mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
device - Add Procurve NAC support (#15794)
* Update to new HP-DOT1X-EXTENSIONS-MIB * Add NAC support to Procurve OS * Fix code style issues. * Fix more code style issues. * Fix code style issues. For real this time. * Update HP-DOT1X-EXTENSIONS-MIB dependencies. * use ::table(2) rather than reinventing the wheel. * Fix the code style issues.
This commit is contained in:
Ville Hukkamäki
GitHub
parent
cf99657c51
commit
0611f81b14
@ -25,11 +25,15 @@
|
||||
|
||||
namespace LibreNMS\OS;
|
||||
|
||||
use App\Models\PortsNac;
|
||||
use Illuminate\Support\Collection;
|
||||
use LibreNMS\Interfaces\Data\DataStorageInterface;
|
||||
use LibreNMS\Interfaces\Polling\NacPolling;
|
||||
use LibreNMS\Interfaces\Polling\OSPolling;
|
||||
use LibreNMS\RRD\RrdDefinition;
|
||||
use SnmpQuery;
|
||||
|
||||
class Procurve extends \LibreNMS\OS implements OSPolling
|
||||
class Procurve extends \LibreNMS\OS implements OSPolling, NacPolling
|
||||
{
|
||||
public function pollOS(DataStorageInterface $datastore): void
|
||||
{
|
||||
@ -48,4 +52,86 @@ class Procurve extends \LibreNMS\OS implements OSPolling
|
||||
$this->enableGraph('fdb_count');
|
||||
}
|
||||
}
|
||||
|
||||
public function pollNac()
|
||||
{
|
||||
$nac = new Collection();
|
||||
|
||||
$enabled = SnmpQuery::mibs(['IEEE8021-PAE-MIB'])->hideMib()->enumStrings()->get('dot1xPaeSystemAuthControl.0')->value();
|
||||
if ($enabled !== 'enabled') {
|
||||
return $nac;
|
||||
}
|
||||
|
||||
$rowSet = [];
|
||||
$ifIndex_map = $this->getDevice()->ports()->pluck('port_id', 'ifIndex');
|
||||
|
||||
$table = SnmpQuery::mibDir('hp')->mibs(['HP-DOT1X-EXTENSIONS-MIB'])->hideMib()->enumStrings()->walk('hpicfDot1xSMAuthConfigTable')->table(2);
|
||||
|
||||
foreach ($table as $ifIndex => $entry) {
|
||||
$nacEntry = array_pop($entry);
|
||||
|
||||
$rowSet[$ifIndex] = [
|
||||
'domain' => '',
|
||||
'ip_address' => '',
|
||||
'host_mode' => '',
|
||||
'authz_by' => '',
|
||||
'username' => '',
|
||||
];
|
||||
|
||||
$rowSet[$ifIndex]['authc_status'] = match ($nacEntry['hpicfDot1xSMAuthPaeState']) {
|
||||
null => '',
|
||||
'connecting' => 'authcFailed',
|
||||
'authenticated' => 'authcSuccess',
|
||||
default => $nacEntry['hpicfDot1xSMAuthPaeState']
|
||||
};
|
||||
|
||||
$rowSet[$ifIndex]['mac_address'] = $nacEntry['hpicfDot1xSMAuthMacAddr'];
|
||||
|
||||
$rowSet[$ifIndex]['timeout'] = $nacEntry['hpicfDot1xSMAuthSessionTimeout'];
|
||||
}
|
||||
|
||||
$table = SnmpQuery::mibs(['IEEE8021-PAE-MIB'])->hideMib()->enumStrings()->walk('dot1xAuthConfigTable')->table(2);
|
||||
foreach ($table as $ifIndex => $row) {
|
||||
if (! isset($rowSet[$ifIndex])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$rowSet[$ifIndex]['auth_id'] = $ifIndex;
|
||||
$rowSet[$ifIndex]['authz_status'] = match ($row['dot1xAuthAuthControlledPortStatus']) {
|
||||
'authorized' => 'authorizationSuccess',
|
||||
'unauthorized' => 'authorizationFailed',
|
||||
default => $row['dot1xAuthAuthControlledPortStatus']
|
||||
};
|
||||
|
||||
$rowSet[$ifIndex]['port_id'] = $ifIndex_map->get($ifIndex, 0);
|
||||
}
|
||||
|
||||
$table = SnmpQuery::mibs(['HP-DOT1X-EXTENSIONS-MIB'])->mibDir('hp')->hideMib()->enumStrings()->walk('hpicfDot1xAuthSessionStatsTable')->table(2);
|
||||
foreach ($table as $ifIndex => $entry) {
|
||||
if (! isset($rowSet[$ifIndex])) {
|
||||
continue;
|
||||
}
|
||||
$nacEntry = array_pop($entry);
|
||||
|
||||
$rowSet[$ifIndex]['vlan'] = $nacEntry['hpicfDot1xAuthSessionVid'];
|
||||
$rowSet[$ifIndex]['authz_by'] = $nacEntry['hpicfDot1xAuthSessionAuthenticMethod'];
|
||||
$rowSet[$ifIndex]['username'] = $nacEntry['hpicfDot1xAuthSessionUserName'];
|
||||
$rowSet[$ifIndex]['time_elapsed'] = $nacEntry['hpicfDot1xAuthSessionTime'] / 100;
|
||||
}
|
||||
|
||||
$table = SnmpQuery::mibs(['HP-DOT1X-EXTENSIONS-MIB'])->hideMib()->enumStrings()->walk('hpicfDot1xPaePortTable')->table(2);
|
||||
foreach ($table as $ifIndex => $nacEntry) {
|
||||
if (! isset($rowSet[$ifIndex])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$rowSet[$ifIndex]['method'] = ($nacEntry['hpicfDot1xPaePortAuth'] === 'true') ? 'dot1x' : '';
|
||||
}
|
||||
|
||||
foreach ($rowSet as $row) {
|
||||
$nac->put($row['mac_address'], new PortsNac($row));
|
||||
}
|
||||
|
||||
return $nac;
|
||||
}
|
||||
}
|
||||
|
||||
1298
mibs/hp/HP-AUTZ-MIB
1298
mibs/hp/HP-AUTZ-MIB
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,19 @@
|
||||
-- **MOD+***********************************************************************
|
||||
-- * Module: hpicfTC.mib
|
||||
-- *
|
||||
-- * Copyright (C) 2014-2017 Hewlett Packard Enterprise Development LP
|
||||
-- * All Rights Reserved.
|
||||
-- *
|
||||
-- * The contents of this software are proprietary and confidential
|
||||
-- * to the Hewlett Packard Enterprise Development LP. No part of this
|
||||
-- * program may be photocopied, reproduced, or translated into another
|
||||
-- * programming language without prior written consent of the
|
||||
-- * Hewlett Packard Enterprise Development LP.
|
||||
-- *
|
||||
-- * Purpose: Contains textual conventions.
|
||||
-- *
|
||||
-- **MOD-***********************************************************************/
|
||||
|
||||
HP-ICF-TC DEFINITIONS ::= BEGIN
|
||||
|
||||
IMPORTS
|
||||
@ -9,14 +25,62 @@ HP-ICF-TC DEFINITIONS ::= BEGIN
|
||||
FROM HP-ICF-OID;
|
||||
|
||||
hpicfTextualConventions MODULE-IDENTITY
|
||||
LAST-UPDATED "200402182305Z" -- February 18, 2004
|
||||
ORGANIZATION "Hewlett Packard Company,
|
||||
Network Infrastructure Solutions"
|
||||
LAST-UPDATED "201703220800Z" -- Mar 22, 2017
|
||||
ORGANIZATION "HP Networking"
|
||||
CONTACT-INFO "Hewlett-Packard Company
|
||||
8000 Foothills Blvd.
|
||||
Roseville, CA 95747"
|
||||
DESCRIPTION "This module contains common textual convention
|
||||
definitons used by various HP ICF MIB modules."
|
||||
definitions used by various HP ICF MIB modules."
|
||||
|
||||
REVISION "201703220800Z" -- Mar 22, 2017
|
||||
DESCRIPTION "Added 5GbE-T Type"
|
||||
|
||||
REVISION "201612070800Z" -- Dec 07 2016
|
||||
DESCRIPTION "Added qSFP-PLUS-BIDI Type"
|
||||
|
||||
REVISION "201501300800Z" -- Jan 30 2015
|
||||
DESCRIPTION "Added fortyGbE-GEN Type"
|
||||
|
||||
REVISION "201412090800Z" -- September 12, 2014
|
||||
DESCRIPTION "Added HpSwitchIfMauTypeListBits for 2.5/5G ports,
|
||||
HpSwitchIfMauAutoNegCapabilityBits,
|
||||
HpSwitchIfMauAutoNegCapAdvertisedBits,
|
||||
HpSwitchIfMauAutoNegCapReceivedBits for 2.5/5/40G ports."
|
||||
|
||||
REVISION "201409060800Z" -- June 9, 2014
|
||||
DESCRIPTION "Added qSFP-PLUS-SR4, qSFP-PLUS-LR4, qSFP-PLUS-DA1,
|
||||
qSFP-PLUS-eSR4, qSFP-PLUS-DA3, qSFP-PLUS-DA5,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-DA1,qSFP-PLUS-SPLIT-sFP-PLUS-DA3,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-DA5,sFP-PLUS-AO1, sFP-PLUS-AO2,
|
||||
sFP-PLUS-AO3, sFP-PLUS-AO5,sFP-PLUS-AO7, sFP-PLUS-AO10, sFP-PLUS-AO15,
|
||||
qSFP-PLUS-AO1,qSFP-PLUS-AO2, qSFP-PLUS-AO3, qSFP-PLUS-AO5,
|
||||
qSFP-PLUS-AO7, qSFP-PLUS-AO10,qSFP-PLUS-AO15,qSFP-PLUS-AO20,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO1, qSFP-PLUS-SPLIT-sFP-PLUS-AO2,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO3, qSFP-PLUS-SPLIT-sFP-PLUS-AO5,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO7, qSFP-PLUS-SPLIT-sFP-PLUS-AO10,
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO15 types"
|
||||
|
||||
REVISION "201402040800Z" -- April 2, 2014
|
||||
DESCRIPTION "Added fortyGbE-GEN type"
|
||||
|
||||
REVISION "201202220800Z" -- Feb 22, 2012
|
||||
DESCRIPTION "Added HpInetCidrRouteState type"
|
||||
|
||||
REVISION "201202170000Z" -- February 17, 2012
|
||||
DESCRIPTION "Added tenGigabitEthernetESP."
|
||||
|
||||
REVISION "201010120800Z" -- October 12, 2010
|
||||
DESCRIPTION "Added VidList type"
|
||||
|
||||
REVISION "200902101800Z" -- February 10, 2009
|
||||
DESCRIPTION "Added 10GbE-K for 802.3ap (clauses 69-74)"
|
||||
|
||||
REVISION "200808190905Z" -- August 19, 2008
|
||||
DESCRIPTION "Added XFP-SFP+ DAC types for HpSwitchPortType."
|
||||
|
||||
REVISION "200802041536Z" -- February 04, 2008
|
||||
DESCRIPTION "Added multiple transceiver types."
|
||||
|
||||
REVISION "200402182305Z" -- February 18, 2004
|
||||
DESCRIPTION "Added gigabitEthernetESP and tenGigabitEthernetCX
|
||||
@ -58,17 +122,238 @@ HP-ICF-TC DEFINITIONS ::= BEGIN
|
||||
fastEther(62),
|
||||
fastEtherFX(69),
|
||||
fastEtherFX-sfp(70),
|
||||
tenGSFP-SR (112),
|
||||
tenGSFP-LR (113),
|
||||
tenGSFP-ER (114),
|
||||
tenGSFP-LRM (115),
|
||||
tenGSFP-LX4 (116),
|
||||
gigabitEthernetSX (117),
|
||||
gigabitEthernetLX (118),
|
||||
gigabitEthernetT (119),
|
||||
gigabitEthernetStk (120),
|
||||
gigabitEthernetLH (121),
|
||||
gigabitEthernetLX (118),
|
||||
gigabitEthernetT (119),
|
||||
gigabitEthernetStk (120),
|
||||
gigabitEthernetLH (121),
|
||||
tenGbE-CX4 (122),
|
||||
gigabitEthernetESP (123),
|
||||
tenGbE-SR (124),
|
||||
tenGbE-ER (125),
|
||||
tenGbE-LR (126),
|
||||
gigabitEthernetT-sfp (127)
|
||||
gigabitEthernetT-sfp (127),
|
||||
fastEtherGEN (128),
|
||||
gigabitEthernetGEN (129),
|
||||
tenGbE-GEN (130),
|
||||
fastEtherBX-D (131),
|
||||
fastEtherBX-U (132),
|
||||
gigabitEthernetBX-D (133),
|
||||
gigabitEthernetBX-U (134),
|
||||
tenGbE-LRM (135),
|
||||
sFP-PLUS-SR (136),
|
||||
sFP-PLUS-LR (137),
|
||||
sFP-PLUS-LRM (138),
|
||||
sFP-PLUS-DAC (139),
|
||||
sFP-PLUS-DA1 (140),
|
||||
sFP-PLUS-DA2 (141),
|
||||
sFP-PLUS-DA3 (142),
|
||||
sFP-PLUS-DA5 (143),
|
||||
sFP-PLUS-DA7 (144),
|
||||
sFP-PLUS-DA10 (145),
|
||||
sFP-PLUS-DA15 (146),
|
||||
sFP-PLUS-DA20 (147),
|
||||
tenGbE-T (148),
|
||||
tenGbE-TSH (149),
|
||||
tenGbE-TLH (150),
|
||||
tenGbE-STK (151),
|
||||
xFP-SFP-PLUS-DAC (152),
|
||||
xFP-SFP-PLUS-DA1 (153),
|
||||
xFP-SFP-PLUS-DA3 (154),
|
||||
xFP-SFP-PLUS-DA5 (155),
|
||||
xFP-SFP-PLUS-DA7 (156),
|
||||
xFP-SFP-PLUS-DA10 (157),
|
||||
tenGbE-K (158),
|
||||
sFP-PLUS-ER (160),
|
||||
sFP-CWDM1470 (161),
|
||||
sFP-CWDM1490 (162),
|
||||
sFP-CWDM1510 (163),
|
||||
sFP-CWDM1530 (164),
|
||||
sFP-CWDM1550 (165),
|
||||
sFP-CWDM1570 (166),
|
||||
sFP-CWDM1590 (167),
|
||||
sFP-CWDM1610 (168),
|
||||
tenGigabitEthernetESP (169),
|
||||
fourGbE-GEN (170),
|
||||
fortyGbE-GEN(171),
|
||||
qSFP-PLUS-SR4(172),
|
||||
qSFP-PLUS-eSR4(173),
|
||||
qSFP-PLUS-LR4(174),
|
||||
qSFP-PLUS-DA1(175),
|
||||
qSFP-PLUS-DA3(176),
|
||||
qSFP-PLUS-DA5(177),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-DA1(178),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-DA3(179),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-DA5(180),
|
||||
sFP-PLUS-AO1(181),
|
||||
sFP-PLUS-AO2(182),
|
||||
sFP-PLUS-AO3(183),
|
||||
sFP-PLUS-AO5(184),
|
||||
sFP-PLUS-AO7(185),
|
||||
sFP-PLUS-AO10(186),
|
||||
sFP-PLUS-AO15(187),
|
||||
qSFP-PLUS-AO1(188),
|
||||
qSFP-PLUS-AO2(189),
|
||||
qSFP-PLUS-AO3(190),
|
||||
qSFP-PLUS-AO5(191),
|
||||
qSFP-PLUS-AO7(192),
|
||||
qSFP-PLUS-AO10(193),
|
||||
qSFP-PLUS-AO15(194),
|
||||
qSFP-PLUS-AO20(195),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO1(196),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO2(197),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO3(198),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO5(199),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO7(200),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO10(201),
|
||||
qSFP-PLUS-SPLIT-sFP-PLUS-AO15(202),
|
||||
qSFP-PLUS-BIDI(203),
|
||||
fiveGbE-T(204)
|
||||
}
|
||||
|
||||
VidList ::= TEXTUAL-CONVENTION
|
||||
DISPLAY-HINT "512x"
|
||||
STATUS current
|
||||
DESCRIPTION
|
||||
"Each octet within this value specifies a set of eight
|
||||
VlanIndex (VID), with the first octet specifying VIDs 1
|
||||
through 8, the second octet specifying VIDs 9 through 16,
|
||||
etc. Within each octet, the most significant bit represents
|
||||
the lowest numbered VID, and the least significant bit
|
||||
represents the highest numbered VID. Thus, each VID
|
||||
is represented by a single bit within the value of this
|
||||
object. If that bit has a value of 1 then that VID is
|
||||
included in the set of VIDs; the VID is not included if its
|
||||
bit has a value of 0. This list represents the entire
|
||||
range of VlanIndex values defined in the scope of IEEE
|
||||
802.1Q."
|
||||
SYNTAX OCTET STRING (SIZE (512))
|
||||
|
||||
HpInetCidrRouteState ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "used for the bitmap for getting the state of the
|
||||
route."
|
||||
SYNTAX BITS {
|
||||
remote(0),
|
||||
notInstall(1),
|
||||
noAdvise(2),
|
||||
interior(3),
|
||||
exterior(4),
|
||||
delete(5),
|
||||
hidden(6),
|
||||
initial(7),
|
||||
release(8),
|
||||
unused(9),
|
||||
unused2(10),
|
||||
retain(11),
|
||||
unused3(12),
|
||||
gateway(13),
|
||||
reject(14),
|
||||
static(15),
|
||||
null(16),
|
||||
ifSubnetMask(17),
|
||||
unused4(18),
|
||||
suppressed(19),
|
||||
eligibleUnicast(21),
|
||||
eligibleMulticast(22),
|
||||
activeUnicast(23),
|
||||
activeMulticast(24),
|
||||
pendingUnicast(25),
|
||||
pendingMulticast(26),
|
||||
inferiorMed(27),
|
||||
split(28),
|
||||
aggr(29),
|
||||
bgpAggr(30),
|
||||
recurse(31)
|
||||
}
|
||||
|
||||
|
||||
StpPortRole ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "Identifies the role played by the port in a given spanning
|
||||
tree.
|
||||
|
||||
|
||||
- disabled(1)
|
||||
This port has no role in the spanning-tree
|
||||
topology.
|
||||
|
||||
- root(2)
|
||||
This port provides the minimum cost path
|
||||
from this bridge to the Root Bridge.
|
||||
|
||||
- designated(3)
|
||||
This port provides the least cost path from
|
||||
the attached LAN through this bridge to the
|
||||
root bridge.
|
||||
|
||||
- alternate(4)
|
||||
This port provides connectivity to the
|
||||
root bridge if the current root port failed.
|
||||
|
||||
- backup(5)
|
||||
This port provides connectivity from the
|
||||
attached LAN to the root bridge if the
|
||||
current designated port failed.
|
||||
|
||||
- boundary(6)
|
||||
This role is only applicable for MSTP.
|
||||
This port provides connectivity from the MSTP Region to
|
||||
the CIST Root that lies outside the Region."
|
||||
SYNTAX INTEGER{
|
||||
disabled(1),
|
||||
root(2),
|
||||
designated(3),
|
||||
alternate(4),
|
||||
backup(5),
|
||||
boundary(6)
|
||||
}
|
||||
|
||||
HpSwitchIfMauTypeListBits ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "MauType for 2.5G, 5G and 40G port speed."
|
||||
SYNTAX BITS{
|
||||
b2500baseTFD(79),
|
||||
b5000baseTFD(80),
|
||||
b40GbaseeSR4(81)
|
||||
}
|
||||
|
||||
HpSwitchIfMauAutoNegCapabilityBits ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "AutoNegCapBits for 2.5G, 5G and 40G port speeds."
|
||||
SYNTAX BITS{
|
||||
b40GbaseSR4(23),
|
||||
b40GbaseLR4(24),
|
||||
b2500baseTFD(25),
|
||||
b5000baseTFD(26),
|
||||
b40GbaseeSR4(27)
|
||||
}
|
||||
|
||||
HpSwitchIfMauAutoNegCapAdvertisedBits ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "AutoNegCapBits for 2.5G, 5G and 40G port speeds."
|
||||
SYNTAX BITS{
|
||||
b40GbaseSR4(23),
|
||||
b40GbaseLR4(24),
|
||||
b2500baseTFD(25),
|
||||
b5000baseTFD(26),
|
||||
b40GbaseeSR4(27)
|
||||
}
|
||||
|
||||
HpSwitchIfMauAutoNegCapReceivedBits ::= TEXTUAL-CONVENTION
|
||||
STATUS current
|
||||
DESCRIPTION "AutoNegCapBits for 2.5G, 5G and 40G port speeds."
|
||||
SYNTAX BITS{
|
||||
b40GbaseSR4(23),
|
||||
b40GbaseLR4(24),
|
||||
b2500baseTFD(25),
|
||||
b5000baseTFD(26),
|
||||
b40GbaseeSR4(27)
|
||||
}
|
||||
|
||||
END
|
||||
|
||||
12454
tests/data/procurve_nac.json
Normal file
12454
tests/data/procurve_nac.json
Normal file
File diff suppressed because it is too large
Load Diff
1254
tests/snmpsim/procurve_nac.snmprec
Normal file
1254
tests/snmpsim/procurve_nac.snmprec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user