<<

NAME

pf::Switch::MockedSwitch - Fake switch module designed to document our interfaces and for tests

SYNOPSIS

pf::Switch::MockedSwitch is first an exercice to be able to see what our pfsetvlan daemon does under stress. As it was implemented it became obvious that it would be useful to help us understand our own switch interfaces too.

This modules extends pf::Switch.

STATUS

It's not complete yet

TODO

* all methods here should have at least one logger->debug statement and a realistic sleep based on what it does

* Full POD for pf::Switch

* Add new subs from Cisco and friends that were added in trunk

* Create a pf::MockedWireless

BUGS AND LIMITATIONS

CONFIGURATION AND ENVIRONMENT

conf/switches.conf

SUBROUTINES

Warning: The list of subroutine is incomplete

connectRead - establish read connection to switch
disconnectRead - closing read connection to switch
connectWriteTo

Establishes an SNMP Write connection to a given IP and installs the session object into this object's sessionKey. It performs a write test to make sure that the write actually works.

disconnectWriteTo

Closes an SNMP Write connection. Requires sessionKey stored in object (as when calling connectWriteTo).

_setVlanByOnlyModifyingPvid
getIfOperStatus - obtain the ifOperStatus of the specified switch port
getAlias - get the port description
getSwitchLocation - get the switch location string
setAlias - set the port description
getSysName - return the administratively-assigned name of the switch. By convention, this is the switch's fully-qualified domain name
getIfDesc - return ifDesc given ifIndex
getIfName - return ifName given ifIndex
getIfNameIfIndexHash - return ifName => ifIndex hash
setAdminStatus - shutdown or enable port
bouncePort

Performs a shut / no-shut on the port. Usually used to force the operating system to do a new DHCP Request after a VLAN change.

Just performing the wait, no setAdminStatus

getSysUptime - returns the sysUpTime
getIfType - return the ifType
getDot1dBasePortForThisIfIndex - returns the dot1dBasePort for a given ifIndex
setTrunkPortNativeVlan - sets PVID on a trunk port
getMacBridgePortHash

Cisco is very fancy about fetching it's VLAN information. In SNMPv3 the context is used to specify a VLAN and in SNMPv1/2c an @<vlan> is appended to the read-only community name when reading.

setModeTrunk - sets a port as mode access or mode trunk
clearMacAddressTable

Warning: this method should _never_ be called in a thread. Net::Appliance::Session is not thread safe:

http://www.cpanforum.com/threads/6909/

enablePortSecurityByIfIndex - configure the port with port-security settings

With no VoIP switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-adress xxxx.xxxx.xxxx

With VoIP switchport port-security maximum 2 switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-adress xxxx.xxxx.xxxx

disablePortSecurityByIfIndex - remove all the port-security settings on a port
setPortSecurityEnableByIfIndex - enable/disable port-security on a port
setPortSecurityMaxSecureMacAddrByIfIndex

Sets the global (data + voice) maximum number of MAC addresses for port-security on a port

setPortSecurityMaxSecureMacAddrVlanByIfIndex

Sets the maximum number of MAC addresses on the data vlan for port-security on a port

setPortSecurityViolationActionByIfIndex

Tells the switch what to do when the number of MAC addresses on the port has exceeded the maximum: shut down the port, send a trap or only allow traffic from the secure port and drop packets from other MAC addresses

setTaggedVlan

Allows all the tagged Vlans on a multi-Vlan port. Used for floating network devices only

removeAllTaggedVlan

Removes all the tagged Vlans on a multi-Vlan port. Used for floating network devices only

enablePortConfigAsTrunk - sets port as multi-Vlan port
disablePortConfigAsTrunk - sets port as non multi-Vlan port
dot1xPortReauthenticate

Forces 802.1x re-authentication of a given ifIndex

ifIndex - ifIndex to force re-authentication on

_dot1xPortReauthenticate

Actual implementation. Allows callers to refer to this implementation even though someone along the way override the above call.

handleReAssignVlanTrapForWiredMacAuth
getVoipVSA

Get Voice over IP RADIUS Vendor Specific Attribute (VSA).

deauthTechniques

Return the reference to the deauth technique or the default deauth technique.

supporteddeauthTechniques

return Default Deauthentication Method

deauthenticateMacDefault

return Default Deauthentication Default technique

GetIfIndexByNasPortId

return IfIndexByNasPortId

extractVLAN

Extract VLAN from the radius attributes.

wiredeauthTechniques

Return the reference to the deauth technique or the default deauth technique.

parseRequest

Takes FreeRADIUS' RAD_REQUEST hash and process it to return NAS Port type (Ethernet, Wireless, etc.) Network Device IP EAP MAC NAS-Port (port) User-Name

parseUrl

Extract all the param from the url.

AUTHOR

Inverse inc. <info@inverse.ca>

COPYRIGHT

Copyright (C) 2005-2015 Inverse inc.

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

<<