Port to VLAN information for Cisco Switches using SNMP and PHP

Unfortunately, there is no direct OID that would contain the value of the VLAN a given port is assigned to. But there is another OID that returns the list of ports that belong to a given VLAN. The general procedure is as follows:

1. create a list of ports
2. assign to the ports whether they are in trunk mode or not
3. create a list of VLANs and their names
4. go through the VLANs and for each one, return the array of ports
   • go through the returned ports and set the current VLAN in the port list

Creating a List of Ports/Interfaces

This step was resolved in the article Switch port information using SNMP and PHP.

Determining Trunk Ports

We will use SNMP values that are specific to the Cisco company. Their tree starts at OID = .1.3.6.1.4.1.9, written as iso.org.dod.internet.private.enterprises.cisco. In cases where the OID specifies a port property, Cisco uses the notation that the last two values of the OID string are used to represent the module number and the port number in the module (e.g. OID.1.5 is module 1 and port 5). Ports are numbered from 1 to the maximum number of ports (uplinks follow the normal ports). In contrast, when the port is taken as an interface, the last number from the OID is used, and it is the index (port 1/1 has index 10101). These interface indices were used in the previous step.

To determine the trunks, we will use the MIB file CISCO-VTP-MIB, which has OID = .1.3.6.1.4.1.9.9.46, .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoVtpMIB and the value:

The trunk status can also be determined in the MIB subtree CISCO-STACK-MIB with  OID = .1.3.6.1.4.1.9.5.1, .iso.org.dod.internet.private.enterprises cisco.workgroup.ciscoStackMIB. Here, the OID notation with the module number is used, and the ports are returned with their number (starting from 1) and not the interface index.

The first case is related to the interface, and the second to the port, so we can choose whichever suits us best (I think there is no significant technical difference here).

List of VLANs

VLANs on Cisco switches are treated as interfaces, but the interface is only created after it has been "initialized".

SWITCH(config)#vlan 10           // create VLAN number 10, not an interface yet
SWITCH(config-vlan)#name net1  	 // name the VLAN
SWITCH(config-vlan)#exit         // go back one level
SWITCH(config)#interface vlan 10 // switch to configuring the VLAN 10 interface
SWITCH(config-if)#no shutdown    // "initialize" the interface

Therefore, we already obtained the list of VLANs in the first step along with the ports. However, we will now use an object from the Cisco MIB tree to get the list of VLANs. Here, VLANs 1002, 1003, 1004, and 1005 are also returned, which are there for historical reasons and which we probably don't have among the interfaces. We'll use the CISCO-STACK-MIB file again, and the interesting OIDs are

Iterating through VLANs

Information about the ports in a given VLAN can be found in the MIB file BRIDGE-MIB and the subtree with OID = .1.3.6.1.2.1.17, .iso.org.dod.internet.mgmt.mib-2.dot1dBridge.

To this OID, the port number is appended as the last digit of the string, and the interface index is returned. A hybrid community string is used for the call, which looks like our string with @vlan_number added. So we use snmpwalk and call this OID with the community string for each VLAN, and we gradually get the lists of port indices that belong to them. If we use a non-existent VLAN in the community string, an error occurs. So we need to choose the correct VLANs that we obtained in the previous step. Also, it might be sufficient to use VLANs that have vtpVlanType = 1 and vtpVlanState = 1.

The list also returns ports that are operating in trunk mode, if they have the given VLAN enabled. We only want to determine the VLAN of a port or whether it is in trunk mode. Therefore, when iterating through the returned list of ports, we check whether it is in trunk mode, and if not, we set the parameters of the currently iterated VLAN.

Implementation in PHP

The following code is just an addition to the code from the article Switch port information using SNMP and PHP. It is an extension of the function to obtain information about the switch interfaces getInterface and the print function printInterfaces (which I don't include here).

function getInterface(&$interfaces, $ip, $comm) {
   // previous code
   // ........
// information about VLANs for ports
// list of VLANs and names
   $vlans = array();
   getInterPart($vlans, $ip, $comm, ".1.3.6.1.4.1.9.9.46.1.3.1.1.3", "Type");
   getInterPart($vlans, $ip, $comm, ".1.3.6.1.4.1.9.9.46.1.3.1.1.4", "Name");
// list of trunks
   getInterPart($interfaces, $ip, $comm, ".1.3.6.1.4.1.9.9.46.1.6.1.1.14", "Trunk"); 
// assigning VLAN to port
   foreach($vlans as $vlan_id => $vlan) 
      if($vlan["Type"] == 1) {
          $ports = array();
          $ports = snmprealwalk($ip, $comm."@".$vlan_id, ".1.3.6.1.2.1.17.1.4.1.2"); // list of ports in the given VLAN
          foreach($ports as $port)
             if($interfaces[$port]["Trunk"] == 2) {
                $interfaces[$port]["VLAN"] = $vlan_id;
                $interfaces[$port]["VLAN_name"] = $vlan["Name"];
             } else {
                $interfaces[$port]["VLAN"] = 0;
                $interfaces[$port]["VLAN_name"] = "trunk";
             }
       }              
}

Conclusion

The given solution is probably not written ideally and can be further developed. It might be possible to write this code in a universal way, so that it doesn't depend on the switch manufacturer. We can get the list of VLANs from the list of interfaces, and to determine whether a port is in trunk mode, we can check if it is contained in multiple VLANs.

The Cisco web page with the Cisco SNMP Object Navigator can be useful, where you can nicely browse the MIB database and download Cisco MIB files.