如何使用SNMP在Catalyst上新增、修改和移除VLAN
目錄
簡介
本文說明如何在使用簡易網路管理通訊協定(SNMP)的Cisco Catalyst交換器上建立和刪除VLAN。 其中也說明如何使用SNMP將連線埠新增到VLAN。
必要條件
需求
使用本檔案中的資訊之前,請確保您已瞭解:
-
ifTable和ifIndexes的工作原理
-
VLAN在Cisco Catalyst交換機上的工作方式
-
如何檢視Cisco Catalyst交換機上的VLAN資訊
-
SNMP get、set和walk命令的一般用法
元件
本文檔適用於運行支援IF-MIB、CISCO-VTP-MIB和CISCO-VLAN-MEMBERSHIP-MIB的常規Catalyst OS或Catalyst IOS的Catalyst交換機。本文中的資訊係根據以下軟體和硬體版本:
-
執行CatIOS 12.0(5)WC5a的Catalyst 3524XL
-
NET-SNMP版本5.0.6,網址為http://www.net-snmp.org/
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您正在即時網路中工作,在使用任何命令之前,請確保您瞭解任何命令的潛在影響。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
背景
MIB變數的詳細資訊 — 包括對象識別符號(OID)
1.3.6.1.4.1.9.9.46.1.3.1.1.2 (CISCO-VTP-MIB)
vtpVlanState OBJECT-TYPE
SYNTAX INTEGER { operational(1),
suspended(2),
mtuTooBigForDevice(3),
mtuTooBigForTrunk(4) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The state of this VLAN.
The state 'mtuTooBigForDevice' indicates that this device
cannot participate in this VLAN because the VLAN's MTU is
larger than the device can support.
The state 'mtuTooBigForTrunk' indicates that while this
VLAN's MTU is supported by this device, it is too large for
one or more of the device's trunk ports."
::= { vtpVlanEntry 2 }
1.3.6.1.4.1.9.9.46.1.4.1.1.1 (CISCO-VTP-MIB)
vtpVlanEditOperation OBJECT-TYPE
SYNTAX INTEGER { none(1),
copy(2),
apply(3),
release(4),
restartTimer(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object always has the value 'none' when read. When
written, each value causes the appropriate action:
'copy' - causes the creation of rows in the
vtpVlanEditTable exactly corresponding to the current global
VLAN information for this management domain. If the Edit
Buffer (for this management domain) is not currently empty,
a copy operation fails. A successful copy operation starts
the deadman-timer.
'apply' - first performs a consistent check on the the
modified information contained in the Edit Buffer, and if
consistent, then tries to instanciate the modified
information as the new global VLAN information. Note that
an empty Edit Buffer (for the management domain) would
always result in an inconsistency since the default VLANs
are required to be present.
'release' - flushes the Edit Buffer (for this management
domain), clears the Owner information, and aborts the
deadman-timer. A release is generated automatically if the
deadman-timer ever expires.
'restartTimer' - restarts the deadman-timer.
'none' - no operation is performed."
::= { vtpEditControlEntry 1 }
1.3.6.1.4.1.9.9.46.1.4.1.1.3 (CISCO-VTP-MIB)
vtpVlanEditBufferOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The management station which is currently using the Edit
Buffer for this management domain. When the Edit Buffer for
a management domain is not currently in use, the value of
this object is the zero-length string. Note that it is also
the zero-length string if a manager fails to set this object
when invoking a copy operation."
::= { vtpEditControlEntry 3 }
1.3.6.1.4.1.9.9.46.1.4.2.1.11 (CISCO-VTP-MIB)
vtpVlanEditRowStatus OBJECT-TYPE
SYNTAX RowStatus
1:active
2:notInService
3:notReady
4:createAndGo
5:createAndWait
6:destroy
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The status of this row. Any and all columnar objects in an
existing row can be modified irrespective of the status of
the row.
A row is not qualified for activation until instances of at
least its vtpVlanEditType, vtpVlanEditName and
vtpVlanEditDot10Said columns have appropriate values.
