Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).

## [Unreleased]
### Added
- tplink: add simulation data and unit tests for the TP-Link DeltaStream DS-P7001-08 GPON OLT (@Vantomas)

### Changed
- tplink: use `\r\n` as the line terminator in pre_logout, required for the model unit tests to work (@Vantomas)

### Fixed

Expand Down
75 changes: 75 additions & 0 deletions docs/Model-Notes/TPLink.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# TP-Link Configuration

The `tplink` model is used for TP-Link JetStream managed switches and the
DeltaStream GPON OLT. The notes below apply to all of them.

## SSH authentication: avoid public-key authentication

Some TP-Link devices (the DeltaStream GPON OLT for example) **abort the SSH
connection if the client attempts public-key authentication before the
password**. By default net-ssh offers any key from the SSH agent or the default
identity files first, so when the Oxidized host has SSH keys the device closes the
connection before the password is ever tried:

```text
connection closed by remote host (Net::SSH::Disconnect)
```

This is why the same device may connect fine from one host (no SSH keys) and fail
from another (keys present). Tell Oxidized to skip `publickey` with the
`auth_methods` variable (see [SSH Auth Methods](../Inputs.md#ssh-auth-methods)).
It can be set globally, by group, by model or by node, e.g. for every `tplink`
device:

```yaml
models:
tplink:
vars:
auth_methods: ["none", "password"]
```

### Capturing a simulation with device2yaml.rb

`extra/device2yaml.rb` has no `auth_methods` option, but net-ssh reads
`~/.ssh/config`, so add a host block for the device to force password
authentication:

```text
Host <device-ip>
PreferredAuthentications password
PubkeyAuthentication no
```

This CLI also submits a command only on a carriage return, so run device2yaml with
`-n '\r\n'`; otherwise the commands are echoed but never executed.

## Enable mode

Devices such as the DeltaStream GPON OLT only expose their configuration in
privileged (enable) mode. The model enters enable mode through the standard
`enable` variable:

- `enable: true` — switch to enable with **no** password (TP-Link devices enable
without a password by default).
- `enable: <password>` — switch to enable and send `<password>` when prompted.

Set it globally, per model or per node, e.g. in the configuration:

```yaml
models:
tplink:
vars:
enable: true
```

or as the 6th column of a CSV `router.db` line (the CSV source maps the string
`true` to the boolean `true`):

```text
tplink-olt:tplink:10.0.0.1:admin:secret:true
```

Without the `enable` variable the model stays in user mode (`>`) and privileged
commands return `Error: Bad command`.

Back to [Model-Notes](README.md)
1 change: 1 addition & 0 deletions docs/Supported-OS-Types.md
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@
|Trango Systems |Trango |[trango](/lib/oxidized/model/trango.rb)
|TrueNAS |TrueNAS |[truenas](/lib/oxidized/model/truenas.rb)
|TPLink |TPLink |[tplink](/lib/oxidized/model/tplink.rb)
| |DeltaStream GPON OLT |[tplink](/lib/oxidized/model/tplink.rb) |@Vantomas |[TPLink](Model-Notes/TPLink.md)|
| |TL-SL5428 |[edgecos](/lib/oxidized/model/edgecos.rb)
| |TL-SL3428 |[powerconnect](/lib/oxidized/model/powerconnect.rb)
|Ubiquiti |AirOS |[airos](/lib/oxidized/model/airos.rb)
Expand Down
4 changes: 2 additions & 2 deletions lib/oxidized/model/tplink.rb
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,8 @@ class TPLink < Oxidized::Model
end

