"; // Procedure 1 // Present the user with the Switch name based on the 2nd Octet of the input address: echo '

1. Get the Switch Name

The switch that this ip address is associated with is based on the second octet of the

'; echo "ip address entered [".$secondoctet."]. This is typically a 3 digit number between 100 and 150.

"; // Check 2nd Octet is between 100 and 160. // And if not quit $lower_boundary = 100; $upper_boundary = 150; if(!(( $secondoctet >= $lower_boundary ) && ( $secondoctet <= $upper_boundary ))){ echo "Sorry Second Octet of IP [".$secondoctet."] is outside range 100-150.

"; echo "Going to end now

"; echo ""; exit; } echo "Switch :". $hidevices[$secondoctet]. "

"; // // CHECK : Ip address is pingable // echo "

"; echo "$ip is ".$ping[0] ; echo "

"; echo "MAX RESPONSE".$ping[1]; echo "

"; // CHECK : THE SWITCH CONF AND SET UP // Checking for ... // for an interface. // check for vlan mgm // check for vlan trf // check for ip mgm // check for ip trf // check for dhcp on trf vlan // check for mgm vlan member and vlan trf is just native // check for ospf // Check the switch for a mention of this ip in the vlan interfaces. echo "

"; echo "2. Check the Switch Configuration for mention of this ip on an vlan interfaces

"; // Using Maldron LAB as a test // but will have to generate the ip of the swtich $ip = "192.168.181.202"; $d= new Device($ip, $username, $password); $d->connect(); try { $inven=$d->get_system_information(); $description = $inven->to_string(); $descr_exist = true; } catch(Exception $e) { $description = $e->getMessage(); $descr_exist = false; } // $jconfchk1 = $d->run_cli_command("show configuration interfaces vlan | display set"); // Get the full switch config. $jconfchk1 = $d->run_cli_command("show configuration | display set"); $jconfchk_lines = explode("\n", $jconfchk1); // pre($jconfchk_lines); $d->close(); // echo "\r\n HELLO

\r\n"; // will have to update with the coorect str. // $searchword = '149.71.161.172'; // $searchword = '10.123.8.1'; $searchword = '10.123.21.1'; echo "

SEARCHWORD: ". $searchword."

\r\n"; $matches = array(); $vlan_line =""; echo "Any matching lines of the \"interface vlan\" will show between the next 2 horizontal lines

"; echo "--------------------

"; $i = 0 ; // counter of number of mentions of lins $di = 0; // counter of number of lines with deactivate of dissable $sn = 0; // count of number of lines with subnetmask NOT 24 $searchword2 = $searchword."\/24"; foreach($jconfchk_lines as $k => $v) { if (preg_match("/set interfaces vlan/", $v)) { if(preg_match("/\b$searchword\b/i", $v)) { $matches[$k] = $v; if(preg_match("/disable/i", $v)) { $di = $di + 1; } if(preg_match("/deactivate/i", $v)) { $di = $di + 1; } if(!(preg_match("/$seachword2/i", $v))) { $sn = $sn + 1; } // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; echo $v . "

\r\n"; $vlan_line = $v; $i = $i + 1; } } } echo "--------------------

"; $good1="YES"; // ip mentioned in just one line of vlan config $good2="NO"; // ip mentioned in more than one line of vlan config $good3="FALSE"; // ip mentioned in NO lines of vlan config $good4="FALSE"; // ip mentioned in lines of vlan config with disable or deactivate $good5="FALSE"; // ip mentioned in lines of vlan config with a subnet mask not 24 if ($i == 1) { $good1="YES"; } else { $good1="NO"; } if ($i > 1) { $good2="YES (".$i.")"; } if ($i == 0) { $good3="TRUE"; } if ($di > 0) { $good4="TRUE"; } if ($sn != 0) { $good5="SUSPICOUS"; } echo "

"; echo ""; echo $good1.""; echo ""; echo $good2.""; echo ""; echo $good3.""; echo ""; echo $good4.""; echo ""; echo $good5.""; echo "

IP Mentioned on just one line of vlan config

IP Mentioned on more than one line of vlan config

IP Mentioned on NO lines of vlan config

IP Mentioned on lines of vlan config with disabled or deactivate

IP Mentioned on lines of vlan config with a subnet not \"/24\"

"; // Failed on this TEST Going to Exit Now if (($i != 1) || ($di != 0) ) { echo "

Failed this test - Quit Checking now

"; echo ""; exit; } // Check the switch for a mention if the vlan number and the interface number with the ip echo "

"; echo "3. Check the Switch Configuration for the Interface that has the vlan (that has the management IP)

"; // echo "

VLAN LINE :". $vlan_line."

