Add a few columns to the dot1x feature

[JorisFRST]

New feature :

Add a column "Assigned VLAN" from : 1.3.6.1.4.1.9.9.656.1.4.1.1.22 (cafSessionVlanGroupName) Add a column "Authorized by" from : .1.3.6.1.4.1.9.9.656.1.4.1.1.12 (cafSessionAuthorizedBy)

In our implementation we mostly use 802.1x to set the vlan or diver to a guest vlan. Having this in the mac track view would be a good addition.

[jpobeda]

@JorisFRST , just out of curiosity, what do you get when walking those OIDs?

I also assign VLANs from Radius and I only get either an empty STRING or Authentication Server.

I've only contributed the dot1x/Snooping bit of this plugin, and I barely remember how it works but you should be able to see VLAN Id/Names values under the "MAC Address" tab.

Since the data should be already collected It might be a matter of linking the Device/PortName on dot1x tab to Device/Port Number on MAC Address tab? Maybe?

It was a bit complicated to get it do work since most of the MIBs were half implemented by Cisco and not very consistent across their own platforms. So I ended up grabbing OIDs from different MIBs that would work across all or most of the platforms. I believe the most complete one was the one used by ISE.......couldn't test it tho

[JorisFRST]

On a stack of 3850's I get this response for the Vlan .1.3.6.1.4.1.9.9.656.1.4.1.1.22 SNMPv2-SMI::enterprises.9.9.656.1.4.1.1.22.8.48.65.54.53.53.68.50.65.48.48.48.50.68.50.53.65.55.57.67.51.65.66.48.54 = STRING: "General_Access"

Which is the correct assigned vlan name in radius for our environment.

For the AuthorizedBy I get "Authentication Server." I think this is a field that would revert back to local or something similar. Have to do some more tests.

On the 3850 also IP Information is "00 00 00 00" for every device (in the snmp walk) And the function never links the portname in the dot1x table. Not sure if this was already implemented.

I can test against ISE and give you an output from snmpwalk ?

[TheWitness]

Pull request?

[jdcoats]

Add the assigned ACL too! @JorisFRST & @jpobeda to a fresh pull to test out todays changes. Thanks @TheWitness!

[JorisFRST]

Todays changes fixed my display in the dot1x tab. Only one typo 'Authorization Succcess' instead of 'Authorization Success'

[JorisFRST]

Also Port Name column is properly propagated now.

[TheWitness]

ALTER TABLE mac_track_dot1x MODIFY COLUMN port_name int(10) unsigned NOT NULL default '0';

Likely change it to "ifIndex" at some point.

[jdcoats]

@TheWitness port_number not port_name? ALTER TABLE mac_track_dot1x MODIFY COLUMN port_number int(10) unsigned NOT NULL default '0';

[TheWitness]

Yea, port_name, which should be ifIndex, that will happen too. (at some point).

[jdcoats]

okay, I have no column port_name.

MariaDB [cacti]> show columns from mac_track_dot1x;
+--------------+------------------+------+-----+---------------------+-------+
| Field        | Type             | Null | Key | Default             | Extra |
+--------------+------------------+------+-----+---------------------+-------+
| site_id      | int(10) unsigned | NO   | PRI | 0                   |       |
| device_id    | int(10) unsigned | NO   | MUL | 0                   |       |
| hostname     | varchar(40)      | NO   | MUL |                     |       |
| device_name  | varchar(100)     | NO   |     |                     |       |
| username     | varchar(100)     | NO   | MUL |                     |       |
| domain       | int(10) unsigned | NO   |     | 0                   |       |
| status       | int(10) unsigned | NO   |     | 0                   |       |
| port_number  | int(10) unsigned | NO   | MUL | 0                   |       |
| mac_address  | varchar(20)      | NO   | PRI |                     |       |
| ip_address   | varchar(20)      | NO   | PRI |                     |       |
| dns_hostname | varchar(200)     | YES  |     |                     |       |
| scan_date    | timestamp        | NO   | PRI | 0000-00-00 00:00:00 |       |
+--------------+------------------+------+-----+---------------------+-------+
12 rows in set (0.001 sec)

[jdcoats]

I don't even see a create in mactrack.sql for mac_track_dot1x, Did someone pull it out and I just happen to have it left over from a previous version?

[TheWitness]

port_number.