HP/Aruba Simple Vlan Management

Download

download latest version here

Details

  • Supported Languages(s) : English, French
  • Licence : GNU General Public License version 3.0 (GPLv3)
  • Operating systems : plateform independant

Release notes

release notes can be seeen here.

Features

*  Tag and Untag ports in VLANs
*  Automated backup of switches configuration
*  Create/Delete/Rename VLANs
*  Manage Several switches
*  See several switches at the same time
*  Use AD authentication with kerberos (krb5/Apache) or local user/password form
*  See link up / down
*  No vlan number limitation
*  Disable features if they're not needed
*  Choose between French or English language
*  Tag one port in several/all vlans in one click
*  See memory and CPU usage on your switches
*  Supports SNMP V1, V2 and V3

Why this software ?

There is no similar software except those witch are provided by Aruba (HP) but they’re not free, not open source, and heavy. Integrated device Web interface is free but can only manage one switch at once, number of displayable vlans is limited…

Quick Installation

Install Apache and php.

Install snmp support on PHP (php5-snmp under linux). Under Windows, php version must be at least 5.3.3. With easy php, replace php folder with the one from php.net witch includes php_snmp extension. Extention needs to be activated in php.ini (extension=php_snmp.dll under windows, extension = php_snmp.so under linux)

Files that needs to be modified :

  • /params/config.conf
  • /params/switches.xml
  • /params/conf_path.php

Move config.conf and switches.xml to a non www accessible location (/etc/aruba_vlan_management under linux or c:\program files\aruba_vlan_management under windows for instance) and then, change conf_path.php file in params folder according to to this new location.

Important : the folder views/smarty/templates_c must be writable (chmod 777 under linux)

if you have troubles set DISPLAY_PHP_WARNINGS to 1 in config.conf

Detailed Installation

Under windows

Using Wamp

  • Just download and install wamp,
  • Extract aruba_vlan_management-3.x in web root directory.
  • Enable php_snmp extension in wamp configuration menu.

2017-04-10 13_57_24-

  • Be shure you have administrator’s rights on your wamp root directory if you’re running Windows 7 or Vista. Be shure views/smarty/templates_c is writable.
  • Files that needs to be modified :
    • /params/config.conf
    • /params/switches.xml
    • /params/conf_path.php

    Move config.conf and switches.xml to a non www accessible location (c:\program files\aruba_vlan_management for instance) and then, change conf_path.php file in params folder according to to this new location.

  • connect to http://127.0.0.1/aruba_vlan_management/ with your web browser

Using easy php

  • Install easy php
  • download the binaries (not sources) of php from php official website
  • If you server is under Windows 10, Windows 8, 8.1, 7 or VISTA : launch easy php with administrator’s rights (right clic on easy php icon/properties/compatibility)
  • replace php folder inside easy php directory with the one you’ve just downloaded on php website.
  • On easy php configuration menu, uncheck “Check server’s TCP port before starting” then click “Apply” button and then “Close” button”
  • In the same menu check extension snmp
  • uncompress zip file in c:\program files\easy php\www

Under linux

Debian/Ubuntu

  • apt-get install apache2 php5 php5-snmp
  • Then, uncompress files in /var/www : tar -xzvf /var/www aruba_vlan_management-3.x.tar.gz
  • give read/write rights to user www-data to aruba_vlan_management folder (chown -R www-data:www-data /var/www/aruba_vlan_management/ & chmod -R 775 /var/www/aruba_vlan_management/)
  • create a aruba_vlan_management folder in /etc :

    #mkdir /etc/aruba_vlan_management

  •  move config.conf and switches.xml in /etc/aruba_vlan_management :
    cd /var/www/aruba_vlan_management/params
    mv config.conf /etc/aruba_vlan_management
    mv switches.xml /etc/aruba_vlan_management
  •  edit params/conf_path.php and set path variable to this value : path=/etc/aruba_vlan_management/

    The file sould looks like this :
    # Set here the path where you put config.conf and switches.xml – choose a location
    # away from www readable location :
    # for instance, under linux :
    # /etc/aruba_vlan_management
    # or under windows :
    # c:/aruba_vlan_management/config# Definissez ici le chemin ou vous avez mis config.conf et switches.xml – Choisir un
    # repertoire non accessible depuis le web
    # path=c:/aruba_vlan_managementconfig ou sous linux, par exemple : /etc/aruba_vlan_management path=/etc/aruba_vlan_management/
  • Edit config.conf and set DISABLE_FIRST_RUN_WARNINGS=1
  •  if it’s not working, you could try this command to see apache/php errors in realtime while refreshing your page in your web browser :
     #tail -f /var/log/apache2/error.log &

Others linux distributions

  • Have a look on google to know how to install php5, apache and snmp support on your distribution.
  • Once everything is installed :
  • uncompress files in /var/www (tar -xzvf /var/www aruba_vlan_management-3.x.tar.gz)
  • give read/write rights to user www-data to aruba_vlan_management folder (chown -R www-data:www-data /var/www/aruba_vlan_management/ & chmod -R 775 /var/www/aruba_vlan_management/)
  • Files that needs to be modified :
    • /params/config.conf
    • /params/switches.xml
    • /params/conf_path.php

    Move config.conf and switches.xml to a non www accessible location (/etc/aruba_vlan_management under linux or c:\program files\aruba_vlan_management under windows for instance) and then, change conf_path.php file in params folder according to to this new location. See detailed explaination for Debian/ubuntu above.

