure the port didn't get mangled in conversion
	#
	if (!defined $port) {
	    print STDERR "Port not found, skipping\n";
	    $errors++;
	    next;
	}
	$self->debug("Putting port $port in VLAN $vlan_number\n");

	#
	# Do the acutal SNMP command
	#
	my $RetVal = $self->{SESS}->set([$PortVlanMemb,$port,$vlan_number,
					 'INTEGER']);
	if (!$RetVal) {
	    print STDERR "$port VLAN change failed with $RetVal.\n";
	    $errors++;
	    next;
Mac Newbold's avatar
Mac Newbold committed
864
	} else {
865
	    push @okports, $port;
Mac Newbold's avatar
Mac Newbold committed
866
	}
867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885
    }

    #
    # Ports going into VLAN 1 are being taken out of circulation, so we
    # disable them. Otherwise, we need to make sure they get enabled.
    #
    if ($vlan_number == 1) {
	$self->debug("Disabling " . join(',',@ports) . "...");
	if ( my $rv = $self->portControl("disable",@ports) ) {
	    print STDERR "Port disable had $rv failures.\n";
	    $errors += $rv;
	}
    } else {
	$self->debug("Enabling "  . join(',',@ports) . "...");
	if ( my $rv = $self->portControl("enable",@ports) ) {
	    print STDERR "Port enable had $rv failures.\n";
	    $errors += $rv;
	}
    }
Mac Newbold's avatar
Mac Newbold committed
886

887
    return $errors;
888 889
}

890
#
891 892
# Remove all ports from the given VLANs, which are given as Cisco-specific
# VLAN numbers
893
#
894
# usage: removePortsFromVlan(self,int vlans)
895 896 897
#	 returns 0 on sucess.
#	 returns the number of failed ports on failure.
#
898
sub removePortsFromVlan($@) {
899
    my $self = shift;
900
    my @vlan_numbers = @_;
901 902

    #
903
    # Make sure the VLANs actually exist
904
    #
905 906 907
    foreach my $vlan_number (@vlan_numbers) {
	if (!$self->vlanNumberExists($vlan_number)) {
	    print STDERR "ERROR: VLAN $vlan_number does not exist\n";
908 909
	    return 1;
	}
910 911
    }

912 913 914 915 916 917
    #
    # Make a hash of the vlan number for easy lookup later
    #
    my %vlan_numbers = ();
    @vlan_numbers{@vlan_numbers} = 1;

918 919 920
    #
    # Get a list of the ports in the VLAN
    #
921 922 923 924 925 926
    my $VlanPortVlan;
    if ($self->{OSTYPE} eq "CatOS") {
	$VlanPortVlan = "vlanPortVlan"; #index is ifIndex
    } elsif ($self->{OSTYPE} eq "IOS") {
	$VlanPortVlan = "vmVlan"; #index is ifIndex
    }
927
    my @ports;
928 929 930 931

    #
    # Walk the tree to find VLAN membership
    #
932
    my ($rows) = $self->{SESS}->bulkwalk(0,32,$VlanPortVlan);
933
    foreach my $rowref (@$rows) {
934 935 936
	my ($name,$modport,$port_vlan_number) = @$rowref;
	$self->debug("Got $name $modport $port_vlan_number\n");
	if ($vlan_numbers{$port_vlan_number}) {
937
	    push @ports, $modport;
Mac Newbold's avatar
Mac Newbold committed
938 939 940
	}
    }

941 942
    $self->debug("About to remove ports " . join(",",@ports) . "\n");
    if (@ports) {
943
	return $self->setPortVlan(1,@ports);
Mac Newbold's avatar
Mac Newbold committed
944
    } else {
945
	return 0;
Mac Newbold's avatar
Mac Newbold committed
946
    }
947 948 949 950 951
}

#
# Remove the given VLAN from this switch. This presupposes that all of its
# ports have already been removed with removePortsFromVlan(). The VLAN is
952
# given as a Cisco-specific VLAN number
953 954 955 956 957 958
#
# usage: removeVlan(self,int vlan)
#	 returns 1 on success
#	 returns 0 on failure
#
#
959
sub removeVlan($@) {
960
    my $self = shift;
961
    my @vlan_numbers = @_;
962 963 964 965 966 967 968 969

    #
    # Need to lock the VLAN edit buffer
    #
    if (!$self->vlanLock()) {
    	return 0;
    }

970 971
    my $errors = 0;

972
    foreach my $vlan_number (@vlan_numbers) {
973
	#
974
	# Make sure the VLAN actually exists
975
	#
976 977
	if (!$self->vlanNumberExists($vlan_number)) {
	    print STDERR "ERROR: VLAN $vlan_number does not exist\n";
978 979 980 981 982 983
	    return 0;
	}

