IP : 简单网络管理协议 (SNMP)

使用SNMP,如何添加,修改和去除在Catalyst的VLANs

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

使用简单网络管理协议(SNMP)的本文描述如何创建和删除在Cisco Catalyst交换机的VLAN。它如何也描述添加端口对与SNMP的VLAN。

先决条件

要求

在您使用本文档中的信息前,请保证您了解:

  • ifTable和IfIndex如何工作

  • VLAN如何在思科Catalyst交换机工作

  • 如何查看关于思科Catalyst交换机的VLAN信息

  • SNMP一般用途获得设置,并且命令

组件

本文是为运行正常Catalyst OS或Catalyst IOS支持IF-MIB、CISCO-VTP-MIB和CISCO-VLAN-MEMBERSHIP-MIB的Catalyst交换机。本文档中的信息基于以下软件和硬件版本:

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果在真实网络工作,在您使用所有命令前请确保您了解任何命令潜在影响。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

背景

MIB变量的详细信息—包括对象标识符(OIDs)


1.3.6.1.4.1.9.9.46.1.3.1.1.2 (CISCO-VTP-MIB)
vtpVlanState  OBJECT-TYPE
    SYNTAX     INTEGER { operational(1),
                         suspended(2),
                         mtuTooBigForDevice(3),
                         mtuTooBigForTrunk(4) }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION            "The state of this VLAN.

            The state 'mtuTooBigForDevice' indicates that this device
            cannot participate in this VLAN because the VLAN's MTU is
            larger than the device can support.

            The state 'mtuTooBigForTrunk' indicates that while this
            VLAN's MTU is supported by this device, it is too large for
            one or more of the device's trunk ports."
    ::= { vtpVlanEntry 2 }


1.3.6.1.4.1.9.9.46.1.4.1.1.1 (CISCO-VTP-MIB)
vtpVlanEditOperation OBJECT-TYPE
    SYNTAX     INTEGER { none(1),
                         copy(2),
                         apply(3),
                         release(4),
                         restartTimer(5)
                       }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "This object always has the value 'none' when read.  When
            written, each value causes the appropriate action:

             'copy' - causes the creation of rows in the
            vtpVlanEditTable exactly corresponding to the current global
            VLAN information for this management domain.  If the Edit
            Buffer (for this management domain) is not currently empty,
            a copy operation fails.  A successful copy operation starts
            the deadman-timer.

             'apply' - first performs a consistent check on the the
            modified information contained in the Edit Buffer, and if
            consistent, then tries to instanciate the modified
            information as the new global VLAN information.  Note that
            an empty Edit Buffer (for the management domain) would
            always result in an inconsistency since the default VLANs
            are required to be present.

             'release' - flushes the Edit Buffer (for this management
            domain), clears the Owner information, and aborts the
            deadman-timer.  A release is generated automatically if the
            deadman-timer ever expires.

             'restartTimer' - restarts the deadman-timer.

             'none' - no operation is performed."
    ::= { vtpEditControlEntry 1 }


1.3.6.1.4.1.9.9.46.1.4.1.1.3 (CISCO-VTP-MIB)
vtpVlanEditBufferOwner OBJECT-TYPE
    SYNTAX     OwnerString
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "The management station which is currently using the Edit
            Buffer for this management domain.  When the Edit Buffer for
            a management domain is not currently in use, the value of
            this object is the zero-length string.  Note that it is also
            the zero-length string if a manager fails to set this object
            when invoking a copy operation."
    ::= { vtpEditControlEntry 3 }


1.3.6.1.4.1.9.9.46.1.4.2.1.11 (CISCO-VTP-MIB)
vtpVlanEditRowStatus OBJECT-TYPE
    SYNTAX     RowStatus
1:active
2:notInService
3:notReady
4:createAndGo
5:createAndWait
6:destroy
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "The status of this row.  Any and all columnar objects in an
            existing row can be modified irrespective of the status of
            the row.

            A row is not qualified for activation until instances of at
            least its vtpVlanEditType, vtpVlanEditName and
            vtpVlanEditDot10Said columns have appropriate values.

