Posts tagged ‘network management’

10 February, 2012

Get Cisco Serial Numbers with SNMP

by gorthx

A friend asked me how to go about doing this, and I figured I’d post it here so he can find it again if he needs it.

You’ve already discovered that snmp-server chassis-id is a user-maintained field and therefore not reliable [1], so you can skip trying to use chassisId (1.3.6.1.4.1.9.3.6.3) from OLD-CISCO-CHASSIS-MIB. It’s supposed to be depracated anyway.

Newer equipment supports the ENTITY-MIB. (For certain definitions of “support” … it’s not pretty.)

There are a number of ways to do this. The most straightforward, if you’re starting from scratch, is to walk entPhysicalClass and look for items of type 3, chassis.

It’ll look like this:
:::-->snmpwalk -v 2c -M ~/.snmp/mibs -m ENTITY-MIB -c public -O s myswitch entPhysicalClass | grep chassis
entPhysicalClass.1001 = INTEGER: chassis(3)

Then, use entPhysicalSerialNum and the iid you just found (the 1001 in the previous example) to find the serial number:
:::-->snmpget -v 2c -M ~/.snmp/mibs -m ENTITY-MIB -c public -O s myswitch entPhysicalSerialNum.1001
entPhysicalSerialNum.1001 = STRING: FOC14475A35

In case you don’t have those mibs installed & don’t want to bother with it, here are the numerical equivalents:
entPhysicalClass .1.3.6.1.2.1.47.1.1.1.1.5
entPhysicalSerialNum .1.3.6.1.2.1.47.1.1.1.1.11

That method would look like this:
:::-->snmpwalk -v 2c -c public -O s myswitch .1.3.6.1.2.1.47.1.1.1.1.5 | grep "INTEGER: 3"
mib-2.47.1.1.1.1.5.1001 = INTEGER: 3
:::-->snmpget -v 2c -c public -O s myswitch .1.3.6.1.2.1.47.1.1.1.1.11.1001
mib-2.47.1.1.1.1.11.1001 = STRING: "FOC14475A35"

Now, if you want to get fancy and maybe find out the model number as well, you can then check any of the following (in order of how useful they’ve been to me personally):
entPhysicalModelName .1.3.6.1.2.1.47.1.1.1.1.11.13
entPhysicalDescr .1.3.6.1.2.1.47.1.1.1.1.11.2
entPhysicalName .1.3.6.1.2.1.47.1.1.1.1.11.7

…which would look like this:
:::-->snmpget -v 2c -M ~/.snmp/mibs -m ENTITY-MIB -c public -O s myswitch \
entPhysicalModelName.1001 \
entPhysicalDescr.1001 \
entPhysicalName.1001
entPhysicalModelName.1001 = STRING: SM-ES3G-16-P
entPhysicalDescr.1001 = STRING: SM-ES3G-16-P
entPhysicalName.1001 = STRING: 1



1 – These things tend to migrate off the equipment they were originally configured on, on to other machines, via a copy & paste vector. Pretty soon you have five or six different boxes that supposedly have the same serial number.

9 December, 2011

Friday Snark – Cisco’s VTP MIB

by gorthx

OK, Cisco, what.is.up. with the CISCO-VTP-MIB? Let’s look at the vtpVersion OID, for starters. One would expect that it would contain, maybe, the vtp version running on the host, right?

Check this out, from the definition for that OID in the mib (available here)

"The version of VTP in use on the local system."
…so it is the VTP version…

"A device will report its version capability and not any particular version in use on the device."

…only not really. (Yes, the documentation contradicts itself. This is one of the reasons network management is so frustrating.)

Turns out you need to read further down in the MIB and use managementDomainVersionInUse (“The current version of the VTP that is in use by the designated management domain.”) to get the VTP version currently running. Right-O.

(The rest of the definition for vtpVersion states: “If the device does not support vtp, the version is none(3).” This wasn’t my experience – most of my switches (3500 and 6500 series) reported ‘none’, and were actually running v1 or v2.)

8 June, 2010

Using rrdgraph’s –right-axis options

by gorthx

Update 16 Jan 2013: I just noticed this post is one of my most-viewed. Unfortunately, when I moved it to wordpress, I lost the images that go with it. I’m planning to create new ones, but will have to create some data for it, as I’m no longer working as a network admin. The examples should still work, though, and if you have access to .rrd files, you can try them out for yourself – just adjust the DSes yourself.


(Note: This is a very simplified (but real-life!) example. Usually we’ll include the “in” data on the same graph, and Errors and QueueDrops etc, but that clutters up the example.)

