VLan nembership management defect in Brocade Turbo Iron 10Gig ToR switch
As part of my automation solution I have created plugins to interact with network devices. While working with the Brocade Turbo Iron 10gig switch running version 04.2.00b. I found a defect in the way the switch does Vlan Management via SNMP.
The issue:
When adding a port to >1 vlans as tagged the QBridge interface incorrectly does not check if only adding as “Egress Port”.
Example: Add Port 24 tagged to vlan 100, attempt to add port 24 tagged to vlan 101 via SNMP. The latter will fail.
Additional Note: Brocade/Foundry Private MIBs cannot be used exclusively on the Turbo Iron due to limitations in the switch software.
The Workaround:
For Tagged/Trunked ports only
1. Check if adding port to vlan as tagged
2. Enumerate all vlans on switch
3. Enumerate all vlan members in Vlans to find if Port is member of any vlan as tagged
4. If port is already member call private OID (1.3.6.1.4.1.1991.1.1.3.2.6.1.3.<tag>.<ifIndex>) to add port to vlan as tagged. You can find more on this OID at https://ipmsupport.solarwinds.com/mibs/FOUNDRY-SN-SWITCH-GROUP-MIB/item.aspx?id=snVLanByPortMemberRowStatus
5. If port is NOT already member use Qbridge interface to add port to vlan.
Code Snip:
public bool addPortToVlan(int tag, int ifIndex, bool isTagged)
{
try
{
Byte[] currentMembers;
if (GetQBridgeVlanMembers(tag, isTagged, out currentMembers) == false)
return false;
if (currentMembers.Length == 0)
return false; //vlan needs to be created first
currentMembers = this.GeneratePortByteStream(ifIndex, currentMembers, true);
//Due to bug in TI code
//Issue is that QBridge Add port to vlan logic does not check if target port is tagged
//So if target port is already member of another vlan as tagged it will fail on all other adds
//Workaround is to use 1.3.6.1.4.1.1991.1.1.3.2.6.1.3.<tag>.<ifindex> i 4 to add the port to the vlan after it is added via qbridge to first
//If we are doing tagged we need to do workaround
if (isTagged)
{
//check to see if target port is already member of another vlan
if (isPortTaggedinAnotherVlan(ifIndex) == true)//add with snVLanByPortMemberRowStatus
return sendSNMP("1.3.6.1.4.1.1991.1.1.3.2.6.1.3." + tag + "." + ifIndex, 4);
//if this did not find and return fall through to qbridge
}
return SetQBridgeVlanMembers(currentMembers, tag, isTagged);
}
catch (Exception e)
{
return false;
}
}