            The management station should endeavor to make all rows
            consistent in the table before 'apply'ing the buffer.  An
            inconsistent entry in the table will cause the entire
            buffer to be rejected with the vtpVlanApplyStatus object
            set to the appropriate error value."
    ::= { vtpVlanEditEntry 11 }


1.3.6.1.4.1.9.9.46.1.4.2.1.3.1.48 (CISCO-VTP-MIB)
vtpVlanEditType OBJECT-TYPE
    SYNTAX     VlanType
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "The type which this VLAN would have.
            An implementation may restrict access to this object."
    DEFVAL     { ethernet }
    ::= { vtpVlanEditEntry 3 }


1.3.6.1.4.1.9.9.46.1.4.2.1.4.1.48 (CISCO-VTP-MIB)
vtpVlanEditName OBJECT-TYPE
    SYNTAX     DisplayString (SIZE (1..32))
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "The name which this VLAN would have.  This name would be
            used as the ELAN-name for an ATM LAN-Emulation segment of
            this VLAN.

            An implementation may restrict access to this object."
    ::= { vtpVlanEditEntry 4 }


1.3.6.1.4.1.9.9.46.1.4.2.1.6.1.48 (CISCO-VTP-MIB)
vtpVlanEditDot10Said OBJECT-TYPE
    SYNTAX     OCTET STRING (SIZE (4))
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION            "The value of the 802.10 SAID field which would be used for
            this VLAN.

            An implementation may restrict access to this object."
    ::= { vtpVlanEditEntry 6 }


1.3.6.1.4.1.9.9.46.1.4.1.1.2.1 (CISCO-VTP-MIB)
vtpVlanApplyStatus OBJECT-TYPE
    SYNTAX     INTEGER { inProgress(1),
                         succeeded(2),
                         configNumberError(3),
                         inconsistentEdit(4),
                         tooBig(5),
                         localNVStoreFail(6),
                         remoteNVStoreFail(7),
                         editBufferEmpty(8),
                         someOtherError(9)
                       }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION            "The current status of an 'apply' operation to instanciate
            the Edit Buffer as the new global VLAN information (for this
            management domain).  If no apply is currently active, the
            status represented is that of the most recently completed
            apply.  The possible values are:

               inProgress - 'apply' operation in progress;

               succeeded - the 'apply' was successful (this value is
                      also used when no apply has been invoked since the
                      last time the local system restarted);

               configNumberError - the apply failed because the value of
                      vtpVlanEditConfigRevNumber was less or equal to
                      the value of current value of 
                      managementDomainConfigRevNumber;

               inconsistentEdit - the apply failed because the modified
                      information was not self-consistent;

               tooBig - the apply failed because the modified
                      information was too large to fit in this VTP
                      Server's non-volatile storage location;

               localNVStoreFail - the apply failed in trying to store
                      the new information in a local non-volatile
                      storage location;

               remoteNVStoreFail - the apply failed in trying to store
                      the new information in a remote non-volatile
                      storage location;

               editBufferEmpty - the apply failed because the Edit
                      Buffer was empty (for this management domain).

               someOtherError - the apply failed for some other reason
                      (e.g., insufficient memory)."
    ::= { vtpEditControlEntry 2 }


1.3.6.1.4.1.9.9.68.1.2.2.1.2 (CISCO-VLAN-MEMBERSHIP-MIB)
vmVlan  OBJECT-TYPE
        SYNTAX     INTEGER(0..4095)
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION                "The VLAN id of the VLAN the port is assigned to
                 when vmVlanType is set to static or dynamic.
                 This object is not instantiated if not applicable.

                 The value may be 0 if the port is not assigned
                 to a VLAN.

                 If vmVlanType is static, the port is always
                 assigned to a VLAN and the object may not be
                 set to 0.

                 If vmVlanType is dynamic the object's value is
                 0 if the port is currently not assigned to a VLAN.
                 In addition, the object may be set to 0 only."
        ::= { vmMembershipEntry 2 }

添加VLAN到有SNMP的Cisco Catalyst交换机

逐步指导

在如下所示的示例中, VLAN11被添加到交换机:

  1. 为了检查哪些VLAN在交换机当前配置,请发出在vtpVlanState OID的一snmpwalk

    注意: 在OID的最后编号是VLAN号。

    
    snmpwalk -c public crumpy vtpVlanState
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.48 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational
    
    
  2. 如果版本由另一个NMS工作站或设备,是在使用中的请验证。如果看到此消息,版本不是在使用中的:没有MIB对象包含在子树下

    snmpwalk -c public crumpy vtpVlanEditTable
    no MIB objects contained under subtree.
    