"; // set interfaces vlan unit 4008 family inet address 10.123.8.1/24 $vlanchk_element = explode(" ", $vlan_line); // echo "

VLAN ID: ".$vlanchk_element[4]."
"; // Seach the config file for the vlan name by using its vlan-id foreach($jconfchk_lines as $k => $v) { if (preg_match("/ vlan-id $vlanchk_element[4]\b/i", $v)) { // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; // echo "GG:". $v . "

\r\n"; $vlan_id_line = $v; // $i = $i + 1; } } $vlan_id_element = explode(" ", $vlan_id_line); // set vlans ge21_MGMT vlan-id 4021 // echo "VLAN NAME : ".$vlan_id_element[2]."
"; // Now have the name of the vlan so have to get the Interface. // echo "

The config lines for the relevant physical interface should show between the next 2 horizontal lines

"; // echo "--------------------

"; foreach($jconfchk_lines as $k => $v) { if (preg_match("/ ethernet-switching vlan members $vlan_id_element[2]\b/i", $v)) { // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; // echo "

HH:". $v . "

\r\n"; $iface_line = $v; // $i = $i + 1; } } $iface_element = explode(" ", $iface_line); // echo "

IFACE:". $iface_element[2]."

"; $iface_esc = str_replace('/', '\/', $iface_element[2]); // set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members ge21_MGMT echo "The config lines for the relevant physical interface should show between the next 2 horizontal lines

"; echo "--------------------

"; $dib = 0; // counter for disaled or deactivated $tc = 0; // counter for check there is mention of trunk for the interface. $fi = 0; // family inet check counter $nv = 0; // counter for native vlan $natvlan_line = ""; $mc = 0; // counter of lines with vlan members should be 1 foreach($jconfchk_lines as $k => $v) { if (preg_match("/ interfaces $iface_esc\b/i", $v)) { if(preg_match("/disable/i", $v)) { $dib = $dib + 1; } if(preg_match("/deactivate/i", $v)) { $dib = $dib + 1; } if(preg_match("/ trunk/i", $v)) { $tc = $tc + 1; } if(preg_match("/ family inet/i", $v)) { $fi = $fi + 1; } if(preg_match("/ vlan members /i", $v)) { $mc = $mc + 1; } if(preg_match("/ native-vlan-id /i", $v)) { $nv = $nv + 1; // echo "

JJJJ

"; $natvlan_line = $v; } // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; echo "

". $v . "

\r\n"; // $iface_line = $v; // $i = $i + 1; } } echo "--------------------

"; $natvlanid_element = explode(" ", $natvlan_line); //$vlanchk_element[4] $natvlanid_element[8] // check the MGT vlan does not equal the native vlan. echo "

NATIVE VLAN: ".$natvlanid_element[8]."
"; echo "MGMT VLAN: ".$vlanchk_element[4]."
"; echo "IFACE:". $iface_element[2]."

"; $good1="YES"; // interface does not mention disabled or deactivate $good2="YES"; // interface does mention trunk. $good3="YES"; // interface does NOT mention inet $good4="YES"; // interface just one vlan member $good5="YES"; // there is a native vlan $good6="YES"; // there is just one native vlan $good7="YES"; // native vlan is not same as member if ($dib > 0) { $good1="NO"; } if ($tc != 1) { $good2="NO"; } if ($fi != 0) { $good3="NO"; } if ($mc != 1) { $good4="NO"; } if ($nc == 1) { $good5="NO"; } if ($nc > 1) { $good6="NO"; } if ($vlanchk_element[4] == $natvlanid_element[8]) { $good7="NO"; } echo "

