search

netdisco / snmp-info

Other
37 stars 32 forks source link

Incorrect Vlan Membership results on Ruckus ICX 7XXX switches #339

Open velmeran opened 5 years ago

velmeran commented 5 years ago

We've found that some Ruckus ICX 7XXX series switches are reporting some very strange and erratic vlan membership data. What I mean is that while most of the time its correct, we have found multiple instances where either the vlan membership reports the incorrect tagged vlans, no vlans, or vlans on a port with no tagged vlans.

Some examples I have in my lab of strange results: Port with a vmware host connected, Vlan 10 Untagged, Vlans 20,30,40,50 tagged. - Netdisco shows Vlan 1 as its Vlan, and no Vlan membership.

Port with just vlan 30 untagged. - Netdisco showing Vlan 30 as untagged, but also Vlans 10, 20, 40, 50 as tagged.

Port with Vlan 10 untagged, Vlan 20 tagged. - Netdisco showing Vlan 10 untagged, but missing the Vlan 20 tagged membership.

Expected Behavior

Vlan and Vlan membership reflecting the correct settings.

Current Behavior

For each switch, we're finding about 10% of the ports are showing these inconsistencies.

Possible Solution

I attempted to use the FOUNDRY-SN-SWITCH-GROUP-MIB and Q-BRIDGE mib files to poll the port vlan settings from the switches directly, but wasn't able to find noticeable errors, but I'm not an expert with snmp tools so its very likely I missed something or did it wrong.

Steps to Reproduce (for bugs)

  1. Fresh Netdisco setup on CentOS 7.5
  2. Discover a Ruckus ICX 7XXX series switch / stack.
  3. Double check Vlan settings vs the running config, notice the incorrect values.

Context

I'm working on a script to help pull information from NetDisco into Netbox to help in automated documentation, so incorrect vlan settings is a big problem.

Your Environment

Software Version App::Netdisco 2.39.31 SNMP::Info 3.61 DB Schema 53 PostgreSQL 9.2.24 Perl 5.16.3