	#
	# Perform the actual removal
	#
Robert Ricci's avatar
Robert Ricci committed
984
	my $VlanRowStatus = 'vtpVlanEditRowStatus'; # vlan is index
985 986

	print "  Removing VLAN #$vlan_number ... ";
Robert Ricci's avatar
Robert Ricci committed
987
	my $RetVal = $self->{SESS}->set([$VlanRowStatus,"1.$vlan_number",
988 989 990 991 992 993 994 995
					 "destroy","INTEGER"]);
	if ($RetVal) {
	    print "Succeeded.\n";
	} else {
	    print "Failed.\n";
	    $errors++;
	}
    }
996 997 998 999 1000 1001

    #
    # Unlock whether successful or not
    #
    $self->vlanUnlock();

1002
    if ($errors) {
1003
	return 0;
Mac Newbold's avatar
Mac Newbold committed
1004
    } else {
1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020
	return 1;
    }

}

#
# TODO: Cleanup
#
sub UpdateField($$$@) {
    my $self = shift;
    # returns 0 on success, # of failed ports on failure
    $self->debug("UpdateField: '@_'\n");
    my ($OID,$val,@ports)= @_;
    my $Status = 0;
    my $err = 0;
    foreach my $port (@ports) {
Robert Ricci's avatar
Robert Ricci committed
1021 1022 1023
	my ($trans) = convertPortFormat($PORT_FORMAT_NODEPORT,$port);
	if (!defined $trans) {
	    $trans = ""; # Guard against some uninitialized value warnings
1024 1025
	}
	$self->debug("Checking port $port ($trans) for $val...");
1026
	$Status = snmpitGetFatal($self->{SESS},[$OID,$port]);
1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040
	if (!defined $Status) {
	    warn "Port $port ($trans), change to $val: No answer from device\n";
	    return -1;		# return error
	} else {
	    $self->debug("Okay.\n");
	    $self->debug("Port $port was $Status\n");
	    if ($Status ne $val) {
		$self->debug("Setting $port to $val...");
		# Don't use async
		my $result = $self->{SESS}->set([$OID,$port,$val,"INTEGER"]);
		$self->debug("Set returned '$result'\n") if (defined $result);
		if ($self->{BLOCK}) {
		    my $n = 0;
		    while ($Status ne $val) {
1041
			$Status = snmpitGetFatal($self->{SESS},[$OID,$port]);
1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055
			$self->debug("Value for $port was $Status\n");
			select (undef, undef, undef, .25); # wait .25 seconds
			$n++;
			if ($n > 20) {
			    $err++;
			    $self->debug("Timing out...");
			    last;
			}
		    }
		    $self->debug("Okay.\n");
		} else {
		    $self->debug("\n");
		}
	    }
Mac Newbold's avatar
Mac Newbold committed
1056 1057
	}
    }
1058 1059
    # returns 0 on success, # of failed ports on failure
    $err;
Mac Newbold's avatar
Mac Newbold committed
1060 1061
}

1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073
#
# List all VLANs on the device
#
# usage: listVlans($self)
# see snmpit_cisco_stack.pm for a description of return value format
#
sub listVlans($) {
    my $self = shift;

    $self->debug("Getting VLAN info...\n");
    # We don't need VlanIndex really...
    my $VlanName = ["vtpVlanName"]; # index by 1.vlan #
1074 1075 1076 1077 1078 1079 1080

    my $VlanPortVlan;
    if ($self->{OSTYPE} eq "CatOS") {
	$VlanPortVlan = "vlanPortVlan"; #index is ifIndex
    } elsif ($self->{OSTYPE} eq "IOS") {
	$VlanPortVlan = "vmVlan"; #index is ifIndex
    }
1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098

    #
    # Walk the tree to find the VLAN names
    #
    my ($rows) = $self->{SESS}->bulkwalk(0,32,$VlanName);
    my %Names = ();
    foreach my $rowref (@$rows) {
	my ($name,$vlan_number,$vlan_name) = @$rowref;
	#
	# We get the VLAN number in the form 1.number - we need to strip
	# off the '1.' to make it useful
	#
	$vlan_number =~ s/^1\.//;

	$self->debug("Got $name $vlan_number $vlan_name\n",3);
	if (!$Names{$vlan_number}) {
	    $Names{$vlan_number} = $vlan_name;
	}
Mac Newbold's avatar
Mac Newbold committed
1099
    }
1100 1101 1102 1103 1104 1105 1106 1107 1108

    #
    # Walk the tree for the VLAN members
    #
    ($rows) = $self->{SESS}->bulkwalk(0,32,$VlanPortVlan);
    my %Members = ();
    foreach my $rowref (@$rows) {
	my ($name,$modport,$vlan_number) = @$rowref;
	$self->debug("Got $name $modport $vlan_number\n",3);
1109 1110
	my ($node) = $self->convertPortFormat($PORT_FORMAT_NODEPORT,$modport);
	if (!$node) {
Robert Ricci's avatar
Robert Ricci committed
1111 1112
	    $modport =~ s/\./\//;
	    $node = $self->{NAME} . ".$modport";
1113
	}
1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132
	push @{$Members{$vlan_number}}, $node;
    }

