On Thu, 12 Mar 2015 12:17:20 +0200 Mattias Söderholm mattias.soderholm@malax.fi wrote:
Okey. So if I understand you correctly we need to change our router (firewall) to be a GSW and not a GW when it's not a Cisco router? And then it needs to show all router port as Vl## or Vlan###.
No. The GW category is for a pure layer 3 router. GSW is for a routing switch, operating on both layer 3 and 2. I only meant to comment on what it seems NAV actually supports.
The point is, NAV only knows how to associate VLAN tags with prefixes on a router if:
1. It's a Cisco router which supports 802.1q VLAN tagging.
or
2. It's a routing switch that signal the corresponding Vlan tag by including it in its router port names (matching the regexp "Vl(an)?[0-9]+").
Our firewall is a Sophos UTM9 and is the only router on all prefixes. It now shows the router port as eth0, eth1 and so on in NAV. It's not possible to change the interface names in UTM.
Fully understandable. The question is, does the Sophos UTM9 support 802.1q VLAN tagging?
If it doesn't, we cannot conceivably get that information from it, ever. We would have to find that information elsewhere. For example, if we find that the physical router port is directly connected to another switch, where we could read the VLAN tag from the connected switch port. NAV doesnt currently do that, but I see it as a possible enhancement.
I now have entered in the UTM's interface description field the guidelines that's described here: https://nav.uninett.no/wiki/subnetsandvlans#guide_lines_for_configuring_rout...
Beautiful! I'd completely forgotten that you can force the VLAN number of a prefix through the interface description conventions :-)
I just reviewed the related code, and unfortunately, there seems to be a glaring omission here. The VLAN tag number is parsed, but seems to never be used anywhere :-(
I smell a bug report coming... Would you like to file it yourself at https://bugs.launchpad.net/nav/+filebug ?
Don't know how to get the information from it. (I have no knowledge about MIBs and SNMP) The VLAN information that's inserted now in NAV must come from some switches (Management interface). They have the VLAN tag as router port.
The missing information I was trying to enter is the VLAN, Organization and Usage in SeedDB that you can manually insert for VLAN. But it's getting deleted...
Is the entire VLAN entry being deleted, or is it just the data fields (organization, usage, net_ident, description)?
If NAV finds a VLAN entry that doesn't seem to be in use anywhere (i.e. associated with a prefix or detected as active on a switch port), it will squarely delete it - but it shouldn't change the attached data fields, as they are always parsed from router port descriptions.