using if to identify proper mib for use with a cisco switch
Happy ThanksGiving guys,
I'm working on a script that will use nmap to enumerate a network for active cisco switches. Once the list is complete, we use sed to clean up the file (called nmapres) so it is only a list of IP addresses. Next I want to use a while statement to go down that list of IPs and snmpwalk each switch to retreive that switches serial number and record it to a mysql db. The intent is to have a click option on a web site that will php shellexec this script and print out a list of active serial numbers on a network. Here is what I have so far and it is taking place on Fedora 9...
#!/bin/bash
/bin/touch error
/bin/touch log
# obtain a list of active devices
nmap -sP 10.0.0.0/24 > nmapres
# Clean nmapres up to just a list of IPs
sed -i 's/Starting.*//g' nmapres
sed -i 's/Host //g' nmapres
sed -i 's/ appears.*//g' nmapres
sed -i 's/Nmap.*//g' nmapres
sed -i /^$/d nmapres
# Identify some variables
line=1
num= 'wc -l < nmapres'
3550mib=mib-2.47.1.1.1.1.11.1
3560mib=mib-2.47.1.1.1.1.11.1001
# the real work
while [ "$line" -le "$num" ]
do
# Extract line x from file of ip addresses
ip=`sed -n "$line"p nmapres`
if
fi
# Used to increment loop variable
line=`expr "$line" + 1`
done
Between the if and fi I would like to snmpwalk each IP address and check if the switch prefers 3550mib or 3560mib. I know that if I snmpwalk a switch and it doesn't like the mib I query for I get this (SNMPv2-SMI::mib-2.47.1.1.1.1.11.1 = No Such Instance currently exists at this OID) but if the switch does like the requested mib the output is (SNMPv2-SMI::mib-2.47.1.1.1.1.11.1001 = STRING: "serial number"). Do you guys know how I could do this?
i don't know the programs your are using and you provided very
few examples of what you have or want. This is what i would try:
Code:
sed -i 's/Starting.*//g;s/Host //g;s/ appears.*//g;s/Nmap.*//g;/^$/d' nmapres
Does in one processes what you use five for.
Code:
while read line
do
output=$(snmpwalk $line)
[[ $output =~ No]] && ... || ...
done < nmapres
Will read in the file nmapres line by line and save the line in $line.
Then snmpwalk ist invoked with the value provided by $line. The output
is saved in the variable $output. Now $output is matched with a regexp
against the string No. If this is true && ... else || ...
Chris,
Thanks for the suggestion of a one liner for sed, I'll change that but what I need the if to do is...
snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib", if the output from this command has (STRING) in it then I know this is the proper mib. If the output returns (No such oid supported) then I want if to test this
snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib"
To make it easier, since there is only 2 options for an mib I'm thinking
if [condition] then
echo "correct mib"
else [condition]
echo "condition 2 correct"
fi
but I don't understand how to write this.
Last edited by mitch; 11-28-2008 at 05:21 AM..
Reason: elaborating
That's is pretty much what i wrote. Replace ($)line with ($)ip:
Code:
while read ip
do
output=$(snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib")
[[ $output =~ No]] snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib") || snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib")
done < nmapres
But most probably snmpwalk returns an exit code if the program failed. So you could simply run it and if the exit code ist not 0, then it failed for whatever reason and you have to run it again.
So this should work, too:
Code:
while read ip
do
snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib"
[[ $? -ne 0]] && snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib")
done < nmapres
or this:
Code:
while read ip
do
snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3550mib" \
|| snmpwalk -v 3 -u user -l AuthNoPriv -A password "$ip" "$3560mib")
done < nmapres
All three assume that their is a file called nmapres with one correctly
formated ip-address per line. It reads this ip-address into variable $ip,
runs you command with this ip-address and checks the exit status.
If the command failed, it runs your second command.
So thanks to Christoph's help, this little betty will query a subnet of devices (Cisco) and report enviroment variables to a mysql db.
