Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a few columns to the dot1x feature #122

Open
JorisFRST opened this issue Dec 24, 2019 · 12 comments
Open

Add a few columns to the dot1x feature #122

JorisFRST opened this issue Dec 24, 2019 · 12 comments
Labels
enhancement

Comments

@JorisFRST
Copy link
Contributor

New feature :

Add a column "Assigned VLAN" from : 1.3.6.1.4.1.9.9.656.1.4.1.1.22 (cafSessionVlanGroupName)
Add a column "Authorized by" from : .1.3.6.1.4.1.9.9.656.1.4.1.1.12 (cafSessionAuthorizedBy)

In our implementation we mostly use 802.1x to set the vlan or diver to a guest vlan.
Having this in the mac track view would be a good addition.
@jpobeda
Copy link
Contributor

jpobeda commented Jan 5, 2020

@JorisFRST , just out of curiosity, what do you get when walking those OIDs?

I also assign VLANs from Radius and I only get either an empty STRING or Authentication Server.

I've only contributed the dot1x/Snooping bit of this plugin, and I barely remember how it works but you should be able to see VLAN Id/Names values under the "MAC Address" tab.

Since the data should be already collected It might be a matter of linking the Device/PortName on dot1x tab to Device/Port Number on MAC Address tab? Maybe?

It was a bit complicated to get it do work since most of the MIBs were half implemented by Cisco and not very consistent across their own platforms. So I ended up grabbing OIDs from different MIBs that would work across all or most of the platforms. I believe the most complete one was the one used by ISE.......couldn't test it tho

@JorisFRST
Copy link
Contributor Author

On a stack of 3850's I get this response for the Vlan
.1.3.6.1.4.1.9.9.656.1.4.1.1.22
SNMPv2-SMI::enterprises.9.9.656.1.4.1.1.22.8.48.65.54.53.53.68.50.65.48.48.48.50.68.50.53.65.55.57.67.51.65.66.48.54 = STRING: "General_Access"

Which is the correct assigned vlan name in radius for our environment.

For the AuthorizedBy I get "Authentication Server."
I think this is a field that would revert back to local or something similar. Have to do some more tests.

On the 3850 also IP Information is "00 00 00 00" for every device (in the snmp walk)
And the function never links the portname in the dot1x table. Not sure if this was already implemented.

I can test against ISE and give you an output from snmpwalk ?

@TheWitness
Copy link
Member

Pull request?

@jdcoats
Copy link

jdcoats commented Oct 20, 2020

Add the assigned ACL too! @JorisFRST & @jpobeda to a fresh pull to test out todays changes. Thanks @TheWitness!

@JorisFRST
Copy link
Contributor Author

Todays changes fixed my display in the dot1x tab.
Only one typo 'Authorization Succcess' instead of 'Authorization Success'

@JorisFRST
Copy link
Contributor Author

Also Port Name column is properly propagated now.

@TheWitness
Copy link
Member 

ALTER TABLE mac_track_dot1x MODIFY COLUMN port_name int(10) unsigned NOT NULL default '0';

Likely change it to "ifIndex" at some point.

@jdcoats
Copy link

jdcoats commented Oct 20, 2020

@TheWitness port_number not port_name?
ALTER TABLE mac_track_dot1x MODIFY COLUMN port_number int(10) unsigned NOT NULL default '0';

@TheWitness
Copy link
Member

Yea, port_name, which should be ifIndex, that will happen too. (at some point).

@jdcoats
Copy link

jdcoats commented Oct 20, 2020

okay, I have no column port_name.

MariaDB [cacti]> show columns from mac_track_dot1x;
+--------------+------------------+------+-----+---------------------+-------+
| Field        | Type             | Null | Key | Default             | Extra |
+--------------+------------------+------+-----+---------------------+-------+
| site_id      | int(10) unsigned | NO   | PRI | 0                   |       |
| device_id    | int(10) unsigned | NO   | MUL | 0                   |       |
| hostname     | varchar(40)      | NO   | MUL |                     |       |
| device_name  | varchar(100)     | NO   |     |                     |       |
| username     | varchar(100)     | NO   | MUL |                     |       |
| domain       | int(10) unsigned | NO   |     | 0                   |       |
| status       | int(10) unsigned | NO   |     | 0                   |       |
| port_number  | int(10) unsigned | NO   | MUL | 0                   |       |
| mac_address  | varchar(20)      | NO   | PRI |                     |       |
| ip_address   | varchar(20)      | NO   | PRI |                     |       |
| dns_hostname | varchar(200)     | YES  |     |                     |       |
| scan_date    | timestamp        | NO   | PRI | 0000-00-00 00:00:00 |       |
+--------------+------------------+------+-----+---------------------+-------+
12 rows in set (0.001 sec)

@jdcoats
Copy link

jdcoats commented Oct 20, 2020

I don't even see a create in mactrack.sql for mac_track_dot1x, Did someone pull it out and I just happen to have it left over from a previous version?

@TheWitness
Copy link
Member

port_number.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TheWitness @jpobeda @JorisFRST @jdcoats