vlan creation via snmp on 2106

Unanswered Question
Sep 29th, 2007

Dear all:

We need to create vlans on wireless controllers USING SNMP. While there is a detailed set of instructions on a similar subject for switches, the following are my difficulties:

1) The subtree of

SNMPv2-SMI::enterprises.9.9.46 is simply missing, I can't snmpwalk or snmpget anything under it. That corresponds to vlans on a 2950

switch, but we are on 2106.

Perhaps, since on these controllers

vlans are really dynamic interfaces, I should look under mib-2.system.interfaces? Well, I have, but there I encounter 2 problems:

a) interfaces.ifnumber == 8, which is the

number of physical ports on the thing.

Since I also have a management, apmanager

and virtual interfaces, this does not

seem to be it. (and it really looks like a

table of 8 rows).

b) Anyway, when I do an snmpwalk under the

mib-2, I get the error about oids not

increasing (I'll provide the relevant

output in the end of the message). Does

this mean the snmp agent on the device

is bad? Can I fix it myself? Is there

a way to compile additional mibs into it?

(I will neeed some level of detail here)?

IF-MIB::ifOutErrors.8 = Counter32: 0

IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2)

IP-MIB::ipDefaultTTL.0 = INTEGER: 64

IP-MIB::ipInReceives.0 = Counter32: 7100

IP-MIB::ipInHdrErrors.0 = Counter32: 0

IP-MIB::ipInAddrErrors.0 = Counter32: 0

IP-MIB::ipForwDatagrams.0 = Counter32: 0

IP-MIB::ipInUnknownProtos.0 = Counter32: 0

IP-MIB::ipInDiscards.0 = Counter32: 0

IP-MIB::ipInDelivers.0 = Counter32: 3468

IP-MIB::ipOutRequests.0 = Counter32: 6866

IP-MIB::ipOutDiscards.0 = Counter32: 0

IP-MIB::ipOutNoRoutes.0 = Counter32: 0

IP-MIB::ipReasmTimeout.0 = INTEGER: 0

IP-MIB::ipReasmReqds.0 = Counter32: 0

IP-MIB::ipReasmOKs.0 = Counter32: 0

IP-MIB::ipReasmFails.0 = Counter32: 0

IP-MIB::ipFragOKs.0 = Counter32: 0

IP-MIB::ipFragFails.0 = Counter32: 7100

IP-MIB::ipFragCreates.0 = Counter32: 0

IP-MIB::ipAdEntAddr.102.1.1.10 = IpAddress: 10.1.1.102

IP-MIB::ipAdEntAddr.101.1.1.10 = IpAddress: 10.1.1.101

And at this point the walk terminates, since the OID's are not increasing.

These two are just the addresses of my management and ap-manager interfaces, so I

could just reassign them and hope they will

be increasing from that point on. :)))

BTW, the snmp object navigator on this site does not seem to find the last two.

Can someone, please, help me out here.

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drolemc Fri, 10/05/2007 - 05:54

You cannot compile additional MIBs on to the device. And I don't think you can create dynamic interfaces on the Wireless LAN Controller using SNMP MIBs. You can create dynamic interfaces only through the CLI and the GUI on the device.

dgerenrot Tue, 10/09/2007 - 12:48

Thank you so much for your response. Please, forgive the late reply.

First, off, it does look quite impossible to compile additional MIBs into this WLC.

As far as creating wlan and vlan I have actually managed to do both. To create vlan:you use the table 1.3.6.1.4.1.14179.1.2.13.1 (Notice 1.4.1.14179 rather that 1.4.1.9 -- I think that's Aeronet's proprietary and cisco bought them). Anyway, the above OID is the interface table, you can actually see the management, p-manager and virtual interface under it. But the well-known problem with the snmpwalk prevented me from seeing any further (you get the OID not increasing error). I had to use some brute-force snmp get calls to get around that.

Before I go on any furhter let me set up some notation:

* IF_TABLE = 1.3.6.1.4.1.14179.1.2.13.1

* $Appdx() a numeric sequence

of the form L.c1.c2.c3...cL.

where L is the length of the word and

c1, c2 , etc are ascii encodings of

characters.

E.g., $oidAppendix('vlan3') == 5.118.108.97.110.51

Anyway, this $oidAppendix essentially behaves like an index.

So to set up an interface named vlan3: the

following seems to work:

Set 1.3.6.1.4.1.14179.1.2.13.1.31.$Appdx(vlan_name)

to 5 (Create and wait)

Notice the 31, that means RowStatus. (I assume the reader to be familiar with the SMIv2 tables)

Doing the above snmpset has the effect of initializing the row creation. Then you have to snmpSET the following:

IF_TABLE.1.$Appdx -- htat's interfaceName (String)

IT_TABLE.2.$Appdx -- interfaceNumber (int),

I think after this you can already see the

interface under Controller->Interfaces.

Next replace 2 by:

5 -- interface ip,

6 -- netmask, protected static final String

Etc. Here is the fragment of my java code:

CISCO_IF_GATEWAY = CISCO_IF_TABLE+".7";

protected static final String CISCO_IF_PORT= CISCO_IF_TABLE+".8";

protected static final String CISCO_IF_DHCP_PRIM = CISCO_IF_TABLE+".9";

protected static final String CISCO_IF_DHCP_SEC = CISCO_IF_TABLE+".10";

I vaguely recall not being able to

set these:

protected static final String CISCO_IF_ACTIVEPORT = CISCO_IF_TABLE+".15";

protected static final String CISCO_IF_QUARANTINE = CISCO_IF_TABLE+".17";

REMARK: The above is simply a sequence of set commands (and I could do it using v1 security no problem). Since I was using snmp4j java library I had to wait a couple of seconds between these set commands, else it did not work.

As for creating wlans, a single snmpset

operation works: to create wlan 4

use the table 1.3.6.1.4.1.9.9.512.1.1.1.1

(1.3.6.1.4.1.9.9.512.1.1.1.1.2 is rowstatus)

In a SINGLE snmpset operation, the following

works:

1.3.6.1.4.1.9.9.512.1.1.1.1.2.4 = 4; //4 -- create and go

1.3.6.1.4.1.9.9.512.1.1.1.1.3.4 = vlan4; 1.3.6.1.4.1.9.9.512.1.1.1.1.4.4 = vlan4_ssid;

Check the MIB descriptions for details

or email me at

stayonline dot net with the above uname.

dgerenrot Thu, 12/20/2007 - 16:58

Here is yet another important addendum. I wanted to add this for a while:

set 1.3.6.1.4.1.14179.2.1.1.1.42. to interfaceName (which is a string.)

This associates the dynamic interface interfaceName to the wlan

set 1.3.6.1.4.1.14179.2.1.1.1.6. to 1 (integer) This enables the wlan which is disabled by default.

Two more remarks:

1) These commands also work for Cisco 4402 AP controller.

2)setting 1.3.6.1.4.1.9.9.521.1.1.1.1.1. to 2 disables a certain security feature of the wlan called 'WPA' security. It's either that

or figuring out how to set the right security keys, etc., which we did not need for our project.

Actions

This Discussion

 

 

Trending Topics - Security & Network