Switches configuration

If you want to use snmp v1 or v2 (not secured)

You must activate snmp on the switches and you must declare a community with unrestricted access. To do so, connect with putty on your switches (with ssh if enabled, orelse with telnet) and type the following commands (check with your switches documentation) :

conf t

snmp-server community “community_name” Unrestricted

write memory

If you want to use snmp V3 (secured, but longer execution time) :

conf t

snmpv3 enable


SNMPv3 Initialization process.

Creating user 'initial'

Authentication Protocol: MD5

Enter authentication password: *******

Privacy protocol is DES

Enter privacy password: *********

User 'initial' is created

Would you like to create a user that uses SHA? n

User creation is done. SNMPv3 is now functional.

Would you like to restrict SNMPv1 and SNMPv2c messages to have read only

access (you can set this later by the command 'snmp restrict-access'): y


snmpv3 user <username> auth sha <pub_passphrase> priv aes <priv_passphrase>

snmpv3 group managerpriv user <username> sec-model ver3

no snmpv3 user initial

write memory

If you want, you can totally disable snmpV1 and v2 :

conf t

snmpv3 only

write memory

To test if it worked, type in a terminal snmpwalk -v 3 -u <username> -X <the_public_passphrase> -A <the_private_passphrase> -c <community> -l AuthPriv <ip_address> <OID>

Here is a swith in params/switches.xml working with this configuration :

<switch>
		<id>4</id>

		<name>Siege 4</name>

		<ip>10.253.0.4</ip>

		<snmpVersion>3</snmpVersion>

		<snmpV3User>user_sha</snmpV3User>

		<snmpV3Passphrase>the_public_passphrase</snmpV3Passphrase>

		<snmpV3AuthProtocol>SHA</snmpV3AuthProtocol>

		<snmpV3PrivProtocol>AES</snmpV3PrivProtocol>

		<snmpV3PrivPassphrase>the_prviate_passphrase</snmpV3PrivPassphrase>

		<snmpV3SecLevel>authPriv</snmpV3SecLevel>
</switch>

If you set default parameters in config.conf (especially if you use the same authentication for several switches), only this will be necessary in switches.xml :

<switch>
		<id>4</id>

		<name>Siege 4</name>

		<ip>10.253.0.4</ip>

		<snmpVersion>3</snmpVersion>
</switch>

Here are the config.conf corresponding parameters :

SNMP_V3_DEFAULT_USER=user_sha

SNMP_V3_DEFAULT_PASSPHRASE=the_public_passphrase

SNMP_V3_DEFAULT_AUTH_PROTOCOL=SHA

SNMP_V3_DEFAULT_SEC_LEVEL=authPriv

SNMP_V3_DEFAULT_PRIV_PROTOCOL=AES

SNMP_V3_DEFAULT_PRIV_PASSPHRASE=the_prviate_passphrase

Using Switches orignially coming from 3Com range of produtcs

Some switches from HP where developped originally by 3Com. The MIB is a bit different so to access those switches in aruba_vlan_management, use <en3comCompat>1</en3comCompat> parameter in switches.xml (see example 6 of this file).

If you own this kind of switches, don’t forget to upgrade your firmware.

Using SSH/Telnet aruba_vlan_management’s web interface integrated console

To avoid security java exception, you must add a line on your client machines in their java/jreX/lib/security/java.policy (on windows x64, the java you need to modify may be the one located in program files (x86) to allow the applet to establish connection with your switches accross the java applet.

Here is this line :

permission java.net.SocketPermission “*”, “accept, connect, listen, resolve”;

Automatically backup switches configuration

WARNING : Backup of configuration files uses SFTP to get conf files from the switches. It results in a few ping loss (2 or 3 seconds) with the switch that is being processed.

Note that the order you choose for the switches in switches.xml file is important, it’s this order that is taken by the program to make the backup. In other words, if you have three switches on a “path”, put the one that is the most far away from the machine that processes the backups first in order to not loose contact with other switches. If not, the two other swithes may not succeed in backup operation.

Under linux, you need php-ssh2 extension to be installed and enabled to make it work.

Under windows, be shure you’ve set OS_TYPE=WINDOWS in config.conf file.

mcrypt library is now included into php 5.3 version, but you would need it if you’re using older versions of PHP if you want to encrypt config files on your web server.

With a simple scheduled task on a windows server (if you use apache/kerberos) or with a simple cron job on your web server (using wget), you can now backup ALL your switches configuration files. You can of course make a manual backup when you want.

For a better security, files can be stored as encrypted files on the web server.

To make a scheduled task under windows, if you use apache/kerberos authentication, just create a simple task pointing to firefox.exe or iexplore.exe with the folowing parametter :

http://intranet/aruba_vlan_management/backup_all_configs.php

For now, it hasn’t been tested with a cron job on the web server, but you can do something like this :

wget --http-user=USERNAME --http-password=PASSWORD http://SOMETURLTOFILE

Or maybe something like this :

# Log in to the server.  This can be done only once.                   
wget --save-cookies cookies.txt \
     --post-data 'user=foo&password=bar' \
     http://server.com/auth.php

# Now grab the page or pages we care about.
wget --load-cookies cookies.txt \
     -p http://server.com/interesting/article.php