So, say we have an interface that’s dropping packets. Not too many, but the ideal number is zero, so we’d like to see them in the graphs in our NMS (which is based on rrdtool as all decent NMSes are). We use rrdgraph to show packets out in black and packets that should have gone out, but were discarded instead, in purple:

rrdtool graph images/router-errors-unscaled.png
--title "unscaled"
--vertical-label 'Pkts/Second'
--start end-2day
--end -1hr
--width 800
--height 250
--imgformat PNG
--interlace
DEF:ifOutUcastPkts=router.rrd:ifOutUcastPkts:AVERAGE
DEF:ifOutNUcastPkts=router.rrd:ifOutNUcastPkts:AVERAGE
DEF:ifOutDiscards=router.rrd:ifOutDiscards:AVERAGE
CDEF:ifOutPkts=ifOutUcastPkts,ifOutNUcastPkts,+
LINE1:ifOutPkts#003300:ifOutPkts/sec
LINE1:ifOutDiscards#990099:ifOutDiscards/sec\n
GPRINT:ifOutPkts:AVERAGE:"Avg ifOutPkts %1.2lf\n"
GPRINT:ifOutDiscards:MAX:"Max ifOutDiscards %1.2lf"

That produces a graph like this:

unscaled example graph

(Click on the thumbnails to get the full graphs.)

We can read the average rate of discarded packets in the graph key at the bottom, and there are tiny little blips in the purple line that represents discards , but we don’t have a strong visual cue that something is off.

One possible solution is to scale up the discard values relative to the total packets. A factor of 100 ought to do it. Then we’ll use the –right-axis options to rrdgraph to label the right-hand y-axis accordingly.

We add this CDEF to provide the scaling (the LINE1 etc commands will need to be altered accordingly; you’ll see those in the final snippet):

CDEF:scaled_ifOutDiscards=ifOutDiscards,100,*

That gives us a graph that looks like this:

scaled example graph

Note that it now looks like we’re dropping up to 70 packets/second – we still have to read the stats in the key at the bottom of the graph. So let’s get the secondary y-axis correctly labeled & scaled, with the following commands:

--right-axis-label 'Discards/Second'
--right-axis 0.01:0

–right-axis-label prints the specified text along the right-hand axis.
–right-axis [scale:shift] scales and/or shifts the tickmarks on the right axis relative to the left axis. In this case, the new values we’re displaying are 100X the original values, so we need to scale our axis accordingly: 0.01. More simply: left/right = 1/100. We don’t need to start at a value other than 0, so we set the shift value to 0.

example graph with second y-axis

Hmmm…rrdtool has automatically converted our values to milli-units. (Note the lower-case m in the labels.) Let’s fix that with the –right-axis-format command:

--right-axis-format %1.1lf

example graph with second y-axis, formatted

And that’s all there is to it!

The final rrdgraph command looks like this:
rrdtool graph images/router-right-axis-format.png
--title "right-axis-format"
--vertical-label 'Pkts/Second'
--right-axis-label 'Discards/Second'
--right-axis 0.01:0
--right-axis-format %1.1lf
--start end-2day
--end -1hr
--width 800
--height 250
--imgformat PNG
--interlace
DEF:ifOutUcastPkts=router.rrd:ifOutUcastPkts:AVERAGE
DEF:ifOutNUcastPkts=router.rrd:ifOutNUcastPkts:AVERAGE
DEF:ifOutDiscards=router.rrd:ifOutDiscards:AVERAGE
CDEF:scaled_ifOutDiscards=ifOutDiscards,100,*
CDEF:ifOutPkts=ifOutUcastPkts,ifOutNUcastPkts,+
LINE1:ifOutPkts#003300:ifOutPkts/sec
LINE1:scaled_ifOutDiscards#990099:ifOutDiscards/sec\n
GPRINT:ifOutPkts:AVERAGE:"Avg ifOutPkts %1.2lf\n"
GPRINT:ifOutDiscards:MAX:"Max ifOutDiscards %1.2lf"

3 April, 2009

Friday Happy Hour: Gimme some sugar, baby.

by gorthx

Time for some more fun with managing user data, of the “who was connected where and when” type. I’m going to use PostgreSQL row constructors & subqueries to filter my data.

I have a table that contains switch names & ports which are connected to other switches:
testytest=# SELECT switch_name, switch_port, connected_to
FROM switch_connections;
switch_name | switch_port | connected_to
-------------+-------------+--------------
switch-1 | 1 | switch-2
switch-1 | 2 | switch-3
switch-2 | 1 | switch-1
switch-3 | 1 | switch-1
(4 rows)

Another table contains hostnames found on each switch port at a given point in time:

read more »

6 March, 2009

Friday Happy Hour: PostgreSQL & mac addresses

by gorthx

Postgres has a datatype just for storing mac addresses. Let’s check it out!

read more »

10 November, 2008

Quick Guide: Ubuntu box as syslog server

by gorthx

You need:
root/sudo access to a statically-addressed Ubuntu machine.  (It will need to be on whenever your router is on in order to get anything good out of this.) This is your log host.
Enable access to your Cisco router.

Part 1: Set up your log host.

Step 1: before editing any of the files discussed below, be sure to back them up, e.g.:
cp /etc/syslog.conf /etc/syslog.conf.dontmessthisup

Step 2: edit /etc/syslog.conf to include this:
#router logging
local6.debug                    /var/log/cisco.log

This means “send all messages from facility local6, with a priority of debug or greater, to /var/log/cisco.log”.

(Note that the default facility for Cisco is local7; if you want/need to use the Cisco default, change the above accordingly.)

Step 3: create the log file I specified above:
sudo touch /var/log/cisco.log

read more »