    #
    # Build a list from the name and membership lists
    #
    my @list = ();
    foreach my $vlan_id (sort {$a <=> $b} keys %Names) {
    	if ($vlan_id != 1) {
	    #
    	    # Special case for Cisco - VLAN 1 is special and should not
    	    # be reported
	    #
    	    push @list, [$Names{$vlan_id},$vlan_id,$Members{$vlan_id}];
    	}
    }
    $self->debug(join("\n",@list)."\n",2);

    return @list;
Mac Newbold's avatar
Mac Newbold committed
1133 1134
}

1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190
#
# List all ports on the device
#
# usage: listPorts($self)
# see snmpit_cisco_stack.pm for a description of return value format
#
# TODO: convert to bulkwalk
#
sub listPorts($) {
    my $self = shift;

    my %Able = ();
    my %Link = ();
    my %speed = ();
    my %duplex = ();
    my $ifTable = ["ifAdminStatus",0];
    my @data=();

    # TODO: Clean up this section and convert to bulkwalk
    #do one to get the first field...
    $self->debug("Getting port information...\n");
    do {{
	$self->{SESS}->getnext($ifTable);
	@data = @{$ifTable};
	if ($data[0] eq "ifLastChange") {
	    $ifTable = ["portAdminSpeed",0];
	    $self->{SESS}->getnext($ifTable);
	    @data = @{$ifTable};
	}
	if (! defined $self->{IFINDEX}{$data[1]}) { next; }
	my $port = portnum("$self->{NAME}:$data[1]")
	    || portnum("$self->{NAME}:".$self->{IFINDEX}{$data[1]});
	if (! defined $port) { next; }
	$self->debug("$port\t$data[0]\t$data[2]\n",2);
	if    ($data[0]=~/AdminStatus/) {$Able{$port}=($data[2]=~/up/?"yes":"no");}
	elsif ($data[0]=~/ifOperStatus/)         {  $Link{$port}=$data[2];}
	elsif ($data[0]=~/AdminSpeed/)           { $speed{$port}=$data[2];}
	elsif ($data[0]=~/Duplex/)               {$duplex{$port}=$data[2];}
	# Insert stuff here to get ifSpeed if necessary... AdminSpeed is the
	# _desired_ speed, and ifSpeed is the _real_ speed it is using
	}} while ( $data[0] =~
	    /(i(f).*Status)|(port(AdminSpeed|Duplex))/) ;

    #
    # Put all of the data gathered in the loop into a list suitable for
    # returning
    #
    my @rv = ();
    foreach my $id ( keys %Able ) {
	my $vlan;
	if (! defined ($speed{$id}) ) { $speed{$id} = " "; }
	if (! defined ($duplex{$id}) ) { $duplex{$id} = " "; }
	$speed{$id} =~ s/s([10]+)000000/${1}Mbps/;
	push @rv, [$id,$Able{$id},$Link{$id},$speed{$id},$duplex{$id}];
    }
    return @rv;
Mac Newbold's avatar
Mac Newbold committed
1191 1192
}

1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231
# 
# Get statistics for ports on the switch
#
# usage: getPorts($self)
# see snmpit_cisco_stack.pm for a description of return value format
#
# TODO: Clean up undefined variable warnings
#
sub getStats ($) {
    my $self = shift;

    #
    # Walk the tree for the VLAN members
    #
    my $vars = new SNMP::VarList(['ifInOctets'],['ifInUcastPkts'],
    				 ['ifInNUcastPkts'],['ifInDiscards'],
				 ['ifInErrors'],['ifInUnknownProtos'],
				 ['ifOutOctets'],['ifOutUcastPkts'],
				 ['ifOutNUcastPkts'],['ifOutDiscards'],
				 ['ifOutErrors'],['ifOutQLen']);
    my @stats = $self->{SESS}->bulkwalk(0,32,$vars);

    #
    # We need to flip the two-dimentional array we got from bulkwalk on
    # its side, and convert ifindexes into node:port
    #
    my $i = 0;
    my %stats;
    foreach my $array (@stats) {
	while (@$array) {
	    my ($name,$ifindex,$value) = @{shift @$array};
	    my ($port) = $self->convertPortFormat($PORT_FORMAT_NODEPORT,$ifindex);
	    if ($port) {
		${$stats{$port}}[$i] = $value;
	    }
	}
	$i++;
    }

1232
    return map [$_,@{$stats{$_}}], sort {tbsort($a,$b)} keys %stats;
1233

Mac Newbold's avatar
Mac Newbold committed
1234 1235
}

1236 1237 1238
#
# Enable, or disable,  port on a trunk
#
1239
# usage: setVlansOnTrunk(self, modport, value, vlan_numbers)
1240 1241
#        modport: module.port of the trunk to operate on
#        value: 0 to disallow the VLAN on the trunk, 1 to allow it
1242
#	 vlan_numbers: An array of cisco-native VLAN numbers operate on
1243