Device information

[30362] 2019-05-23 23:04:39 info App::Netdisco version 2.039031 loaded. [30362] 2019-05-23 23:04:39 info show: [10.0.10.1]/specify started at Thu May 23 16:04:39 2019 [30362] 2019-05-23 23:04:39 debug show: running with timeout 600s [30362] 2019-05-23 23:04:39 debug => running workers for phase: check [30362] 2019-05-23 23:04:39 debug -> run worker check/base/0 [30362] 2019-05-23 23:04:39 debug Show is able to run [30362] 2019-05-23 23:04:39 debug => running workers for phase: main [30362] 2019-05-23 23:04:39 debug -> run worker main/base/100 [30362] 2019-05-23 23:04:39 debug snmp reader cache warm: [10.0.10.1] [30362] 2019-05-23 23:04:39 debug [10.0.10.1:161] try_connect with ver: 2, class: SNMP::Info::Layer3::Foundry, comm: SNMP::Info::Layer3::Foundry { Parents SNMP::Info::FDP, SNMP::Info::LLDP, SNMP::Info::Layer3, Exporter Linear @ISA SNMP::Info::Layer3::Foundry, SNMP::Info::FDP, SNMP::Info, Exporter, SNMP::Info::LLDP, SNMP::Info::Layer3, SNMP::Info::PowerEthernet, SNMP::Info::IPv6, SNMP::Info::Entity, SNMP::Info::EtherLike, SNMP::Info::Bridge, SNMP::Info::AdslLine public methods (37) : agg_ports, brcd_e_class, brcd_e_descr, brcd_e_index, brcd_e_name, brcd_e_parent, brcd_e_pos, brcd_e_serial, brcd_e_type, brcd_e_vendor, e_class, e_descr, e_index, e_name, e_parent, e_pos, e_serial, e_type, e_vendor, i_duplex, i_ignore, interfaces, i_stp_state, model, os, os_ver, peth_port_admin, peth_port_class, peth_port_ifindex, peth_port_neg_power, peth_port_power, peth_port_status, peth_power_consumption, peth_power_status, peth_power_watts, serial, vendor private methods (1) : _brcd_stack_master internals: { args { AutoSpecify 0, BulkRepeaters 20, BulkWalk 1, Community "public", Debug 1, DebugSNMP 0, DestHost "10.0.10.1", IgnoreNetSNMPConf 1, MibDirs [ [0] "/home/netdisco/netdisco-mibs/3com", [1] "/home/netdisco/netdisco-mibs/adtran", [2] "/home/netdisco/netdisco-mibs/aerohive", [3] "/home/netdisco/netdisco-mibs/alcatel", [4] "/home/netdisco/netdisco-mibs/allied", [5] "/home/netdisco/netdisco-mibs/apc", [6] "/home/netdisco/netdisco-mibs/arista", [7] "/home/netdisco/netdisco-mibs/aruba", [8] "/home/netdisco/netdisco-mibs/asante", [9] "/home/netdisco/netdisco-mibs/avaya", [10] "/home/netdisco/netdisco-mibs/bluecoat", [11] "/home/netdisco/netdisco-mibs/bluesocket", [12] "/home/netdisco/netdisco-mibs/brother", [13] "/home/netdisco/netdisco-mibs/cabletron", [14] "/home/netdisco/netdisco-mibs/ceragon", [15] "/home/netdisco/netdisco-mibs/checkpoint", [16] "/home/netdisco/netdisco-mibs/cisco", [17] "/home/netdisco/netdisco-mibs/ciscosb", [18] "/home/netdisco/netdisco-mibs/citrix", [19] "/home/netdisco/netdisco-mibs/colubris", [20] "/home/netdisco/netdisco-mibs/cyclades", [21] "/home/netdisco/netdisco-mibs/d-link", [22] "/home/netdisco/netdisco-mibs/dell", [23] "/home/netdisco/netdisco-mibs/enterasys", [24] "/home/netdisco/netdisco-mibs/EXTRAS", [25] "/home/netdisco/netdisco-mibs/extreme", [26] "/home/netdisco/netdisco-mibs/extricom", [27] "/home/netdisco/netdisco-mibs/f5", [28] "/home/netdisco/netdisco-mibs/force10", [29] "/home/netdisco/netdisco-mibs/fortinet", [30] "/home/netdisco/netdisco-mibs/foundry", [31] "/home/netdisco/netdisco-mibs/gigamon", [32] "/home/netdisco/netdisco-mibs/h3c", [33] "/home/netdisco/netdisco-mibs/hp", [34] "/home/netdisco/netdisco-mibs/huawei", [35] "/home/netdisco/netdisco-mibs/ibm", [36] "/home/netdisco/netdisco-mibs/juniper", [37] "/home/netdisco/netdisco-mibs/lancom", [38] "/home/netdisco/netdisco-mibs/lantronix", [39] "/home/netdisco/netdisco-mibs/liebert", [40] "/home/netdisco/netdisco-mibs/mediant", [41] "/home/netdisco/netdisco-mibs/meraki", [42] "/home/netdisco/netdisco-mibs/meru", [43] "/home/netdisco/netdisco-mibs/mikrotik", [44] "/home/netdisco/netdisco-mibs/moser-baer", [45] "/home/netdisco/netdisco-mibs/motorola", [46] "/home/netdisco/netdisco-mibs/nateks", [47] "/home/netdisco/netdisco-mibs/net-snmp", [48] "/home/netdisco/netdisco-mibs/netapp", [49] "/home/netdisco/netdisco-mibs/netgear", [50] "/home/netdisco/netdisco-mibs/netscreen", [51] "/home/netdisco/netdisco-mibs/nexans", [52] "/home/netdisco/netdisco-mibs/nortel", [53] "/home/netdisco/netdisco-mibs/northerndesign", [54] "/home/netdisco/netdisco-mibs/opengear", [55] "/home/netdisco/netdisco-mibs/packetfront", [56] "/home/netdisco/netdisco-mibs/paloalto", [57] "/home/netdisco/netdisco-mibs/pica8", [58] "/home/netdisco/netdisco-mibs/rad", [59] "/home/netdisco/netdisco-mibs/rfc", [60] "/home/netdisco/netdisco-mibs/riverbed", [61] "/home/netdisco/netdisco-mibs/ruckus", [62] "/home/netdisco/netdisco-mibs/schleifenbauer", [63] "/home/netdisco/netdisco-mibs/sentry", [64] "/home/netdisco/netdisco-mibs/sixnet", [65] "/home/netdisco/netdisco-mibs/sonicwall", [66] "/home/netdisco/netdisco-mibs/tplink", [67] "/home/netdisco/netdisco-mibs/trapeze", [68] "/home/netdisco/netdisco-mibs/vmware", [69] "/home/netdisco/netdisco-mibs/xirrus" ], NonIncreasing 0, RemotePort 161, Retries 0, Session SNMP::Session, Timeout 3000000, Version 2 }, BulkRepeaters 20, BulkWalk 1, class "SNMP::Info::Layer3::Foundry", debug 1, funcs { adsl_atuc_crc_block_len "adslAtucChanCrcBlockLength", adsl_atuc_curr_tx_rate "adslAtucChanCurrTxRate", adsl_atuc_interleave_delay "adslAtucChanInterleaveDelay", adsl_atuc_prev_tx_rate "adslAtucChanPrevTxRate", adsl_atur_crc_block_len "adslAturChanCrcBlockLength", adsl_atur_curr_tx_rate "adslAturChanCurrTxRate", adsl_atur_interleave_delay "adslAturChanInterleaveDelay", adsl_atur_prev_tx_rate "adslAturChanPrevTxRate", ag_mod_type "snAgentConfigModuleType", ag_mod2_type "snAgentConfigModule2Type", at_index "ipNetToMediaIfIndex", at_netaddr "ipNetToMediaNetAddress", at_paddr "ipNetToMediaPhysAddress", bgp_peer_addr "bgpPeerRemoteAddr", bgp_peer_as "bgpPeerRemoteAs", bgp_peer_fsm_est_trans "bgpPeerFsmEstablishedTransitions", bgp_peer_id "bgpPeerIdentifier", bgp_peer_in_tot_msgs "bgpPeerInTotalMessages", bgp_peer_in_upd "bgpPeerInUpdates", bgp_peer_in_upd_el_time "bgpPeerInUpdateElapsedTime", bgp_peer_out_tot_msgs "bgpPeerOutTotalMessages", bgp_peer_out_upd "bgpPeerOutUpdates", bgp_peer_state "bgpPeerState", bgp_peers "bgpPeerLocalAddr", bp_index "dot1dBasePortIfIndex", bp_port "dot1dBasePortCircuit", bs_mac "dot1dStaticAddress", bs_port "dot1dStaticReceivePort", bs_status "dot1dStaticStatus", bs_to "dot1dStaticAllowedToGoTo", c_addr6_index "cIpAddressIfIndex", c_addr6_pfx "cIpAddressPrefix", c_addr6_type "cIpAddressType", c_inet_phys_addr "cInetNetToMediaPhysAddress", c_inet_phys_state "cInetNetToMediaState", c_inet_phys_type "cInetNetToMediaType", c_pfx_origin "cIpAddressPfxOrigin", e_alias "entPhysicalAlias", e_class "entPhysicalClass", e_descr "entPhysicalDescr", e_fru "entPhysicalIsFRU", e_fwver "entPhysicalFirmwareRev", e_hwver "entPhysicalHardwareRev", e_id "entPhysicalAssetID", el_chipset "dot3StatsEtherChipSet", el_coll_excess "dot3StatsExcessiveCollisions", el_coll_freq "dot3CollFrequencies", el_coll_late "dot3StatsLateCollisions", el_coll_mult "dot3StatsMultipleCollisionFrames", el_coll_single "dot3StatsSingleCollisionFrames", el_duplex "dot3StatsDuplexStatus", el_error_alignment "dot3StatsAlignmentErrors", el_error_cs "dot3StatsCarrierSenseErrors", el_error_fcs "dot3StatsFCSErrors", el_error_frame "dot3StatsFrameTooLongs", el_error_mac_rec "dot3StatsInternalMacReceiveErrors", el_error_mac_xmit "dot3StatsInternalMacTransmitErrors", el_error_sqe "dot3StatsSQETestErrors", el_error_symbol "dot3StatsSymbolErrors", el_index "dot3StatsIndex", el_xmit_defer "dot3StatsDeferredTransmissions", e_map "entAliasMappingIdentifier", e_model "entPhysicalModelName", e_name "entPhysicalName", e_parent "entPhysicalContainedIn", e_pos "entPhysicalParentRelPos", e_serial "entPhysicalSerialNum", e_swver "entPhysicalSoftwareRev", e_type "entPhysicalVendorType", e_vendor "entPhysicalMfgName", fdp_cache_type "snFdpCacheVendorId", fdp_capabilities "snFdpCacheCapabilities", fdp_id "snFdpCacheDeviceId", fdp_ip "snFdpCacheAddress", fdp_platform "snFdpCachePlatform", fdp_port "snFdpCacheDevicePort", fdp_proto "snFdpCacheAddressType", fdp_ver "snFdpCacheVersion", fw_mac "dot1dTpFdbAddress", fw_port "dot1dTpFdbPort", fw_status "dot1dTpFdbStatus", i_alias "ifAlias", i_bad_proto_in "ifInUnknownProtos", i_description "ifDescr", i_discards_in "ifInDiscards", i_discards_out "ifOutDiscards", i_errors_in "ifInErrors", i_errors_out "ifOutErrors", i_index "ifIndex", i_lastchange "ifLastChange", i_mac "ifPhysAddress", i_mtu "ifMtu", i_name "ifName", interfaces "ifIndex", i_octet_in "ifInOctets", i_octet_in64 "ifHCInOctets", i_octet_out "ifOutOctets", i_octet_out64 "ifHCOutOctets", ip_addr6_index "ipAddressIfIndex", ip_addr6_pfx "ipAddressPrefix", ip_addr6_type "ipAddressType", ip_broadcast "ipAdEntBcastAddr", i_pkts_bcast_in "ifInBroadcastPkts", i_pkts_bcast_in64 "ifHCInBroadcastPkts", i_pkts_bcast_out "ifOutBroadcastPkts", i_pkts_bcast_out64 "ifHCOutBroadcastPkts", i_pkts_multi_in "ifInMulticastPkts", i_pkts_multi_in64 "ifHCInMulticastPkts", i_pkts_multi_out "ifOutMulticastPkts", i_pkts_multi_out64 "ifHCOutMulticastPkts", i_pkts_nucast_in "ifInNUcastPkts", i_pkts_nucast_out "ifOutNUcastPkts", i_pkts_ucast_in "ifInUcastPkts", i_pkts_ucast_in64 "ifHCInUcastPkts", i_pkts_ucast_out "ifOutUcastPkts", i_pkts_ucast_out64 "ifHCOutUcastPkts", ip_n2p_phys_addr "ipNetToPhysicalPhysAddress", ip_n2p_phys_state "ipNetToPhysicalState", ip_n2p_phys_type "ipNetToPhysicalType", ip_pfx_origin "ipAddressPrefixOrigin", ipr_age "ipRouteAge", ipr_dest "ipRouteNextHop", ipr_if "ipRouteIfIndex", ipr_info "ipRouteInfo", ipr_mask "ipRouteMask", ipr_proto "ipRouteProto", ipr_route "ipRouteDest", ipr_type "ipRouteType", ipr_1 "ipRouteMetric1", ipr_2 "ipRouteMetric2", ipr_3 "ipRouteMetric3", ipr_4 "ipRouteMetric4", ipr_5 "ipRouteMetric5", i_qlen_out "ifOutQLen", is_edgeport_admin "dot1dStpPortAdminEdgePort", is_edgeport_oper "dot1dStpPortOperEdgePort", i_specific "ifSpecific", i_speed "ifSpeed", i_speed_high "ifHighSpeed", i_stack_status "ifStackStatus", i_type "ifType", i_up "ifOperStatus", i_up_admin "ifAdminStatus", i6_addr_pfxlen "ipv6AddrPfxLength", i6_n2p_phys_addr "ipv6NetToMediaPhysAddress", i6_n2p_phys_state "ipv6IfNetToMediaState", i6_n2p_phys_type "ipv6NetToMediaType", lldp_lman_addr "lldpLocManAddrIfId", lldp_rem_asset "lldpXMedRemAssetID", lldp_rem_cap_spt "lldpRemSysCapSupported", lldp_rem_desc "lldpRemPortDesc", lldp_rem_fw_rev "lldpXMedRemFirmwareRev", lldp_rem_hw_rev "lldpXMedRemHardwareRev", lldp_rem_id "lldpRemChassisId", lldp_rem_id_type "lldpRemChassisIdSubtype", lldp_rem_media_cap "lldpXMedRemCapCurrent", lldp_rem_media_cap_spt "lldpXMedRemCapSupported", lldp_rem_model "lldpXMedRemModelName", lldp_rem_pid "lldpRemPortId", lldp_rem_pid_type "lldpRemPortIdSubtype", lldp_rem_serial "lldpXMedRemSerialNum", lldp_rem_sw_rev "lldpXMedRemSoftwareRev", lldp_rem_sys_cap "lldpRemSysCapEnabled", lldp_rem_sysdesc "lldpRemSysDesc", lldp_rem_sysname "lldpRemSysName", lldp_rem_vendor "lldpXMedRemMfgName", lldp_rman_addr "lldpRemManAddrIfSubtype", new_ip_index "ipAddressIfIndex", new_ip_prefix "ipAddressPrefix", new_ip_type "ipAddressType", n2p_lastupdate "ipNetToPhysicalLastUpdated", n2p_paddr "ipNetToPhysicalPhysAddress", n2p_pstate "ipNetToPhysicalState", n2p_pstatus "ipNetToPhysicalRowStatus", n2p_ptype "ipNetToPhysicalType", old_at_index "atIfIndex", old_at_netaddr "atNetAddress", old_at_paddr "atPhysAddress", old_ip_index "ipAdEntIfIndex", old_ip_netmask "ipAdEntNetMask", old_ip_table "ipAdEntAddr", ospf_if_admin "ospfIfAdminStat", ospf_if_area "ospfIfAreaId", ospf_if_dead "ospfIfRtrDeadInterval", ospf_if_hello "ospfIfHelloInterval", ospf_if_ip "ospfIfIpAddress", ospf_if_state "ospfIfState", ospf_if_type "ospfIfType", ospf_ip "ospfHostIpAddress", ospf_peer_id "ospfNbrRtrId", ospf_peer_state "ospfNbrState", ospf_peers "ospfNbrIpAddr", peth_port_admin "pethPsePortAdminEnable", peth_port_class "pethPsePortPowerClassifications", peth_port_status "pethPsePortDetectionStatus", peth_power_consumption "pethMainPseConsumptionPower", peth_power_status "pethMainPseOperStatus", peth_power_threshold "pethMainPseUsageThreshold", peth_power_watts "pethMainPsePower", qb_cv_egress "dot1qVlanCurrentEgressPorts", qb_cv_stat "dot1qVlanStatus", qb_cv_untagged "dot1qVlanCurrentUntaggedPorts", qb_fw_port "dot1qTpFdbPort", qb_fw_status "dot1qTpFdbStatus", qb_i_vlan "dot1qPvid", qb_i_vlan_in_flt "dot1qPortIngressFiltering", qb_i_vlan_type "dot1qPortAcceptableFrameTypes", qb_v_egress "dot1qVlanStaticEgressPorts", qb_v_fbdn_egress "dot1qVlanForbiddenEgressPorts", qb_v_name "dot1qVlanStaticName", qb_v_stat "dot1qVlanStaticRowStatus", qb_v_untagged "dot1qVlanStaticUntaggedPorts", stp_i_id "snVLanByPortVLanId", stp_i_mac "snVLanByPortBaseBridgeAddress", stp_i_ntop "snVLanByPortStpTopChanges", stp_i_priority "snVLanByPortStpPriority", stp_i_root "snVLanByPortStpDesignatedRoot", stp_i_root_port "snVLanByPortStpRootPort", stp_i_time "snVLanByPortStpTimeSinceTopologyChange", stp_p_bridge "snPortStpPortDesignatedBridge", stp_p_cost "snPortStpPortDesignatedCost", stp_p_id "snPortStpPortNum", stp_p_port "snPortStpPortDesignatedPort", stp_p_priority "snPortStpPortPriority", stp_p_root "snPortStpPortDesignatedRoot", stp_p_state "snPortStpPortState", stp_p_stg_id "snPortStpVLanId", sw_duplex "snSwPortInfoChnMode", sw_index "snSwPortIfIndex", sw_speed "snSwPortInfoSpeed", sw_type "snSwPortInfoMediaType", v_name "dot1qVlanStaticName" }, globals { bgp_id "bgpIdentifier.0", bgp_local_as "bgpLocalAs.0", b_mac "dot1dBaseBridgeAddress", b_ports "dot1dBaseNumPorts", b_type "dot1dBaseType", chassis "entPhysicalDescr.1", ch_serial "snChasSerNum", contact "sysContact", description "sysDescr", fan "snChasFanOperStatus.1", fdp_holdtime "snFdpGlobalHoldTime", fdp_interval "snFdpGlobalMessageInterval", fdp_run "snFdpGlobalRun", id "sysObjectID", img_ver "snAgImgVer", ipforwarding "ipForwarding", layers "sysServices", lldp_sys_cap "lldpLocSysCapEnabled", lldp_sysdesc "lldpLocSysDesc", lldp_sysname "lldpLocSysName", location "sysLocation", mac "ifPhysAddress.1", name "sysName", ports "ifNumber", ps1_status "snChasPwrSupplyOperStatus.1", ps1_type "snChasPwrSupplyDescription.1", qb_next_vlan_index "dot1qNextFreeLocalVlanIndex", qb_vlans "dot1qNumVlans", qb_vlans_max "dot1qMaxSupportedVlans", router_ip "ospfRouterId.0", serial1 ".1.3.6.1.4.1.9.3.6.3.0", stp_priority "dot1dStpPriority", stp_root "dot1dStpDesignatedRoot", stp_root_port "dot1dStpRootPort", stp_time "dot1dStpTimeSinceTopologyChange", stp_ver "dot1dStpProtocolSpecification", temp "snChasActualTemperature", uptime "sysUpTime" }, IgnoreNetSNMPConf 1, init \ 1, mibdirs var{args}{MibDirs}, mibs { ADSL-LINE-MIB "adslLineType", BGP4-MIB "bgpIdentifier", BRIDGE-MIB "dot1dBaseBridgeAddress", BROCADE-PRODUCTS-MIB "brocadeProducts", CISCO-IETF-IP-MIB "cInetNetToMediaNetAddress", ENTITY-MIB "entPhysicalSerialNum", EtherLike-MIB "etherMIB", FOUNDRY-POE-MIB "snAgentPoeGblPowerCapacityTotal", FOUNDRY-SN-AGENT-MIB "snChasPwrSupplyDescription", FOUNDRY-SN-ROOT-MIB "foundry", FOUNDRY-SN-STACKING-MIB "snStackingOperUnitRole", FOUNDRY-SN-SWITCH-GROUP-MIB "snSwGroupOperMode", IF-MIB "ifIndex", IP-MIB "ipNetToMediaIfIndex", IPV6-MIB "ipv6IfTableLastChange", LLDP-EXT-DOT1-MIB "lldpXdot1MIB", LLDP-EXT-DOT3-MIB "lldpXdot3MIB", LLDP-EXT-MED-MIB "lldpXMedMIB", LLDP-MIB "lldpLocSysCapEnabled", OSPF-MIB "ospfRouterId", POWER-ETHERNET-MIB "pethPsePortDetectionStatus", Q-BRIDGE-MIB "dot1qPvid", RFC1213-MIB "ipRouteIfIndex", RSTP-MIB "dot1dStpPortOperEdgePort", SNMPv2-MIB "sysObjectID" }, munge { ag_mod_type sub { ... }, ag_mod2_type var{munge}{ag_mod_type}, at_paddr sub { ... }, b_mac var{munge}{at_paddr}, bs_mac var{munge}{at_paddr}, c_inet_phys_addr sub { ... }, el_duplex sub { ... }, e_type var{munge}{ag_mod_type}, fdp_capabilities sub { ... }, fdp_ip sub { ... }, fw_mac var{munge}{at_paddr}, i_mac var{munge}{at_paddr}, i_octet_in64 sub { ... }, i_octet_out64 var{munge}{i_octet_in64}, i_pkts_bcast_in64 var{munge}{i_octet_in64}, i_pkts_bcast_out64 var{munge}{i_octet_in64}, i_pkts_multi_out64 var{munge}{i_octet_in64}, i_pkts_mutli_in64 var{munge}{i_octet_in64}, i_pkts_ucast_in64 var{munge}{i_octet_in64}, i_pkts_ucast_out64 var{munge}{i_octet_in64}, ip_n2p_phys_addr var{munge}{at_paddr}, i_speed sub { ... }, i_speed_high sub { ... }, i_up sub { ... }, ip var{munge}{fdp_ip}, i6_n2p_phys_addr var{munge}{at_paddr}, layers sub { ... }, lldp_rem_asset sub { ... }, lldp_rem_cap_spt var{munge}{fdp_capabilities}, lldp_rem_fw_rev var{munge}{lldp_rem_asset}, lldp_rem_hw_rev var{munge}{lldp_rem_asset}, lldp_rem_media_cap var{munge}{fdp_capabilities}, lldp_rem_media_cap_spt var{munge}{fdp_capabilities}, lldp_rem_model var{munge}{lldp_rem_asset}, lldp_rem_port_desc var{munge}{lldp_rem_asset}, lldp_rem_serial var{munge}{lldp_rem_asset}, lldp_rem_sw_rev var{munge}{lldp_rem_asset}, lldp_rem_sys_cap var{munge}{fdp_capabilities}, lldp_rem_sysdesc var{munge}{lldp_rem_asset}, lldp_rem_sysname var{munge}{lldp_rem_asset}, lldp_rem_vendor var{munge}{lldp_rem_asset}, lldp_sys_cap var{munge}{fdp_capabilities}, lldp_sysdesc var{munge}{lldp_rem_asset}, lldp_sysname var{munge}{lldp_rem_asset}, mac var{munge}{at_paddr}, n2p_paddr var{munge}{at_paddr}, old_at_paddr var{munge}{at_paddr}, qb_cv_egress sub { ... }, qb_cv_untagged var{munge}{qb_cv_egress}, qb_v_egress var{munge}{qb_cv_egress}, qb_v_fbdn_egress var{munge}{qb_cv_egress}, qb_v_untagged var{munge}{qb_cv_egress}, stp_i_mac var{munge}{at_paddr}, stp_i_root sub { ... }, stp_p_bridge var{munge}{stp_i_root}, stp_p_port sub { ... }, stp_p_root var{munge}{stp_i_root}, stp_root var{munge}{stp_i_root} }, nosuch 1, sess var{args}{Session}, snmp_comm "public", snmp_user "initial", snmp_ver 2, store {} } } [30362] 2019-05-23 23:04:40 info show: finished at Thu May 23 16:04:40 2019 [30362] 2019-05-23 23:04:40 info show: status done: Showed specify response from 10.0.10.1

