2008年4月27日 星期日

如何使用SNMP對Switch的port跳VLAN(How to change vlan on switch port using SNMP)

目前這篇文章適用於D-LinkSwitch (Des-3536 & Des 3226 & Des-3550)

假設我們有兩個Vlan,分別為VALN 1以及VLAN2,而這兩個VlanVID分別為12

則在Switch中,下列的OID則代表著目前Vlan的狀態

OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.1

該值表示每一個port目前在VID 1Vlan中的member狀態。

OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.2

該值表示每一個port目前在VID 2Vlan中的member狀態。

OID: .1.3.6.1.2.1.17.7.1.4.3.1.4.1

該值表示每一個port目前在VID 1Vlan中的tag狀態。

OID: .1.3.6.1.2.1.17.7.1.4.3.1.4.2

該值表示每一個port目前在VID 2Vlan中的tag狀態。


上列OID中最後一個數值為VID的值,例如VID7,則OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.7 的值為Port在該VID中的member狀態。

member狀態的OID中,每一個port會以一個bit來表示,若是屬於該VIDmember則該port所屬的bit1,反之則為0

假設一個24 portsswitch,則會有24bits,由左而右代表port1~port24

如果port 1port 5不是該VIDmember則其他ports皆屬於該VIDmemberbits顯示為:

0111 0111 1111 1111 1111 1111

SNMP中會以16進未來存儲該值,所以上列bits轉換為16進位則為:

77 FF FF

若在PHP中使用snmpget取得該OIDValue則如下:

Hex-STRING: 77 FF FF

同理,在tag狀態的OID中,每一個port會以一個bit來表示,若是屬於該VIDtag狀態為untag則該port所屬的bit1,反之則為0

只要透過設定OID的值,就可以設定port所屬的Vlan

使用SNMPPort的程序如下:

Step 1.先設定原本所屬的VIDtag狀態設定為tag

Step 2.將原本所屬的VIDmember狀態變更為nonmember

Step 3.將要跳去的VIDmember狀態變更為member

Step 4.將要跳去的VIDtag狀態設定為untag

Example:假設一個24 portsswitch所有port目前皆屬於VID1Vlan,且所有port皆為untag,我們要將port 10設定為VID2Vlan

step1: set .1.3.6.1.2.1.17.7.1.4.3.1.4.1 to FF BF FF

step2: set .1.3.6.1.2.1.17.7.1.4.3.1.2.1 to FF BF FF

step3: set .1.3.6.1.2.1.17.7.1.4.3.1.2.2 to 00 40 00

step4: set .1.3.6.1.2.1.17.7.1.4.3.1.4.2 to 00 40 00

---------------------為了要邁向國際化,所以我寫了英文版,如果英文有錯大家記得糾正我---------------------

This article was written for D-Link switch (Des-3536 & Des 3226 & Des-3550).

If we have two VLANs one is VLAN 1 as VID 1 and the other is VLAN2 as VID 2.

Details of the MIB Variables—Including Object Identifiers (OIDs)

OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.1 -- This OID value shows which ports are assigned to VLAN 1(VID 1).

OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.2 -- This OID value shows which ports are assigned to VLAN 2(VID 2).

OID: .1.3.6.1.2.1.17.7.1.4.3.1.4.1 -- This OID value shows which ports are untagged for VLAN 1(VID 1).

OID: .1.3.6.1.2.1.17.7.1.4.3.1.4.2 -- This OID value shows which ports are untagged for VLAN 2(VID 2).

*** The last number of OID is the value of VID***

The value of these OID is a hex- string. For example if you use "snmpget" on PHP to get value of the "OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.1" , you will get the value as below.

Hex-STRING: 77 FF FF

Value Description :
"Each octet within this value specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the switch is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports(or untagged); the port is not included if its bit has a value of '0'."

For example if the value of the "OID: .1.3.6.1.2.1.17.7.1.4.3.1.2.1" is "77 FF FF"(bits: 0111 0111 1111 1111 1111 1111) then only port 1 and port 5 are not assigned to VLAN 1(VID 1).

You can move the ports from the one VLAN to the other VLAN by the OID value.

The procedure for move the ports from the one VLAN to the other VLAN :

Step 1. Set the old VLAN from untagged to tag.

Step 2. Set the port not assigned to old VLAN.

Step 3. Assign port to new VLAN.

Step 4. Set new VLAN to untagged.

For example: We have 24 ports switch and all the ports are assigned to VLAN1(VID 1), we want to move port 10 to VLAN2(VID 2)

step1: set .1.3.6.1.2.1.17.7.1.4.3.1.4.1 to FF BF FF

step2: set .1.3.6.1.2.1.17.7.1.4.3.1.2.1 to FF BF FF

step3: set .1.3.6.1.2.1.17.7.1.4.3.1.2.2 to 00 40 00

step4: set .1.3.6.1.2.1.17.7.1.4.3.1.4.2 to 00 40 00