Code:
#!/bin/bash
# Removes all data from working files
cat /dev/null > /var/switch_enviro/environment.output
cat /dev/null > /var/switch_enviro/models.text
# get a list of active IP's and pull off all the junk we don't need
nmap -sP 10.0.0.0/23 | sed 's/Starting.*//g' | sed 's/Host //g' | sed 's/ appears.*//g' | sed 's/Nmap.*//g' | sed '/^$/d' > activeips
#set the OIDS for global use
#Temperature
toid1=1.3.6.1.4.1.9.5.1.2.13.0 #Temp OID for 3550,3560-24/48, 3750
#2950's have no temperature sensor
toid2=1.3.6.1.4.1.9.9.13.1.3.1.6.1 #Temp OID for 4506
#Fan
foid1=1.3.6.1.4.1.9.9.13.1.4.1.3 #Fan OID for 3550, 3560-24/48
foid2=1.3.6.1.4.1.9.9.13.1.4.1.3.1 #Fan OID for 2950
foid3=1.3.6.1.4.1.9.9.13.1.4.1.3.1004 #Fan OID for 3750
foid4=1.3.6.1.4.1.9.9.13.1.4.1.3.1 #fan OID for 4506
#Power Supply
poid1=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 3550
poid2=1.3.6.1.4.1.9.5.1.2.4.0 #PS OID for 3560-24/48
poid3=1.3.6.1.4.1.9.9.13.1.5.1.4 #PS OID for 3750
poid4=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 2950
poid5=1.3.6.1.4.1.9.9.13.1.5.1.3.1 #PS OID for 4506
#####################################################################################
#####################################################################################
while read ip
do
# Walk each ip in iteration from the file 'activeips'. Given that IP, get the sysDescr and get rid of everything but the model number.
# Then set the model of the given IP to a variable. Both model and the IP will be used conditionally with the models correct OID.
model=`snmpwalk -v 2c -c community_string -Ov -Oq $ip sysDescr.0 | grep IOS | sed 's/^.*, C//' | sed 's/ Software.*//' | sed 's/IOS (tm) C//' | sed 's/lre//' | sed 's/atalyst //' | sed 's/ L3.*//'`
# Get the name of the current switch
name=`snmpwalk -v 2c -c community_string -Ov -Oq $ip sysName.0 | sed 's/.domain.name.*//'`
echo $ip $model ###used just for visual stimulus while designing
echo "|"$ip >> /var/switch_enviro/environment.output #send the current IP to the output file
echo $name >> /var/switch_enviro/environment.output #send the current switch name to the output file
# Given the IP and MODEL for the currently polled device, compare model for correct OID
case $model in
3560) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$foid1" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$poid2" >> /var/switch_enviro/environment.output;
;;
3550) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$foid1" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$poid1" >> /var/switch_enviro/environment.output;
;;
3750) snmpwalk -Os -c community_string -v 1 "$ip" "$toid1" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$foid3" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$poid3" >> /var/switch_enviro/environment.output;
;;
2950) echo 5 >> /var/switch_enviro/environment.output; #######this is done because the 2950 has no temp sensor and for output format
snmpwalk -Os -c community_string -v 1 "$ip" "$foid2" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$poid4" >> /var/switch_enviro/environment.output;
;;
4500) snmpwalk -Os -c community_string -v 1 "$ip" "$toid2" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$foid4" >> /var/switch_enviro/environment.output;
snmpwalk -Os -c community_string -v 1 "$ip" "$poid5" >> /var/switch_enviro/environment.output;
;;
esac
done < activeips
#####################################################################################
#####################################################################################
#clean up the output file
sed -i 's/enterprises.*: //g' /var/switch_enviro/environment.output
#send the results of the output file to the database
echo "TRUNCATE TABLE environment_table;" | mysql switch_environment -h localhost -u username -p'password'
echo "LOAD DATA LOCAL INFILE '/var/switch_enviro/environment.output' INTO TABLE environment_table FIELDS TERMINATED BY '\n' LINES TERMINATED BY '|' (ipaddress, hostname, temp_status, fan_status, ps_status);" | mysql switch_environment -h localhost -u username -p'password'
Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
I've setup my Linux system, running Scientific Linux and ser2net, as a terminal server for my Cisco switches.
Logon and have fun!!
telnet 72.205.54.70 49001
telnet 72.205.54.70 49002
telnet 72.205.54.70 49003
For topology and updates go to http://labswitch.blogspot.com. Thanks! (3 Replies)
Hello all!
I am running Nagios 3.3.1 and I am trying to get it to monitor the ports on my Cisco Catalyst 3524-XL-PWR Managed Switch. But I keep getting "(Return code of 127 is out of bounds - plugin may be missing)" I have installed and compiled the plugins and the snmp services on the Ubuntu... (0 Replies)
Hi experts,
I need to cope configuration from one switch/firewall to another switch/firewall.
I have copied running configs.
The question is do I have to clear the existing configuration on the dest. devices
Or can I copy it(replace) directly without clearing previous config ?
If... (2 Replies)
I am having trouble working with SNMP module with perl. I am trying to get SNMP version of target system. I use following code to get it however it resturns error as "Argument "v6.0.1" isn't numeric in numeric lt (<) at ./chk_env_upd.pl line 447."
Get load table
my $resultat =... (1 Reply)
Hi,
I installed Ubnutu on my old laptop which does have COMM port, I want to connect to Cisco switch, I have Cisco cable connected to laptop.
On Windows, I usually bring up "Hyper Terminal" how do I do it here?
Please advice. Thanks. (7 Replies)