inphobia commented 5 years ago

there are a few options here, first one i would suggest is upgrading to the latest netdisco release, since your version is almost a year old and we did a few major changes in the latests versions regarding vlan handling.

if you used the installation instructions from https://metacpan.org/pod/App::Netdisco upgrading is pretty easy. follow https://metacpan.org/pod/App::Netdisco#Upgrading-from-2.x & read https://github.com/netdisco/netdisco/wiki/Release-Notes#2-039032 and everything above it.

another common cause of this issue can be snmp timeouts, run netdisco-do discover -d 10.0.10.1 -DI and see if you have any reports of timeouts. if so https://github.com/netdisco/netdisco/wiki/Vendor-Tips#cisco-2960-and-3750-series-giving-incomplete-results explains what you can change to fix it. it says it's for cisco switches but it applies to all devices with snmp timeouts.

inphobia commented 5 years ago

something strange i noticed in the ruckus mib reference (Ruckus FastIron MIB Reference, 08.0.90)

The SNMPv3 engine is supported on the Ruckus IP devices.
The SNMPv3 engine can accept V1, V2c, and V3 packet formats.NOTEIf the SNMP GET-BULK request with a high count of max-repetitions, then the device will respond with the total count of 10.

our standard setting for that is 20: https://github.com/netdisco/netdisco/wiki/Configuration#bulkwalk_repeaters

velmeran commented 5 years ago

Hello,

I've upgrade my lab netdisco to the latest version (the one in production in a larger environment was already the latest):

Software Version App::Netdisco 2.42.8 SNMP::Info 3.68 DB Schema 57 PostgreSQL 9.2.24 Perl 5.16.3

But am still seeing the same issues. I tried setting

Hopefully it lets me attach pictures here to better show what I'm seeing in the web interface. Netdisco_Vlan_Issues

Here's my running config vlan section, you can see none of the ports with vlan memberships actually have any configured, while the ports with tagged vlans show no membership information lower in the page.

! vlan 1 name DEFAULT-VLAN by port no untagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 spanning-tree ! vlan 10 name network by port tagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 untagged ethe 1/1/1 ethe 1/1/20 ethe 1/1/24 ethe 2/1/4 to 2/1/6 ethe 2/1/24 router-interface ve 10 spanning-tree ! vlan 20 name servers by port tagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 untagged ethe 1/1/21 to 1/1/22 ethe 1/3/4 ethe 2/1/1 to 2/1/3 ethe 2/3/2 to 2/3/3 router-interface ve 20 spanning-tree ! vlan 30 name users by port tagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 untagged ethe 1/1/2 to 1/1/19 ethe 2/1/7 to 2/1/23 router-interface ve 30 spanning-tree ! vlan 40 name windows by port tagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 router-interface ve 40 spanning-tree ! vlan 50 name linux by port tagged ethe 1/2/1 to 1/2/2 ethe 1/3/2 to 1/3/3 ethe 2/2/1 to 2/2/2 ethe 2/3/4 router-interface ve 50 spanning-tree !

