Vlan discovery.php
From ChekMate Security Group
vlan_discovery.php
<?
include ('udpscan.php');
include ('functions.php');
$snmp_communities = array("public");
$vlans = array(1,2,3,4,5,6,7,8,9,10,20,30,40,50);
# $ipaddress = "192.168.1.1";
$emptyip = 0;
$cfg_db_user = "db_username"; // Database Username
$cfg_db_pass = "db_password"; // Database Password
$cfg_db_host = "db_hostname"; // Database Host
$cfg_db_name = "db_database"; // Database Name
connect($cfg_db_name);
####
# check to see if snmp is open
####
$noderesults = mysql_query("SELECT ipaddress, macaddress FROM node") or print "ERROR - Can not select<br>\n";
if(mysql_num_rows($noderesults)!=0){
while ($row =mysql_fetch_array($noderesults)){
$macaddress = strtolower($row['macaddress']);
$ip_address = $row['ipaddress'];
$nodes[$macaddress] = $ip_address;
}
}
$sqlresults = mysql_query("SELECT ipaddress, devicetype, snmpcommunity FROM cdp_devices") or print "ERROR - Can not select<br>\n";
if(mysql_num_rows($sqlresults)!=0){
while ($row =mysql_fetch_array($sqlresults)){
$ipaddress = $row['ipaddress'];
$devicetype = $row['devicetype'];
$snmp_community = $row['snmpcommunity'];
if (($devicetype != "cisco Cat6k-MSFC2") AND ($devicetype != "Cisco IP Phone 7940") AND ($devicetype != "Cisco IP Phone 7960") AND ($devicetype != "Win2000 Server") AND ($devicetype != "Cisco IP Phone 7910") AND ($devicetype != "cisco 2610") AND ($devicetype != "cisco WS-C2924-XL") AND ($devicetype != "cisco WS-C3550-24") ) {
print "\n\n$ipaddress <br>\n";
foreach ($snmp_communities as $snmp_community) {
foreach ($vlans as $vlan) {
$testOID = get_snmp_data($ipaddress,$snmp_community,".1.3.6.1.2.1.1.2.0");
if ($testOID != FALSE) {
$FDBmac = @get_snmp_table($ipaddress,"$snmp_community@$vlan",".1.3.6.1.2.1.17.4.3.1.1");
$FDBIndex = @get_snmp_table($ipaddress,"$snmp_community@$vlan",".1.3.6.1.2.1.17.4.3.1.2");
$BasePort = @get_snmp_table($ipaddress,"$snmp_community@$vlan",".1.3.6.1.2.1.17.1.4.1.1");
$PortIndex = @get_snmp_table($ipaddress,"$snmp_community@$vlan",".1.3.6.1.2.1.17.1.4.1.2");
foreach ( $FDBmac as $key => $val ) {
foreach ( $BasePort as $key1 => $val1 ) {
if ($FDBIndex[$key] == $BasePort[$key1]) {
$PortNum = $PortIndex[$key1];
}
}
if (ereg ("([a-zA-Z0-9]{2}) ([a-zA-Z0-9]{2}) ([a-zA-Z0-9]{2}) ([a-zA-Z0-9]{2}) ([a-zA-Z0-9]{2}) ([a-zA-Z0-9]{2})", $FDBmac[$key], $regs)) {
$macaddress = strtolower("$regs[1]:$regs[2]:$regs[3]:$regs[4]:$regs[5]:$regs[6]");
}
$macaddress = strtolower($macaddress);
if (ereg (" = (.*)", @get_snmp_data($ipaddress,"$snmp_community@$vlan",".1.3.6.1.2.1.31.1.1.1.1.$PortNum"), $sample)) {
$PortLocation = $sample[1];
}
if (($PortLocation != "GEC-1/1-2") AND ($PortLocation != "Gi0/1") AND ($PortLocation != "Gi0/2")) {
$device_ip = $nodes[$macaddress];
if ($device_ip) {
if ((!(ereg("3/",$PortLocation) AND !ereg("192.168.1.",$device_ip))) OR ((!ereg("3/",$PortLocation) AND !ereg("192.168.1.",$device_ip))) ) {
$saved = mysql_query("SELECT device_ip FROM forwarders WHERE device_ip = '$device_ip' AND switch_ip = '$ipaddress'") or print "ERROR - Can not select<br>\n";
if(mysql_num_rows($saved)==0){
mysql_query("INSERT INTO forwarders (switch_ip, portname, device_ip, vlan ) VALUES ('$ipaddress','$PortLocation', '$device_ip', '$vlan')") or print "ERROR - Can not insert new record into forwarder table ($ipaddress)<br>\n";
print "INSERT -- $PortLocation -- $macaddress ($nodes[$macaddress])-- on Switch $ipaddress VLAN $vlan <br>\n";
} else {
mysql_query("UPDATE forwarders SET switch_ip='$ipaddress', portname='$PortLocation', vlan='$vlan' WHERE device_ip = '$device_ip'") or print "ERROR - Can not update forwarder<br>\n";
print "UPDATE -- $PortLocation -- $macaddress ($nodes[$macaddress])-- on Switch $ipaddress VLAN $vlan <br>\n";
}
}
}
}
}
}
}
}
}
}
}
?>