    
  3. 版本不是在使用中的,因此开始编辑是安全的。设置vtpVlanEditOperation为复制状态(整数2)。这允许您创建VLAN。

    snmpset -c private crumpy vtpVlanEditOperation.1 integer 2
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: copy
    
  4. 为了使当前所有者编辑权限可视,您能设置所有者,当您发出命令时, vtpVlanEditBufferOwner

    snmpset -c private crumpy vtpVlanEditBufferOwner.1 octetstring "Gerald"
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditBufferOwner.1 : OCTET STRING- (ascii):    Gerald
    
  5. 此示例显示如何验证表存在:

    snmpwalk -c public crumpy vtpVlanEditTable
    vtpVlanEditState.1.1 : INTEGER: operational
    vtpVlanEditState.1.2 : INTEGER: operational
    vtpVlanEditState.1.3 : INTEGER: operational
    ..
    
  6. 此示例是VLAN11并且显示您如何创建行和设置类型和名称:

    snmpset -c private crumpy vtpVlanEditRowStatus.1.11 integer 4
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditRowStatus.1.11 : INTEGER: createAndGo
    
    snmpset -c private crumpy vtpVlanEditType.1.11 integer 1
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditType.1.11 : INTEGER: ethernet
    
    snmpset -c private crumpy vtpVlanEditName.1.11 octetstring "test_11_gerald"
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditName.1.11 : DISPLAY STRING- (ascii):  test_11_gerald
    
  7. 设置vtpVlanEditDot10Said。这是VLAN号+ 100000翻译对十六进制。此示例创建VLAN11,因此vtpVlanEditDot10Said应该是:11 + 100000 = 100011 - >十六进制:000186AB

    snmpset -c private crumpy vtpVlanEditDot10Said.1.11 octetstringhex 000186AB
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEdi
    ntry.vtpVlanEditDot10Said.1.11 : OCTET STRING-   (hex): length = 4
         0:  00 01 86 ab -- -- -- -- -- -- -- -- -- -- -- --     ................
    
  8. 当您有创建的VLAN 11时,您必须应用修改。再请使用vtpVlanEditOperation OID。这次使用应用确认设置:

    snmpset -c private crumpy vtpVlanEditOperation.1 integer 3
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: apply
    
  9. 验证VLAN顺利地创建。请使用OID vtpVlanApplyStatus。请检查进程,直到状态读:成功

    snmpget –c public crumpy vtpVlanApplyStatus.1
    vtpVlanApplyStatus.1 : INTEGER: inProgress
    snmpget –c public crumpy vtpVlanApplyStatus.1
    vtpVlanApplyStatus.1 : INTEGER: inProgress
    snmpget –c public crumpy vtpVlanApplyStatus.1
    vtpVlanApplyStatus.1 : INTEGER: succeeded
    
  10. 上一操作是做修改和发布权限,以便其他用户能从他们的NMS添加,修改或者删除VLAN。

    snmpset  -c private crumpy vtpVlanEditOperation.1 integer 4
    vtpVlanEditOperation.1 : INTEGER: release
    
    
  11. 验证缓冲区是空的:

    snmpwalk –c public crumpy vtpVlanEditTable
    no MIB objects contained under subtree.
    
    
  12. 验证VLAN11在交换机创建有CLI命令show VLAN的或有snmpwalk的

    snmpwalk -c public crumpy vtpVlanState
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.11 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.48 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational
    …
    

添加VLAN到有SNMP的Cisco Catalyst交换机

一个步骤说明

这一步骤进程使用OID编号而不是OID名称类似上一个逐步进程。请参阅MIB详细信息关于转换。此示例创建VLAN 6 :

snmpset -c private crumpy 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 2 1.3.6.1.4.1.9.9.46.1.4.1.1.3.1 octetstring "gcober" 

snmpset -c private gooroo 1.3.6.1.4.1.9.9.46.1.4.2.1.11.1.6 integer 4 1.3.6.1.4.1.9.9.46.1.4.2.1.3.1.6 integer 1 1.3.6.1.4.1.9.9.46.1.4.2.1.4.1.6 octetstring "vlan6" 1.3.6.1.4.1.9.9.46.1.4.2.1.6.1.6 octetstringhex 000186A6 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 3

snmpset -c private gooroo 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 4

snmpwalk -c public crumpy 1.3.6.1.4.1.9.9.46.1.3.1.1.2
cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational
cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.6 : INTEGER: operational
cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.11 : INTEGER: operational

