Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

VLAN and IP Address Reporting

New Member
Posts: 5
5804     0

Is there a WAPI call that will list all VLANS, the number of IP Addresses that are Used and the number that are Unused?

Re: VLAN and IP Address Reporting

[ Edited ]
Superuser
Posts: 81
5804     0

Hello,

 

This request shall give you a list of vlans with assigned networks.

 

curl -k1 -u username:password -X GET "https://<GM_IP>/wapi/v2.10.1/vlan?_return_fields=id,name,assigned_to"

 

While there isn't a direct field to pull the *# of Total IP used* & *# of Total IP unused* within the *vlan* object schema, you may consider stripping the networks from the first call(Result from above)-> Find the DHCP/IPAM utilization for those networks(Using *network*/*ipam:statistics* objects) -> Do some sort of formatting to combine the result with the first one or may be two stats. I'm not taking that effort since i doubt it might not be what exactly you're looking for.

 

Best regards,

 

Re: VLAN and IP Address Reporting

New Member
Posts: 5
5804     0
Mohammed,

Thanks for your quick reply. I tried your suggestion, but the output from the command is an open and a closed bracket:
[]

This is what I entered:
curl -k1 -u usernameSmiley Tongueassword -X GET https://myFQDN/wapi/v2.10.5/vlan?_return_fields=id,name,assigned_to

Did I type something in wrong?

Re: VLAN and IP Address Reporting

[ Edited ]
Superuser
Posts: 81
5804     0

Hello,

 

You need to be in one of the latest versions of NIOS for this to work, because support for 'vlan' object doesn't seem to be available in older WAPI versions below 2.10. But apparently, 2.10.5 as what you use isn't supported by the schema(At least in my lab running 8.4.3). To get a list of supported versions according to your NIOS version, use :

 

https://<GM_IP_ADDRESS>/wapi/v1.0/?_schema

 

Replace your curl with one of the supported versions above 2.10 & the call should work. Now if you don't see versions above 2.10 in the schema(Output of call above), then it means that you're in one of the older NIOS versions & may need to consider an upgrade for this object support.

 

I hope this be helpful to you!

 

Best regards,

 

 

Re: VLAN and IP Address Reporting

New Member
Posts: 5
5804     0
Appreciate your help. We are running a version that should include the vlan object.
Command and abbreviated output is:

curl -k1 -u usernameSmiley Tongueassword -X GET https://FQDN/wapi/v2.10/?_schema=1
{
"requested_version": "2.10",
"supported_objects": [
"ad_auth_service",
.
.
"view",
"vlan",
"vlanrange",
"vlanview",
"supported_versions": [
"1.0",
"1.1",
.
.
"2.10",
"2.10.1",
"2.10.2",
"2.10.3",
"2.10.5",


I'm not sure why I cannot list the vlan object.

Re: VLAN and IP Address Reporting

[ Edited ]
Moderator
Moderator
Posts: 287
5804     0

Can you confirm you have VLANs configured in the grid?  I have just one in my lab here, VLAN id 102:

 

Screen Shot 2021-06-30 at 1.29.13 PM.png

 

Here's my call:

 

curl -k1 -u username:password -X GET "https://<gm ip>/wapi/v2.10.1/vlan?_return_fields=id,name,assigned_to"

Here's what I get as a response:

 

[
    {
        "_ref": "vlan/ZG5zLnZsYW4kLmNvbS5pbmZvYmxveC5kbnMudmxhbl92aWV3JFZMQU5zLjEuNDA5NC4xMDI:VLANs/HQ%20Data/102", 
        "assigned_to": [
            "network/ZG5zLm5ldHdvcmskMTAuMTAyLjAuMC8yMi8w:10.102.0.0/22/default"
        ], 
        "id": 102, 
        "name": "HQ Data"
    }
]                                                                                                             

Re: VLAN and IP Address Reporting

New Member
Posts: 5
5804     0
Thanks for your reply. I do not have access to the grid itself. I only have read-only access and can get info via curl commands. I also have access via PowerBI.

We use VLANS extensively in our environment, but none of the curl commands that I enter can find a specific reference to "vlan".

Re: VLAN and IP Address Reporting

Moderator
Moderator
Posts: 287
5804     0

You might be coming across a permissions issue?  Your account will need permissions to view the VLAN records in the grid database.

Re: VLAN and IP Address Reporting

[ Edited ]
Superuser
Posts: 81
5805     0

Hello,

 

I've replicated the outcome that you see with the call that i shared. Since you specified *Read-only* user, I suspected two problem :

 

1) The user account to which you're user account belongs to doesn't have API access. But this is not the case since the call response would be 401 - unauthorized.

 

2) Like what Matt said, your user group might not be permitted to access the VLANs within the grid. This is exactly when I saw the "[]" in response as what you see(Basically denotes no error/no response data since your user-account cannot see it). See the response below :

 

Read-only account WITHOUT Permission to VLANs :

┌──(toxicbird㉿toxicbird)-[~]
└─$ curl -k1 -u testuser:infoblox123 -X GET "https:/192.168.77.122/wapi/v2.10.1/vlan?_return_fields=id,name,assigned_to"
[]      

Read-only account WITH permitted access to VLANs :

┌──(toxicbird㉿toxicbird)-[~]
└─$ curl -k1 -u testuser:infoblox123 -X GET "https:/192.168.77.122/wapi/v2.10.1/vlan?_return_fields=id,name,assigned_to"
[
    {
        "_ref": "vlan/ZG5zLnZsYE4kLmNvbS5pbmZvYmxveC5kbnMudmxhbl9yYW5nZSRUFVNUSU5HLjEuMjAudmxhblRlc3RpbmsSYW5nZS4xLjIwLjE:TESTING/vlanTestingRange/ALMAN-VLAN-1/1", 
        "assigned_to": [
            "network/ZG5zLm5ldHdvcmskMTk4yOS4wLzI0LzA:192.168.29.0/24/default", 
            "network/ZG5zLm5ldHdvcmskMi4C8yNC8w:2.2.2.0/24/default"
        ], 
        "id": 1, 
        "name": "ALMAN-VLAN-1"
    }, 
    {
        "_ref": "vlan/ZG5zLnZsYbS5pbmZvYmxveC5kbnMudmxhbl9yYW5nZSRURVNUSU5HLjEuMjAudmxhblRlc3RpbmdSYW5nZS4xLjIwLjI:TESTING/vlanTestingRange/Alman-VLAN-2/2", 
        "id": 2, 
        "name": "Alman-VLAN-2"
    }
]  

 

To resolve this, you would need to sync up with your administrator & get this done :

 

1) Login to a superuser account(Your admin).

2) Go to Administration -> Administor -> Permissions.

3) Select YOUR user group from the groups listed in the center.

4) Click on the down arrow binded with "+" symbol right under the user/group/roles row -> Select "Global permissions".

5) Select "VLAN Permissions" from the drop down & give Read-only acces to three things : All VLAN Views/All VLAN Ranges/All VLAN objects -> Save & close.

 

Try the call again using your account & it should work this time, hopefully. Post additional errors, if any.

 

Best regards,

 

Re: VLAN and IP Address Reporting

New Member
Posts: 5
5805     0
I so appreciate you digging into this! I found out that we do not use the VLAN field. We store that datapoint in a different field, in which I didn't have permission to see either.

I have been granted the needed permissions and I can now see the VLANs!!!!

At this point, it seems like I just need to use PowerBI to calculate the number of IP Addresses that are USED and UNUSED for each VLAN.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You