The management station should endeavor to make all rows
consistent in the table before 'apply'ing the buffer. An
inconsistent entry in the table will cause the entire
buffer to be rejected with the vtpVlanApplyStatus object
set to the appropriate error value."
::= { vtpVlanEditEntry 11 }
1.3.6.1.4.1.9.9.46.1.4.2.1.3.1.48 (CISCO-VTP-MIB)
vtpVlanEditType OBJECT-TYPE
SYNTAX VlanType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The type which this VLAN would have.
An implementation may restrict access to this object."
DEFVAL { ethernet }
::= { vtpVlanEditEntry 3 }
1.3.6.1.4.1.9.9.46.1.4.2.1.4.1.48 (CISCO-VTP-MIB)
vtpVlanEditName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The name which this VLAN would have. This name would be
used as the ELAN-name for an ATM LAN-Emulation segment of
this VLAN.
An implementation may restrict access to this object."
::= { vtpVlanEditEntry 4 }
1.3.6.1.4.1.9.9.46.1.4.2.1.6.1.48 (CISCO-VTP-MIB)
vtpVlanEditDot10Said OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the 802.10 SAID field which would be used for
this VLAN.
An implementation may restrict access to this object."
::= { vtpVlanEditEntry 6 }
1.3.6.1.4.1.9.9.46.1.4.1.1.2.1 (CISCO-VTP-MIB)
vtpVlanApplyStatus OBJECT-TYPE
SYNTAX INTEGER { inProgress(1),
succeeded(2),
configNumberError(3),
inconsistentEdit(4),
tooBig(5),
localNVStoreFail(6),
remoteNVStoreFail(7),
editBufferEmpty(8),
someOtherError(9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The current status of an 'apply' operation to instanciate
the Edit Buffer as the new global VLAN information (for this
management domain). If no apply is currently active, the
status represented is that of the most recently completed
apply. The possible values are:
inProgress - 'apply' operation in progress;
succeeded - the 'apply' was successful (this value is
also used when no apply has been invoked since the
last time the local system restarted);
configNumberError - the apply failed because the value of
vtpVlanEditConfigRevNumber was less or equal to
the value of current value of
managementDomainConfigRevNumber;
inconsistentEdit - the apply failed because the modified
information was not self-consistent;
tooBig - the apply failed because the modified
information was too large to fit in this VTP
Server's non-volatile storage location;
localNVStoreFail - the apply failed in trying to store
the new information in a local non-volatile
storage location;
remoteNVStoreFail - the apply failed in trying to store
the new information in a remote non-volatile
storage location;
editBufferEmpty - the apply failed because the Edit
Buffer was empty (for this management domain).
someOtherError - the apply failed for some other reason
(e.g., insufficient memory)."
::= { vtpEditControlEntry 2 }
1.3.6.1.4.1.9.9.68.1.2.2.1.2 (CISCO-VLAN-MEMBERSHIP-MIB)
vmVlan OBJECT-TYPE
SYNTAX INTEGER(0..4095)
MAX-ACCESS read-write
STATUS current
DESCRIPTION "The VLAN id of the VLAN the port is assigned to
when vmVlanType is set to static or dynamic.
This object is not instantiated if not applicable.
The value may be 0 if the port is not assigned
to a VLAN.
If vmVlanType is static, the port is always
assigned to a VLAN and the object may not be
set to 0.
If vmVlanType is dynamic the object's value is
0 if the port is currently not assigned to a VLAN.
In addition, the object may be set to 0 only."
::= { vmMembershipEntry 2 }
使用SNMP將VLAN新增到Cisco Catalyst交換機
逐步說明
在以下範例中,VLAN 11新增到交換器:
-
若要檢查交換器上目前設定的VLAN,請在vtpVlanState OID上發出snmpwalk:
註:OID中的最後一個數字是VLAN編號。
snmpwalk -c public crumpy vtpVlanState cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.48 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational
-
驗證版本是否正由另一個NMS工作站或裝置使用。如果看到以下消息,則版本未使用:子樹下不包含任何MIB對象:
snmpwalk -c public crumpy vtpVlanEditTable no MIB objects contained under subtree.
