A site I work with as a consultant and also assist the system administrators has a large number of HP switches. This site uses Procurve Manager to monitor their network. For some strange reason Procurve Manager had decided (with no known changes to cause it) to leave open telnet sessions on all the switches. This eventually results in a locked out situation due to all the available telnet sessions on each switch timing out. After searching HP forums and the wider Internet for a solution that did not involve travelling to every switch and connecting to the serial port, I discovered that, once again, Linux came to the rescue. This time providing the help through SNMP tools such as snmpwalk and snmpset. What at first looked like a week of work was transformed into 5 or 6 hours for two people. (there are more than 120 switches around a 24x7 "no downtime" site 5Km by 1.5Km in size) First job was to clear the telnet sessions. This involved using snmpwalk to identify the telnet sessions we needed to delete/kill. Then using snmpset to tell the telnet sessions to close. Then connecting to each switch and setting a timeout period for the telnet sessions.
The command we used to find the sessions is this one.
snmpwalk -v2c -c public 10.20.5.10 iso.3.6.1.2.1.6.13.1.1 |grep established
10.20.5.10 is the IP address of the switch.
10.20.2.198 is the IP address of the Procurve Manager server.
(we use version 2c of SNMP, version 1 may work for you)
An example of the output of this command is.
TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.17420 = INTEGER: established(5)
TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.28093 = INTEGER: established(5)
TCP-MIB::tcpConnState.
10.20.5.10.23.10.20.2.198.55296 = INTEGER: established(5)
We are only interested in the numbers in the above results, since they define the telnet sessions.
The command we used to close the telnet sessions is as follows.
snmpset -v2c -c public 10.20.5.10 iso.3.6.1.2.1.6.13.1.1.
10.20.5.10.23.10.20.2.198.55296 i 12
The result from this command was as follows.
TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.55296 = INTEGER: deleteTCB(12)
**NOTE** all the commands and results have been "word wrapped" and should be read as being on a single line.
All the above may well be munged and mangled by blog site formatting daemons. I will attempt to find a way of presenting it that displays it in a realistic way if that happens.
I have used the "public" SNMP community, in these examples, you may need to use a different one.
This is as much to help me recall how to do this as it is to help others, but I firmly believe that sharing solutions to problems will always be a part of my life. I constantly work on abundance thinking rather than scarcity thinking. It just makes life more enjoyable, and much less stressful.
Another post on the HP forums gave a different MIB to query, however after testing it, we ended up with the same result, just by a slightly different method.