Now this is one I’d been planning on doing for a while. At the university, pretty much all our network kit is Cisco. You can get various Cisco management software packages, in fact we did purchase one (Cisco Works 2000) some time ago. But nothing we had found had the simple functionality we needed: An easy way for desktop support staff (of varying degrees of technical ability) to see at-a-glance which vLans certain switch ports were on. And, if they’re allowed, to change vLan and maybe see which ports hadn’t been used in a while so could potentially be un-patched.
The problem was simple, and I wanted the solution to be simple, too. You see, we do have a database of network devices. And we do have drawings of which devices area where. But, well, they’re not always up-to-date. And I certainly didn’t want to go re-programming this page each time a switch moved or a building was knocked down.
Roll up, CDP. Cisco Discovery Protocol is layer 2 protocol by which all Cisco switches and routers discover their ‘neighbours’. This information is available through SNMP, so I found that I was able to make, quite easily, a diagram of our whole network structure by starting with just one IP address and following the links.
A little more PHP-SNMP messing, and the user can query any switch for a list of its ports. Allowed to/from vlans allow us to ensure proper use of the service, and since all webservice requests go via our web server before firing to another server that does the SNMP work, the solution is secure. Users are seamlessly authenticated with AD using NTLM authentication, so access can be delegated with simple security groups.
More to follow.