Is there anyway to get a debug output from the discovery that would show us the Q-Bridge info.

Also, the status icon's like to show "blocking" instead of "up" on the ruckus devices, I suspect thats something funky with them as we don't have that issue on other switch brands.

velmeran commented 5 years ago

I spent some time manually dumping out the Q-bridge untagged and egress results and manually verifying the data was correct for both. None of the ports showing Vlan Membership have that data coming from the Q-bridge information as far as I can tell.

inphobia commented 5 years ago

i had a look at the ruckus docs yesterday, which for their mibs is about the best i've ever seen.

as i understand it they can do some nifty vlan things but some of those won't show up under the standard q-bridge or bridge mib. it seems for a vlan by port config like it seems you have we need to get the info from other mib objects: http://docs.ruckuswireless.com/fastiron/08.0.80/fastiron-08080-mibref/GUID-2ED6A446-44C2-48C9-8BF8-C7762BBCB88A.html

don't know who has time to take this on atm. if you feel up to it we can help you out as needed.

velmeran commented 5 years ago

I'm happy to help if I can, I'm not quite sure on how to work with the code though, if anything I'd like to just add some debug output when its doing the discovery on a device to see what is happening with the Vlan data its getting back, but I'm not sure if the issues is in Netdisco or SNMP::Info's code. I don't really see a guide on getting started with the SNMP::Info code, while I did manage to download the Netdisco repo and hopefully get it setup enough to let me make changes there once I find the files responsible for the vlan stuff.

inphobia commented 5 years ago

extending snmp::info is documented here: https://metacpan.org/pod/SNMP::Info#EXTENDING-SNMP::INFO

at one point i started documenting this a bit better, but can't find that anymore. most likely got removed when i recloned my copy 😢

perhaps it's easier to try & find the oid where the vlans are found first. reading the ruckus docs i think they might be found somewhere under 1.3.6.1.4.1.1991.1.1.3.2, so i would do an snmpwalk of that first to see if the info is there.

doing this as your first snmp::info project is certainly doable but ruckus uses the foundry module (since it seems they never bother changing their enterprise registration...) which supports a lot of devices, so it could be tricky not to break existing support.

depending on how much these devices differ from other foundry/brocade products we can overwrite the default mapping for a specific set of devices.

not to promote my own work but i wrote my first snmp::info module a few months ago, so if you're interested in that i think https://github.com/inphobia/snmp-info/blob/3.68/lib/SNMP/Info/Layer3/Lenovo.pm can be used as a template.

you can retrace most of my steps since i committed often, which can be seen here: https://github.com/netdisco/snmp-info/pull/323

you can always come and hang out on irc with us, most of us use bouncers so even if we are afk for long periods we will see your message. i like icechat as a client for windows, irccloud.com is a web based option but no idea how well that works.

inphobia commented 5 years ago

ohw, thats #netdisco on freenode.net for irc, a web client from freenode itself is here, dunno how well that one works https://webchat.freenode.net/?randomnick=1&prompt=1&channels=%23netdisco

velmeran commented 5 years ago

I'm hoping I can try and make a snmp plugin, or we can edit the current foundry/ruckus stuff to fix the issues. I think the best bet for a single OID (from FOUNDRY-SN-SWITCH-GROUP-MIB) that gets us the info we want is:

snvlan by port member tag mode 1.3.6.1.4.1.1991.1.1.3.2.6.1.4

Description: For tagged/dual-mode port, we could have multiple VLANs per port. For untagged port, there is only one VLAN ID per port.

Returned Values: tagged(1) untagged(2)

This looks to have the correct information, telling us all ports in a Vlan, and if they are tagged/untagged for that vlan. Seems to be working correctly on single and stacked switches, from the smaller 7150 to the larger 7650 models I have available to test on.

I've attached the output from the following command in case that helps visualize what I'm seeing. ./make_snmpdata.pl -c public -i -d 10.0.10.1 \ -m ~/netdisco-mibs/rfc:~/netdisco-mibs/net-snmp:~/netdisco-mibs/dir3:/root/netdisco-mibs/foundry \ SNMPv2-MIB IF-MIB EtherLike-MIB BRIDGE-MIB Q-BRIDGE-MIB ENTITY-MIB \ POWER-ETHERNET-MIB IPV6-MIB LLDP-MIB FOUNDRY-SN-SWITCH-GROUP-MIB > output.txt

output.txt

inphobia commented 5 years ago

coolness, we seem to be on the right track here. since i know nothing of ruckus devices, i do have 1 question. on this page http://docs.ruckuswireless.com/fastiron/08.0.80/fastiron-08080-mibref/GUID-7A07C01F-3093-466D-8ACF-370E9466445F.html you have

 snSwIfInfoTagMode 

tagged(1) - Ports can have multiple VLAN IDs because these ports can be members of more than one VLAN.
untagged(2) - There is only one VLAN ID per port.
dual(3) - Dual mode is associated with a VLAN ID snSwIfVlanId; dual mode with snSwIfVlanId zero disables the dual mode.

what is dual mode? is that like cisco's trunk native vlan?

but indeed, walking snVLanByPortMemberTagMode & building the native/tagged vlan info from that does seem like the way to go.

the way netdisco handles vlans is mostly done here: https://github.com/netdisco/netdisco/blob/master/lib/App/Netdisco/Worker/Plugin/Discover/VLANs.pm

at first glance you will need to provide 6 functions:

i took a quick look at the other modules & it seems https://github.com/netdisco/snmp-info/blob/master/lib/SNMP/Info/Layer2/HP4000.pm would be a good template for you.

at least i_vlan has a similar structure as snVLanByPortMemberTagMode -> vlanid.portid = mode (well that's what the comment says).

https://github.com/netdisco/snmp-info/blob/e886190e8e110d3bc8ede533d8f225d384d97da7/lib/SNMP/Info/Layer2/HP4000.pm#L336-L340

is that enough info to get you going?

(i don't think we need to update mibs at first glance, but putting everything in 1 file does not make it easy. thank goodness we seem to have a script to clean that up if needed: https://github.com/netdisco/netdisco-mibs/blob/master/EXTRAS/scripts/vendor/split-foundry)

velmeran commented 5 years ago

Hello Inphobia,

I'm told that the Dual mode stuff is deprecated now as of the 08.0.08 firmware, Was a way to say that a port had both an untagged vlan and tagged vlans. Now with no more dual mode command, ports are either only tagged, or have a single untagged vlan.