"; echo ""; echo $good1.""; echo ""; echo $good2.""; echo ""; echo $good3.""; echo ""; echo $good4.""; echo ""; echo $good5.""; echo ""; echo $good6.""; echo ""; echo $good7.""; echo "

Interface ".$iface_element[2]." Mentioned in Config with with disabled or deactivate

Interface ".$iface_element[2]." Mentioned with trunk in Config just once

Interface ".$iface_element[2]." Mentioned with \" inet \" config

Interface ".$iface_element[2]." Mentioned with just one vlan member

Interface ".$iface_element[2]." Mentioned with a Native vlan

Interface ".$iface_element[2]." Mentioned with just one Native vlan

Interface ".$iface_element[2]." Has Member vlan (MGMT ".$vlanchk_element[4].") different from Native vlan (Traffic ".$natvlanid_element[8]."

"; // Do a run of the config file for the management vlan // set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members ge21_MGMT // set vlans ge21_MGMT vlan-id 4021 // set vlans ge21_MGMT l3-interface vlan.4021 // check that it matchs the vlan-id and NOT the traffic one. echo "

"; echo "4. Check the Switch Configuration for the interface the Mgmt vlan is tied to

"; // VLAN NAME : $vlan_id_element[2] // echo "

VLAN LINE :". $vlan_line."

"; // set interfaces vlan unit 4008 family inet address 10.123.8.1/24 // $vlanchk_element = explode(" ", $vlan_line); // echo "

VLAN ID: ".$vlanchk_element[4]."
"; // Seach the config file for l3 iface of the MGMT vlan. $vlan_iface_line =""; $vic = 0; // counter for layer3 lines mgmt foreach($jconfchk_lines as $k => $v) { if (preg_match("/set vlans $vlan_id_element[2]/i", $v)) { if (preg_match("/l3-interface/i", $v)) { // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; // echo "GG:". $v . "

\r\n"; $vlan_iface_line = $v; $vic = $vic + 1; } } } $vlan_iface_element = explode(".", $vlan_iface_line); echo $vlan_iface_line."

"; echo "VLAN IFACE :". $vlan_iface_element[1]."

"; $osm = 0; // OSFP line counter $vie = trim($vlan_iface_element[1]); foreach($jconfchk_lines as $k => $v) { if (preg_match("/set protocols ospf area /i", $v)) { // echo "KKKK ".$v."

"; // echo "PPP interface vlan.".$vie."

"; if (preg_match("/interface vlan.$vie/i", $v)) { // echo "KEY:" . $k . " VALUE:" . $v . "\r\n"; echo $v . "

\r\n"; $ospf_mgmt_line = $v; $osm = $osm + 1; } } } $good1="YES"; // interface mgmt vlan have a l3 interface $good2="YES"; // does this match with the vlan number $good3="YES"; // does it differ with TRF vlan number $good4="YES"; // is this interface in OSPF $good5="YES"; // does it have the keyword passive if ($vic == 0) { $good1="NO"; } if (trim($vlanchk_element[4]) != trim($vlan_iface_element[1])) { $good2="NO V:".$vlanchk_element[4]." X:".$vlan_iface_element[1].""; } if ($natvlanid_element[8] == $vlan_iface_element[1]) { $good3="NO"; } if ($osm != 1) { $good4="NO".$osm.""; } if (!(preg_match('/passive/',$ospf_mgmt_line))) { $good5="NO"; } echo "

"; echo ""; echo $good1.""; echo ""; echo $good2.""; echo ""; echo $good3.""; echo ""; echo $good4.""; echo ""; echo $good5.""; // echo "

END HELLO

"; echo ' '; ?>

Interface vlan".$vlan_iface_element[1]." has a layer3 interface

Interface vlan".$vlan_iface_element[1]." does the interface vlan number match the Mgmt vlan number (usual it does but strictly it does not have to)

Interface vlan".$vlan_iface_element[1]." does the interface vlan number DIFFER from the TRF vlan (".$natvlanid_element[8].")

Interface ".$iface_element[2]." Is the interface vlan put into OSPF ".$ospf_mgmt_line."

Interface ".$iface_element[2]." does OSPF have the passive keyword