-
該版本未使用,因此可以安全地開始編輯。將vtpVlanEditOperation設定為複製狀態(整數2)。 這麼做可建立VLAN。
snmpset -c private crumpy vtpVlanEditOperation.1 integer 2 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: copy
-
若要使編輯許可權的當前所有者可見,可以在發出命令vtpVlanEditBufferOwner時設定所有者。
snmpset -c private crumpy vtpVlanEditBufferOwner.1 octetstring "Gerald" cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditBufferOwner.1 : OCTET STRING- (ascii): Gerald
-
此示例說明如何驗證該表是否存在:
snmpwalk -c public crumpy vtpVlanEditTable vtpVlanEditState.1.1 : INTEGER: operational vtpVlanEditState.1.2 : INTEGER: operational vtpVlanEditState.1.3 : INTEGER: operational ..
-
以下示例是VLAN 11,說明如何建立行並設定型別和名稱:
snmpset -c private crumpy vtpVlanEditRowStatus.1.11 integer 4 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditRowStatus.1.11 : INTEGER: createAndGo snmpset -c private crumpy vtpVlanEditType.1.11 integer 1 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditType.1.11 : INTEGER: ethernet snmpset -c private crumpy vtpVlanEditName.1.11 octetstring "test_11_gerald" cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditName.1.11 : DISPLAY STRING- (ascii): test_11_gerald
-
設定vtpVlanEditDot10Said。這是VLAN編號+ 100000轉換為十六進位制。此示例建立VLAN 11,因此vtpVlanEditDot10Said應為:11 + 100000 = 100011 ->十六進位制:000186AB
snmpset -c private crumpy vtpVlanEditDot10Said.1.11 octetstringhex 000186AB cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEdi ntry.vtpVlanEditDot10Said.1.11 : OCTET STRING- (hex): length = 4 0: 00 01 86 ab -- -- -- -- -- -- -- -- -- -- -- -- ................ -
建立VLAN 11後,必須應用修改。再次使用vtpVlanEditOperation OID。這一次,請使用Apply確認設定:
snmpset -c private crumpy vtpVlanEditOperation.1 integer 3 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: apply
-
驗證是否已成功建立VLAN。使用OID vtpVlanApplyStatus。檢查進程,直到狀態顯示為:成功:
snmpget –c public crumpy vtpVlanApplyStatus.1 vtpVlanApplyStatus.1 : INTEGER: inProgress snmpget –c public crumpy vtpVlanApplyStatus.1 vtpVlanApplyStatus.1 : INTEGER: inProgress snmpget –c public crumpy vtpVlanApplyStatus.1 vtpVlanApplyStatus.1 : INTEGER: succeeded
-
最後一個操作是提交修改並釋放許可權,以便其他使用者可以從其NMS中新增、修改或刪除VLAN。
snmpset -c private crumpy vtpVlanEditOperation.1 integer 4 vtpVlanEditOperation.1 : INTEGER: release
-
驗證緩衝區是否為空:
snmpwalk –c public crumpy vtpVlanEditTable no MIB objects contained under subtree.
