cancel
Showing results for 
Search instead for 
Did you mean: 

Execute a script when a rule is used

Execute a script when a rule is used

Gaspard_W
New Contributor
Hello,

I'm working with NAC and so netlogin.

We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.

We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.

I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.

Thanks
Gaspard

38 REPLIES 38

Matthew_Helm1
Extreme Employee
If you are using LLDP as the trigger, and you turn on netlogin on a port, if I remember correctly, LLDP is disabled (as is EDP) at least for the processing of PDUs ingress. So, under that circumstance, your trigger for UPM won't work. EDP packets do originate from a port with netlogin enabled.

"^' means the beginning of the string. It is used in regular expression to match the OUI of MAC address which is the first 24-bit number that uniquely identifes a vendor or manufacturer. Extreme switches have a MAC address that begins with "00:04:96".

# set var EVENT.DEVICE_MAC 00:04:96:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
0
# set var EVENT.DEVICE_MAC 00:04:00:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
-1

In addition, I agree Matt that the "regexp" TCL function is more appropriate here since "EVENT.DEVICE_MAC" is not a list.

It might work better to use the regexp function. e.g.:

x205.35 # show var mac00:01:02:0A:0B:0C
x205.36 # set var t $TCL(regexp ^00:01:02 $mac)
x205.37 # show var t
1
x205.38 # set var t $TCL(regexp ^00:01:03 $mac)
x205.39 # show var t
0

So the lines could be:

set var m $TCL(regexp ^00:04:96 ${EVENT.DEVICE_MAC} )
if ($m) then

...

Hello,

I did some testing, and it seems that it doesn't see the MAC with that OUI.
I does the else statement, but not the if

Does the " ^ " make the OUI not work ? Seems like it doesn't match the switch's MAC, which has this OUI.

Thanks
GTM-P2G8KFN