For editing the HP4000 file, I have pulled the snmp-info repo to a test box, and I found the file. How do I go about getting a new file in place to test with, can I just copy it, change its name, and it automatically gets picked up the next time I run a discovery or is there something special I need to do?

Also, I see lots of references to "$hp = shift;" in the code, but have no idea what its doing, but it seems important to many of the sections.

I think I can start getting a lot of the mib parts replaced but feel I'll be pretty lost on the actual functions until I figure out how to debug this code against my switches.

velmeran commented 5 years ago

So I've been working on this a bit when time permits and I am having trouble understanding how to work with the results I get back from the Leafs. I can query the OID below which gives me the following data results:

VLANID.PortID "tagged" or "untagged"

SNMP::Info::_load_attr vlan_tag_mode : FOUNDRY-SN-SWITCH-GROUP-MIB::snVLanByPortMemberTagMode : .1.3.6.1.4.1.1991.1.1.3.2.6.1.4 \ { 10.1 "untagged", 1.23 "untagged", 30.2 "untagged", 30.3 "untagged", } [27981] 2019-06-04 21:43:16 info show: finished at Tue Jun 4 17:43:16 2019 [27981] 2019-06-04 21:43:16 info show: status done: Showed v_tag_mode response from 10.0.10.1

I've placed my code into the Foundry.pm file for now as I can't get a stand alone .pm file to be seen or used for some reason. The only things I've added though are below:

%FUNCS = (

# FOUNDRY-SN-SWITCH-GROUP-MIB
# Vlan stuff. Need to find v_name, v_index, i_vlan, i_vlan_type, i_vlan_membership, i_vlan_membership_untagged, bp_index(might be needed)
'vlan_name'      => 'snVLanByPortVLanName',
'vlan_index'     => 'snVLanByPortVLanIndex',
'vlan_id'        => 'snVLanByPortVLanId',
'vlan_tag_mode'  => 'snVLanByPortMemberTagMode',
'vlan_if_tag'    => 'snSwIfInfoTagMode',

);

sub i_vlan {

This is trying to create a Key,Value i_vlan hash, the key is the interface, the value is the vlan.

#Tagged interfaces are skipped in the HP4000 example, not sure why but trying to skip them also.
my $foundry = shift;

my $i_vlan     = {};
my $test_hash  = {};
my $f_v_index  = $foundry->vlan_index();
my $f_v_if_tag = $foundry->vlan_tag_mode();
foreach my $row ( keys %$f_v_if_tag ) {

    my $test  = $foundry->vlan_tag_mode($row);
    my ( $vlanindex, $if ) = split( /\./, $row );
    my $tag = split(/\./, $test);

    next unless ( defined $test and $test =~ /untagged/ );

    $i_vlan->{$if} = $vlanindex if defined $vlanindex;

    $test_hash->{$row} = $index if defined $index;
}
#return $test_hash;
return $i_vlan;

}

If anyone has some tips on how to figure out how to access the untagged/tagged values so I can do a simple "if tagged, do something" it would be a great help.

velmeran commented 5 years ago

Okay, I think I've gotten things working now, though I'm still just adding code to the Foundry.pm file so that the detection stuff works. Mostly had to redo a little of the HP4000 code to get things to format properly and there's also a VLAN 4094 that is used by STP on the ruckus devices, it shows up when you query a port, but its not a part of the vlan index/name tables. You'll see in the i_vlan sub that I skip over it.

sub v_index { my $foundry = shift; my $partial = shift;

return $foundry->vlan_index($partial);

}

sub v_name { my $foundry = shift; my $partial = shift;

return $foundry->vlan_name($partial);

}

sub v_tag_mode { my $foundry = shift;

my $partial = shift;

#debug sprintf 'test message';
my $test = $foundry->vlan_tag_mode();

return $test;

}

sub i_vlan {

This is trying to create a Key,Value i_vlan hash, the key is the interface, the value is the untagged vlan.

#Tagged interfaces are skipped.
my $foundry = shift;

my $i_vlan     = {};
my $f_v_index  = $foundry->vlan_index();
my $f_v_if_tag = $foundry->vlan_tag_mode();

while ((my $key, my $value) = each (%$f_v_if_tag))
{
    next unless ( defined $value and $value =~ /untagged/ );
    my ( $vlanindex, $if ) = split( /\./, $key );
    next unless ( defined $vlanindex and $vlanindex != 4094 );
    $i_vlan->{$if} = $vlanindex if defined $vlanindex;
}
return $i_vlan;

}

sub i_vlan_membership {

Now we are returning an array of every interface, with all vlans untagged or tagged attached)

my $foundry = shift;
my $i_vlan_membership = {};
my $f_v_index  = $foundry->vlan_index();
my $f_v_if_tag = $foundry->vlan_tag_mode();
while ((my $key, my $value) = each (%$f_v_if_tag))
{
    my ( $vlanindex, $if ) = split( /\./, $key );

    #next unless ( defined $tag );
    #next if ( $tag eq 'no' );
    next unless ( defined $vlanindex and $vlanindex != 4094 );
    push( @{ $i_vlan_membership->{$if} }, $vlanindex );
}
return $i_vlan_membership;

}

sub i_vlan_membership_untagged { my $foundry = shift; my $partial = shift;

my $vlans = $foundry->i_vlan($partial);
my $i_vlan_membership = {};
foreach my $port (keys %$vlans) {
    my $vlan = $vlans->{$port};
    push( @{ $i_vlan_membership->{$port} }, $vlan );
}

return $i_vlan_membership;

}

I've also attached my Foundry.pm file below. I can confirm this is working both on my small home switches and a large deployment with multiple stacked switches.

Thank you for all your help!