 

注意: 某些SNMP版本要求您在OID前使用a (。)在SNMP SET命令。

删除从Cisco Catalyst交换机的VLAN有SNMP的

逐步指导

在本例中VLAN 48从交换机删除。参考添加VLAN到有SNMP的思科Catalyst欲知更多信息。您删除VLAN和那个的此部分之间的差异您添加VLAN的地方是您使用毁坏而不是CreateAndGo命令vtpVlanEditRowStatus

  1. 发出命令删除VLAN 48 :

    snmpset -c private crumpy vtpVlanEditOperation.1 integer 2
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: copy
    snmpset -c private crumpy vtpVlanEditRowStatus.1.48 integer 6
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditRowStatus.1.48 : INTEGER: destroy
    
    
  2. 要验证VLAN 48删除,请使用vtpVlanStateshow VLAN在CLI :

    snmpwalk -c public crumpy vtpVlanState
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational
    cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational
    …
    

添加端口到在Cisco Catalyst交换机的VLAN有SNMP的

此示例如何显示添加端口快速以太网0/5到VLAN 48。

  1. 要验证的IfIndex快速Eth 0/5有,请发出ifDescr snmpwalk

    snmpwalk -c public crumpy ifDescr
    …
    interfaces.ifTable.ifEntry.ifDescr.6 : DISPLAY STRING- (ascii):  FastEthernet0/5
    …
    
  2. 因为您知道端口快速Eth 0/5有IfIndex 6,请添加端口到VLAN 48 :

    snmpset -c private crumpy vmVlan.6 integer 48
    cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.6 : INTEGER: 48
    
  3. 验证端口通过再查询同样OID正确地添加。

    snmpget -c public crumpy vmVlan.6
    cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.6 : INTEGER: 48

    您在交换机能也验证此:

    crumpy#sh vlan
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                    Fa0/6, Fa0/7, Fa0/8, Fa0/9,
                                                    Fa0/10, Fa0/11, Fa0/12, Fa0/13,
                                                    Fa0/14, Fa0/15, Fa0/16, Fa0/17,
                                                    Fa0/18, Fa0/19, Fa0/20, Fa0/21,
                                                    Fa0/22, Fa0/23, Fa0/24, Gi0/1,
                                                    Gi0/2
    48   VLAN0048                         active    Fa0/5
    

如何更改从一个VLAN的端口到另一个VLAN

此示例展示端口快速Eth 0/3如何属于VLAN 48和如何移动它向VLAN1 (默认VLAN) :

  1. 要验证的IfIndex快速Eth 0/3有,请发出ifDescr snmpwalk

    snmpwalk -c public crumpy ifDescr
    …
    interfaces.ifTable.ifEntry.ifDescr.4 : DISPLAY STRING- (ascii):  FastEthernet0/3
    …
    
  2. 因为您知道端口快速Eth 0/3有IfIndex 4,您能验证到哪个VLAN端口当前属于:

    snmpget -c public crumpy vmVlan.4
    cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 48
    
  3. 端口属于VLAN 48。

    snmpset -c private crumpy vmVlan.4 integer 1
    cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 1
    
    
  4. 要移动从VLAN 48的端口向VLAN1,请发出vmVlan snmpset

  5. 要验证,如果端口更改对另一个VLAN,再请查询vmVlan

    snmpget -c public crumpy vmVlan.4
    cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 1
    

    您在交换机能也验证此:

    在更改前:

    crumpy#sh vlan
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/1, Fa0/2, Fa0/4, Fa0/5,
                                                    Fa0/6, Fa0/7, Fa0/8, Fa0/9,
                                                    Fa0/10, Fa0/11, Fa0/12, Fa0/13,
                                                    Fa0/14, Fa0/15, Fa0/16, Fa0/17,
                                                    Fa0/18, Fa0/19, Fa0/20, Fa0/21,
                                                    Fa0/22, Fa0/23, Fa0/24, Gi0/1,
                                                    Gi0/2
    48   VLAN0048                         active    Fa0/3

    在更改以后:

    crumpy#sh vlan
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                    Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                    Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                    Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                                    Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                                    Fa0/21, Fa0/22, Fa0/23, Fa0/24,
                                                    Gi0/1, Gi0/2
    48   VLAN0048                         active

    注意: 您能做其他变动,例如VLAN名称,所有者和更多。欲了解更详细的信息参考整个MIB在OID。

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 45080