pre_logout do
send "exit\r"
send "logout\r"
send "exit\r\n"
send "logout\r\n"
end
end
end
179 changes: 179 additions & 0 deletions spec/model/data/tplink#DS-P7001-08_1.0.0#output.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
! System Location - RT_081
! Contact Information - EMAILREMOVED
! Hardware Version - DS-P7001-08 1.0
! Software Version - 1.0.0 Build 20210907 Rel.69162
! Bootloader Version - TP-LINK BOOTUTIL(v1.0.0)
! Mac Address - MA-CR-EM-OV-ED-00
! Serial Number - SNREMOVED
! System Time - <stripped>
!DS-P7001-08
vlan 1921
name "Klienti"
hostname "RT_081-TPLink_OLT"
location "RT_081"
contact-info "EMAILREMOVED"
serial_port baud_rate 38400
logging host index 1 10.88.200.24 6
system-time ntp UTC+01:00 10.88.1.3 139.78.100.163 12
system-time dst predefined Europe
user name admin privilege admin secret 5 PASSREMOVED
no service reset-disable
ip ssh server
spanning-tree
spanning-tree mode rstp
lldp
ip route 0.0.0.0 0.0.0.0 10.88.81.129
loopback-detection
dba-profile profile-id 0 profile-name default type4 max 1024000
dba-profile profile-id 10 profile-name dba-profile_10 type4 max 1024000
ont-srvprofile gpon profile-id 0 profile-name default
mac-learning
native-vlan unconcern
multicast-mode unconcern
multicast-forward unconcern
ont-port eth adaptive 4
port priority-policy eth 1 unconcern
port igmp-forward eth 1 unconcern
port q-in-q eth 1 unconcern
port eth 1 max-mac-count unlimited
port priority-policy eth 2 unconcern
port igmp-forward eth 2 unconcern
port q-in-q eth 2 unconcern
port eth 2 max-mac-count unlimited
port priority-policy eth 3 unconcern
port igmp-forward eth 3 unconcern
port q-in-q eth 3 unconcern
port eth 3 max-mac-count unlimited
port priority-policy eth 4 unconcern
port igmp-forward eth 4 unconcern
port q-in-q eth 4 unconcern
port eth 4 max-mac-count unlimited
ont-port pots adaptive 2
ont-srvprofile gpon profile-id 11 profile-name srv-profile_vlan1921
mac-learning
native-vlan concern
multicast-mode unconcern
multicast-forward unconcern
ont-port eth adaptive 4
port priority-policy eth 1 unconcern
port igmp-forward eth 1 unconcern
port q-in-q eth 1 unconcern
port eth 1 max-mac-count unlimited
port priority-policy eth 2 unconcern
port igmp-forward eth 2 unconcern
port q-in-q eth 2 unconcern
port eth 2 max-mac-count unlimited
port priority-policy eth 3 unconcern
port igmp-forward eth 3 unconcern
port q-in-q eth 3 unconcern
port eth 3 max-mac-count unlimited
port priority-policy eth 4 unconcern
port igmp-forward eth 4 unconcern
port q-in-q eth 4 unconcern
port eth 4 max-mac-count unlimited
ont-port pots adaptive 2
ont-lineprofile gpon profile-id 0 profile-name default
no fec-upstream
mapping-mode vlan
omcc encrypt
tcont 1 dba-profile-id 0
gem add 1 tcont 1 encrypt enable
gem mapping 1 1 vlan-untag
ont-lineprofile gpon profile-id 10 profile-name line-profile_10
fec-upstream
mapping-mode vlan
omcc encrypt
tcont 4 dba-profile-id 10
gem add 11 tcont 4 encrypt enable
gem mapping 11 1 vlan 1921
service-port 1 config gpon 1/0/1 ont 0 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 2 config gpon 1/0/1 ont 0 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate adminstatus disable statistic-performance enable
service-port 3 config gpon 1/0/1 ont 1 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 4 config gpon 1/0/1 ont 2 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 5 config gpon 1/0/1 ont 3 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 6 config gpon 1/0/1 ont 4 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 7 config gpon 1/0/1 ont 5 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 8 config gpon 1/0/1 ont 6 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 9 config gpon 1/0/1 ont 7 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate
service-port 10 config gpon 1/0/1 ont 8 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 11 config gpon 1/0/1 ont 9 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 12 config gpon 1/0/1 ont 10 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 13 config gpon 1/0/1 ont 11 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 14 config gpon 1/0/1 ont 12 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 15 config gpon 1/0/1 ont 13 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 16 config gpon 1/0/1 ont 14 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 17 config gpon 1/0/1 ont 15 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
service-port 19 config gpon 1/0/1 ont 17 gem-id 11 svlan 1921 user-vlan 1921 tag-action translate statistic-performance enable
interface port-channel 1
switchport general allowed vlan 1921 tagged
spanning-tree
interface gpon 1/0/1
downstream-fec
ont auto-auth authmode sn-auth
ont add 0 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 1 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 2 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 3 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 4 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 5 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 6 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 7 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 8 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 9 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 10 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 11 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 12 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 13 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 14 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 15 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont add 17 sn-auth TPLG-BA123456 desc "Klient" ont-lineprofile-id 10 ont-srvprofile-id 11
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
ont port attribute 0 eth 1 admin-status enable
interface gpon 1/0/2
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/3
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/4
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/5
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/6
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/7
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface gpon 1/0/8
ont auto-auth authmode sn-auth
ont auto-auth rule 1 ont-lineprofile-id 0 ont-srvprofile-id 0
interface management 1
ip address 192.168.1.1 255.255.255.0
ipv6 enable
interface vlan 1
ip address 192.168.0.1 255.255.255.0
ipv6 enable
dpms interface-id 1
interface vlan 1921
ip address 10.88.81.130 255.255.255.128
no ipv6 enable
interface ten-gigabitEthernet 1/0/1
speed 1000
duplex full
switchport general allowed vlan 1921 tagged
spanning-tree
channel-group 1 mode active
interface ten-gigabitEthernet 1/0/2
speed 1000
duplex full
switchport general allowed vlan 1921 tagged
spanning-tree
channel-group 1 mode active
interface gigabitEthernet 1/0/3
switchport general allowed vlan 1921 tagged
spanning-tree
channel-group 1 mode active
end
4 changes: 4 additions & 0 deletions spec/model/data/tplink#DS-P7001-08_1.0.0#secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
fail:
- 'PASSREMOVED'
pass:
- 'user name admin privilege admin <secret hidden>'
Loading