Foundry.zip

inphobia commented 5 years ago

this seems like an elegant solution.

my concern however is how this might impact existing devices or older software. in my 12months supporting snmp::info i have not yet seen this issue pop up. this means that:

depending on that, we can either add these functions to the existing foundry.pm by default for all supported devices, or only apply this functions when running fw known to support this.

i'll leave the issue open for now and have a look on what's the best way to alrdy add these functions to devices running a firmware we are certain of the support for these oids.

inphobia commented 4 years ago

i'll leave the issue open for now and have a look on what's the best way to alrdy add these functions to devices running a firmware we are certain of the support for these oids.

perhaps it's safest for now to only do this for icx based devices. can you provide me with: netdisco-do show -d __iphere__ -e description

i'm wondering if it's best to match on description or specific oid trees from FOUNDRY-SN-ROOT-MIB for icx based stuff, like:

snICX6610Family          OBJECT IDENTIFIER ::= { registration 56}     -- FastIron CX 6610 series family
snICX6430Family          OBJECT IDENTIFIER ::= { registration 57}

integrated yr code here: https://github.com/inphobia/snmp-info/tree/nn_ruckus_vlan_339

will be cleaning up & documenting when time permits.

velmeran commented 4 years ago

Hi Nick,

Here's the output you've requested.

netdisco-do show -d 10.0.10.1 -e description [17451] 2019-11-07 18:48:17 info App::Netdisco version 2.044002 loaded. [17451] 2019-11-07 18:48:18 info show: [10.0.10.1]/description started at Thu Nov 7 13:48:18 2019 "Ruckus Wireless, Inc. Stacking System ICX7150-24, IronWare Version 08.0.91T213 Compiled on Jun 6 2019 at 21:02:55 labeled as SPR08091" [17451] 2019-11-07 18:48:18 info show: finished at Thu Nov 7 13:48:18 2019 [17451] 2019-11-07 18:48:18 info show: status done: Showed description response from 10.0.10.1

That is for a stacked switch, here is a similar one that isn't stacked.

"Ruckus Wireless, Inc. ICX7150-C12-POE, IronWare Version 08.0.90aT213 Compiled on Mar 29 2019 at 07:55:48 labeled as SPR08090a"

-Jonathan

On Tue, Nov 5, 2019 at 5:35 PM nick n. notifications@github.com wrote:

i'll leave the issue open for now and have a look on what's the best way to alrdy add these functions to devices running a firmware we are certain of the support for these oids.

perhaps it's safest for now to only do this for icx based devices. can you provide me with: netdisco-do show -d iphere -e description

i'm wondering if it's best to match on description or specific oid trees from FOUNDRY-SN-ROOT-MIB for icx based stuff, like:

snICX6610Family OBJECT IDENTIFIER ::= { registration 56} -- FastIron CX 6610 series family snICX6430Family OBJECT IDENTIFIER ::= { registration 57}

integrated yr code here: https://github.com/inphobia/snmp-info/tree/nn_ruckus_vlan_339

will be cleaning up & documenting when time permits.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/netdisco/snmp-info/issues/339?email_source=notifications&email_token=AGBTJH5M5SNPSKHVNEYOXS3QSINPNA5CNFSM4HP4765KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDE6BMA#issuecomment-550101168, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGBTJH4HV7WLOOEEWCLOW4TQSINPNANCNFSM4HP4765A .

inphobia commented 4 years ago

so, we have the fix you wrote that works for these devices. but since l3::foundry has such a wide range of matching products i don't want to enable it for everything since it's likely it will break other devices matched under that class.

the fix will most likely be something like this for all the added functions: https://github.com/inphobia/snmp-info/blob/591003064e863fd48039a43f185b4918efffad18/lib/SNMP/Info/Layer3/Nexus.pm#L143-L153

big question is match on what.

so:

i'm inclined to match against major os version (8 and lower) combined with and/or ruckus / icx until we can get a wider test set.

velmeran commented 4 years ago

So far I can say that its worked with all the devices on this page: https://www.ruckuswireless.com/products/ruckus-icx-family-switches

All the switches I tested on have been version 8 at least of the firmware. I don't believe there is a verion 7 of the firmware, these devices are kind of a mashup that occurred with brocade and ruckus were acquired by another company and various things were spun off with the Ruckus ICX switch line being designed to work with Ruckus Wireless AP's and the Ruckus SmartZone control software.

I think just matching up to Ruckus / ICX is enough to identify these unique devices.

-Jonathan

On Thu, Nov 7, 2019 at 11:46 AM nick n. notifications@github.com wrote:

so, we have the fix you wrote that works for these devices. but since l3::foundry has such a wide range of matching products i don't want to enable it for everything since it's likely it will break other devices matched under that class.

the fix will most likely be something like this for all the added functions:

https://github.com/inphobia/snmp-info/blob/591003064e863fd48039a43f185b4918efffad18/lib/SNMP/Info/Layer3/Nexus.pm#L143-L153

big question is match on what.

so:

  • all are your devices fixed with the patch you wrote?
  • all are those devices identified as ruckus & icx
  • do all those devices run version 8 of the os, or can you test older/newer major releases?

i'm inclined to match against major os version (8 and lower) combined with and/or ruckus / icx until we can get a wider test set.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/netdisco/snmp-info/issues/339?email_source=notifications&email_token=AGBTJH7UYS5ZF6GRMOFE3MDQSRWCPA5CNFSM4HP4765KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDNS2PI#issuecomment-551234877, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGBTJH3PV2DWVBQ5CUJKWL3QSRWCPANCNFSM4HP4765A .

inphobia commented 4 years ago

so i had a look at their eol (https://support.ruckuswireless.com/product_families/23-eol-fastiron-icx-products) and newer (https://support.ruckuswireless.com/documents/1592-ruckus-icx-switch-7150-7250-7450-quick-start-guide-qsg) stuff.

i downloaded the firmware packs for a few different products running ironware8, also found some older ironware7 downloads.

a bit more specific; i had a look at

all of those firmware packs included mibs & it seems they all support snVLanByPortVLanIndex, so most likely also the other oids used.

as such, i guess os version 7 & 8 matched with ironware could be a safe bet?

inphobia commented 4 years ago

after having a closer look i noticed that just all their mibs in 1 file, which we actually documented here: https://github.com/netdisco/netdisco-mibs/blob/master/foundry/README

so i think it that ruckus + icx will indeed be the safest choice.