Cable theft monitoring

I work in an Internet provider, in one of the districts of the city they often began to cut a copper 25 pair cable.
To attackers, everything is simple - I went into the staircase, went up to the top floor, cut the cable and pulled it out of the pipes, you can twist and sell it. The fact of theft will be noticeable only when the installers arrive to the call from dissatisfied subscribers. The management set the task - to come up with how to deal with this, and naturally, without additional. costs.
After going through the forums, the general principle was this: we make a loop on the last pair and connect it to the first port of the switch, if the thieves cut the cable, the link disappears. In theory, everything is simple, but a long search for a “chewed” solution did not give a result.


During real tests, it turned out that for 2-core 10Mbit wires, the link on the port does not even go up to 10Mb_Half(Dlink switches), it really worked only on 4 cores, i.e. you need to use the last 2 pairs in the cable.
So, we take 4 wires from the cable (the last 2 pairs) at one end of the cable and twist them, twist 1 and 4 wires, 2 and 3 wires, then at the other end we crimp the connector 1,2,3 core in order 1- 3 pin, and the 4th core in the 6th pin



On the switches, select a separate vlan for the monitoring port (used the 1st port) and hard-set the speed on the port 10Mb_Half
create vlan vlan1234 tag 1234
config vlan vlan1234 add untagged 1
config ports 1 speed 10_half

We connect the cable to the 1st port, Link UP is fine, now it remains to monitor the port on / off event and inform the services about it. Initially, I wanted to catch SNMP traps, but even on the same vendor on different models and firmware they work differently using different OIDs. Also, traps for link changes come constantly, even when the port status does not change. Therefore, I decided that it would be more logical to poll the switches by SNMP myself after a certain period of time (60 seconds). OIDs for requesting the status of a port link are standardized in the RFC (for the first port 1.3.6.1.2.1.2.2.1.8.1 ).

In order for the switch to give the link status value, SNMP must be configured on it
create snmp group cable v2c read_view CommunityView notify_view CommunityView
create snmp community cable view CommunityView read_only

Next, it was necessary to decide what to monitor, an article on Zabbix on Habré helped a lot here , especially since we use Zabbix anyway. First, create a template in Zabbix,
create a CableState_zabbix_template.xml file with the following contents (the generator from the same article was used, leaving only the trigger for changing the link):
The code
01127.0.0.11005030127.0.0.162302TemplatesStatus port 1607365000000cable1.3.6.1.2.1.2.2.1.8.116100Port 1 status down (CABLE CUT!!!) on {HOSTNAME}0{CableState:ifOperStatus.1.last(0)}=203


After that, go to Zabbix, select Settings-> Templates-> Import Template
Select the created CableState_zabbix_template.xml file
Next, in the Network Nodes, we find or add the node we need, where the cable will be monitored, in its settings, select Attached Templates - Add - Save CableState .

That's it, now in Zabbix Monitoring events of the 1st port shutdown will be displayed
Messages of the form:
Port 1 status down (CABLE CUT !!!) on 10.20.123.123

If this is not enough, set up a notification by trigger on the mail
Go to Settings-> Actions- > Create actions We
configure something like this:

In the action itself, you can choose to send to the user / user group
As a result, letters of the form will come:
2013.07.29 - 15:55:39
Port 1 status down (CABLE CUT !!!) on 10.20.123.123: 10.20.123.123

Now it remains only to decide who to send notifications to and what to do next - call 02 / Chop'am or on-duty installers ...

Also popular now: