0001284: SNMPv3 with Cisco Catalyst 2950 - PacketFence

# # old_revision [305b41a31ebda0681f1ab72b3569fcafeb2b59b1] # # patch "pf/lib/pf/SNMP/Cisco.pm" # from [03d541fe1f4e636a44609dc379f8909e733c4987] # to [90965eb0f8adc215123c9244f8e7c3b2895d07f7] # ============================================================ --- pf/lib/pf/SNMP/Cisco.pm 03d541fe1f4e636a44609dc379f8909e733c4987 +++ pf/lib/pf/SNMP/Cisco.pm 90965eb0f8adc215123c9244f8e7c3b2895d07f7 @@ -202,6 +202,8 @@ sub parseTrap { ["$OID_dot1dBasePortIfIndex.$dot1dBasePort"], -contextname => "vlan_$currentVlan" ); + # FIXME: calling "private" method to unset context. See #1284 or upstream rt.cpan.org:72075. + $this->{_sessionRead}->{_context_name} = undef; } } else { my ( $sessionReadVlan, $sessionReadVlanError ) @@ -675,6 +677,8 @@ sub getMacBridgePortHash { -baseoid => $OID_dot1dTpFdbPort, -contextname => "vlan_$vlan" ); + # FIXME: calling "private" method to unset context. See #1284 or upstream rt.cpan.org:72075. + $this->{_sessionRead}->{_context_name} = undef; } else { my ( $sessionReadVlan, $sessionReadVlanError ) = Net::SNMP->session( -hostname => $this->{_ip}, @@ -767,6 +771,8 @@ sub getIfIndexForThisMac { return $result->{$oid}; } } + # FIXME: calling "private" method to unset context. See #1284 or upstream rt.cpan.org:72075. + $this->{_sessionRead}->{_context_name} = undef; } else { @@ -846,6 +852,8 @@ sub isMacInAddressTableAtIfIndex { return 1; } } + # FIXME: calling "private" method to unset context. See #1284 or upstream rt.cpan.org:72075. + $this->{_sessionRead}->{_context_name} = undef; } else { @@ -1239,6 +1247,8 @@ sub getAllMacs { -baseoid => $OID_dot1dTpFdbPort, -contextname => "vlan_$vlan" ); + # FIXME: calling "private" method to unset context. See #1284 or upstream rt.cpan.org:72075. + $this->{_sessionRead}->{_context_name} = undef; } else { my ( $sessionReadVlan, $sessionReadVlanError ) = Net::SNMP->session(

Notes
(0002298) obilodeau (reporter) 2011-09-27 12:06	committed more documentation regarding the SNMPv3 issues in the 2950 module at revno: eb70eb365b97300d33b0019692f9a2984b676349

(0002375) obilodeau (reporter) 2011-10-24 10:49	Ok, found out more about this issue. Turns out that if you add a v3 context to a query, subsequent queries will fail. Not sure if this affect specifically only the 2950 or all of our v3. Going straight to getVlan works: # perl -d sbin/pfsetvlan $switch = $switchFactory->instantiate('10.0.0.15'); $x = $switch->getVlan(15); x \$x 0 SCALAR(0xaccf2a0) -> 103 Calling a context-setting method first will fail: # perl -d sbin/pfsetvlan $switch = $switchFactory->instantiate('10.0.0.15'); %y = $switch->getMacBridgePortHash(); $x = $switch->getVlan(15); x \$x 0 SCALAR(0xaccf2a0) -> undef To fix I want to read a bit more about Net::SNMP v3 context's and I've got the feeling that i'll need to disable them after using them.

(0002409) obilodeau (reporter) 2011-10-31 15:28	Turns out "The contextName stays with the object until it is changed.". So I want to unset them after doing a query with a context. Turns out there's no easy way to do so in Net::SNMP so I'll poke directly into a 'private method' to do so: ->_context_name(...) Filed an upstream ticket to get a supported hook: Bug #72075 for Net-SNMP: Method to change the contextName https://rt.cpan.org/Public/Bug/Display.html?id=72075 [^]

(0002410) obilodeau (reporter) 2011-10-31 16:00	private method didn't work, poking at the internal hash with ->{_context_name} did work though. I'll do some more testing tomorrow then update the ticket.

(0002412) obilodeau (reporter) 2011-11-01 10:32	Deleted old patch added new patch. Tests in the labs are positive.

(0002413) obilodeau (reporter) 2011-11-01 10:39	Fix committed into 3_0 branch will be part of our next version.

(0002458) obilodeau (reporter) 2011-11-21 12:04	Fixed released in 3.0.3 today.

Issue History
Date Modified	Username	Field	Change
2011-09-27 11:47	obilodeau	New Issue
2011-09-27 11:47	obilodeau	File Added: cisco-2950-snmpv3-port-security-setVlan-fix.patch
2011-09-27 11:48	obilodeau	Status	new => confirmed
2011-09-27 12:06	obilodeau	Note Added: 0002298
2011-10-24 10:49	obilodeau	Note Added: 0002375
2011-10-31 15:28	obilodeau	Note Added: 0002409
2011-10-31 15:28	obilodeau	Status	confirmed => assigned
2011-10-31 15:28	obilodeau	Assigned To	=> obilodeau
2011-10-31 16:00	obilodeau	Note Added: 0002410
2011-11-01 10:29	obilodeau	Description Updated
2011-11-01 10:31	obilodeau	File Deleted: cisco-2950-snmpv3-port-security-setVlan-fix.patch
2011-11-01 10:31	obilodeau	File Added: Cisco-SNMPv3-port-security-fixes.patch
2011-11-01 10:32	obilodeau	Note Added: 0002412
2011-11-01 10:39	obilodeau	mtn revision	=> f546d64318f6e8f5d441dd895a1e3460c507d748
2011-11-01 10:39	obilodeau	Note Added: 0002413
2011-11-01 10:39	obilodeau	Status	assigned => resolved
2011-11-01 10:39	obilodeau	Fixed in Version	=> +1
2011-11-01 10:39	obilodeau	Resolution	open => fixed
2011-11-21 12:04	obilodeau	Note Added: 0002458
2011-11-21 12:04	obilodeau	Target Version	+2 => 3.0.3
2011-11-21 12:05	obilodeau	Status	resolved => closed
2011-11-21 12:05	obilodeau	Fixed in Version	+1 => 3.0.3

Relationships