-
使用CLI指令show vlan 或使用snmpwalk確認交換器上已建立VLAN 11:
snmpwalk -c public crumpy vtpVlanState cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.11 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.48 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational …
使用SNMP將VLAN新增到Cisco Catalyst交換機
一步說明
一步過程使用OID號而不是像前面的逐步過程那樣使用OID名稱。請參閱MIB詳細資訊進行轉換。此範例建立VLAN 6:
snmpset -c private crumpy 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 2 1.3.6.1.4.1.9.9.46.1.4.1.1.3.1 octetstring "gcober" snmpset -c private gooroo 1.3.6.1.4.1.9.9.46.1.4.2.1.11.1.6 integer 4 1.3.6.1.4.1.9.9.46.1.4.2.1.3.1.6 integer 1 1.3.6.1.4.1.9.9.46.1.4.2.1.4.1.6 octetstring "vlan6" 1.3.6.1.4.1.9.9.46.1.4.2.1.6.1.6 octetstringhex 000186A6 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 3 snmpset -c private gooroo 1.3.6.1.4.1.9.9.46.1.4.1.1.1.1 integer 4 snmpwalk -c public crumpy 1.3.6.1.4.1.9.9.46.1.3.1.1.2 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.6 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.11 : INTEGER: operational
注意:某些SNMP版本要求您在SNMP SET命令中的OID之前使用(.)。
使用SNMP從Cisco Catalyst交換器刪除VLAN
逐步說明
在此範例中,VLAN 48會從交換器中刪除。如需詳細資訊,請參閱使用SNMP將VLAN新增到Cisco Catalyst。刪除VLAN的本節與新增VLAN的本節的區別在於,您對vtpVlanEditRowStatus使用destroy而不是CreateAndGo命令:
-
發出命令刪除VLAN 48:
snmpset -c private crumpy vtpVlanEditOperation.1 integer 2 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpEditControlTable.vtpEditControlEntry.vtpVlanEditOperation.1 : INTEGER: copy snmpset -c private crumpy vtpVlanEditRowStatus.1.48 integer 6 cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanEdit.vtpVlanEditTable.vtpVlanEditEntry.vtpVlanEditRowStatus.1.48 : INTEGER: destroy
-
要檢驗VLAN 48是否已刪除,請在CLI上使用vtpVlanState或show vlan:
snmpwalk -c public crumpy vtpVlanState cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1 : INTEGER: operational cisco.ciscoMgmt.ciscoVtpMIB.vtpMIBObjects.vlanInfo.vtpVlanTable.vtpVlanEntry.vtpVlanState.1.1002 : INTEGER: operational …
使用SNMP將連線埠新增到Cisco Catalyst交換器上的VLAN
此範例顯示如何將連線埠Fast Ethernet 0/5新增到VLAN 48。
-
要驗證IfIndex Fast Eth 0/5具有哪些,請發出snmpwalkifDescr:
snmpwalk -c public crumpy ifDescr … interfaces.ifTable.ifEntry.ifDescr.6 : DISPLAY STRING- (ascii): FastEthernet0/5 …
-
由於您知道埠Fast Eth 0/5的ifIndex為6,請將該埠新增到VLAN 48:
snmpset -c private crumpy vmVlan.6 integer 48 cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.6 : INTEGER: 48
-
通過再次查詢同一個OID驗證埠是否正確新增。
snmpget -c public crumpy vmVlan.6 cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.6 : INTEGER: 48
您也可以在交換器:上驗證這點
crumpy#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 48 VLAN0048 active Fa0/5
如何將埠從一個VLAN更改為另一個VLAN
此範例示範連線埠Fast Eth 0/3如何屬於VLAN 48,以及如何將其移動到VLAN 1(預設VLAN):
-
要驗證IfIndex Fast Eth 0/3具有哪些,請發出snmpwalkifDescr:
snmpwalk -c public crumpy ifDescr … interfaces.ifTable.ifEntry.ifDescr.4 : DISPLAY STRING- (ascii): FastEthernet0/3 …
-
由於您知道連線埠Fast Eth 0/3的ifIndex為4,因此您可以驗證連線埠目前屬於哪個VLAN:
snmpget -c public crumpy vmVlan.4 cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 48
-
此連線埠屬於VLAN 48。
snmpset -c private crumpy vmVlan.4 integer 1 cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 1
-
若要將連線埠從VLAN 48移動到VLAN 1,請發出snmpset vmVlan。
-
要驗證埠是否已更改為另一個VLAN,請再次查詢vmVlan:
snmpget -c public crumpy vmVlan.4 cisco.ciscoMgmt.ciscoVlanMembershipMIB.ciscoVlanMembershipMIBObjects.vmMembership.vmMembershipTable.vmMembershipEntry.vmVlan.4 : INTEGER: 1
您也可以在交換器上驗證這點:
更改之前:
crumpy#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 48 VLAN0048 active Fa0/3變更後:
crumpy#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 48 VLAN0048 active注意:您可以進行其他變更,例如VLAN名稱、所有者等。有關OID的詳細資訊,請參閱整個MIB。
意見