NeDi Community

NeDi Software Specific => Discovery => Topic started by: MacBest on April 07, 2009, 09:34:18 AM

Title: Anyone got any Cisco ASA to work with nedi
Post by: MacBest on April 07, 2009, 09:34:18 AM
Hi there,

I got a few ASAs and wanted the get the arp table out of this boxes.
It is not posible via snmp so the only way I see is via cli.
In 2007 there was a little discussion about it but no solution yet

The nedi cli stuff will not work on my ASAs.
I've defined them as
OS      IOS-fw
but I only get a red bulb in the cli line of Devices-Status.php
and port 23 is displayed even nedi  should connect via ssh not telnet.
(or do I have to configure something special to get ssh to work)

This is the way if I do it manually:

Code: [Select]
jbmpb:~ jb$ ssh <username>@asawzosued01
vpnbvrou@asawzosued01's password: <enablepassword>
Type help or '?' for a list of available commands.
asawzosued01> en
Password: <enablepassword>
asawzosued01# sh arp
        outside xxx.xxx.xxx.xxx 0012.ef20.aa03
        inside 192.168.74.203 0021.5acb.d042
        inside 192.168.74.200 0022.640c.0842
 


I also tried to put the following line into /opt/local/share/nedi/inc/libcli-netssh.pl
Code: [Select]
$cmd{'IOS-fw'}{'macd'} = 'sh arp';

But until ssh won't work this also will not work I think ;-)

So any help welcome

Greetings from Germany

J?rgen
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rufer on April 14, 2009, 10:53:44 AM
This is not very easy, because "sh arp" outputs names instead of IP addresses if you defined them.

The newest FWSM release finally permits to read ARP table by SNMP. But of course not with standard OIDs so it's currently not useable.

Greetings
Rufer
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rickli on April 14, 2009, 07:23:24 PM
I was thinking about an override option for standard sysdescr, to cather for exotics devices (like printers). This would go along an arp table override. Anyone got a spare ASA? Or can someone share the OID (hoping it's arranged like net2media)?
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rufer on April 15, 2009, 11:55:35 AM
This has not yet been implemented for the ASA, just for FWSM :(
FWSM is a bit difficult because you need a Catalyst 6500 chassis.

Greetings
Rufer
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: MacBest on April 15, 2009, 02:17:27 PM
Oh I see that there are others people interested in getting infos out of the asa into nedi :)

The problem with the asa displaying names instead of IPs with a "sh arp" would be no problem for me because I only name devices in the asa config and not simple clients. So I could get a lot of information out of the box anyway.

Wouldn't it be possible to allow an external script to check the asa arp tables (e.g. via expect) and get the values back into nedi. If this will work we can put it in the nedi contib folder so everybody can use it.

Thanks in advance for any help

Juergen
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: tristanbob on June 03, 2010, 06:59:00 PM
This guy wrote a function to pull the ARP table out of FWSM using SNMP.  He created it for Cacti, but perhaps this can be used in Nedi?  We just moved most of our datacenter to our FWSM, so we really miss seeing the ARP table!

http://forums.cacti.net/about32956.html&highlight=fwsm

Thanks,

Tristan

This is not very easy, because "sh arp" outputs names instead of IP addresses if you defined them.

The newest FWSM release finally permits to read ARP table by SNMP. But of course not with standard OIDs so it's currently not useable.

Greetings
Rufer
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: shadowcaster on June 09, 2010, 09:36:22 AM
I was submitting a patch for nedi to get both ipnettomedia and ipnettophysical tables aeons ago, for nedi 1.0, but it didn't make it to the code.
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rickli on June 10, 2010, 10:05:50 PM
Oi, I remember vaguely  :-[ Can you mail it to me? Must have gotten lost indeed...
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rufer on August 24, 2010, 09:40:16 AM
Here is a FWSM (4.0 up) patch for nedi 1.0 libsnmp.pl

Code: [Select]
diff inc/libsnmp.pl.bak inc/libsnmp.pl
1198a1199
>       my $NmifO_fwsm  = "1.3.6.1.2.1.4.35.1.4";
1207c1208,1217
<       $r   = $session->get_table($NmifO);
---
>       if ($main::dev{$_[0]}{os} eq "IOS-fv"){
>               #fwsm arp table
>               $r   = $session->get_table($NmifO_fwsm);
>               #fwsm arp table has ip at index 13-16
>               $ip1=13; $ip2=14; $ip3=15; $ip4=16;
>
>       }else{
>               $r   = $session->get_table($NmifO);
>               $ip1=11; $ip2=12; $ip3=13; $ip4=14;
>       }
1217,1218c1227,1228
<                               $misc::arp{$mc} = "$i[11].$i[12].$i[13].$i[14]";
<                               $misc::rarp{"$i[11].$i[12].$i[13].$i[14]"} = $mc;               # will be needed to identify OUI uplinks;
---
>                               $misc::arp{$mc} = "$i[$ip1].$i[$ip2].$i[$ip3].$i[$ip4]";
>                               $misc::rarp{"$i[$ip1].$i[$ip2].$i[$ip3].$i[$ip4]"} = $mc;               # will be needed to identify OUI uplinks;

Explication: The ARP table OID for FWSM is 1.3.6.1.2.1.4.35.1.4 and the IP address is at index 13-16

Greetings
Rufer
Title: Re: Anyone got any Cisco ASA to work with nedi
Post by: rickli on August 25, 2010, 08:58:36 PM
Merci, will try to add your suggestion...