Using EDP output in scripting

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Doesn't Need an Answer
I would like to use sh edp ports all in script to indentify trunk ports. 
Created script, loaded it and got error in that line. Is there some limitation to this?

"
...


set var CLI.OUT " "
show edp ports all
set var inputA $TCL(list ${CLI.OUT})
set var listA $TCL(split $inputA "\n")
set var countA $TCL(llength $listA)

....

"

BR
Davor
Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Devor

I tried this and it worked for me. Here's the output of running the script I added show statement to show what the var are. Unfortunately I did this on my VM so I didn't have any data.

Summit-PC.18 # enable cli scripting
Summit-PC.19 # enable cli scripting
Summit-PC.20 # set var CLI.OUT " "
Summit-PC.21 # show edp ports all

Port Neighbor Neighbor-ID Remote Age Num
Port Vlans
=============================================================================
Summit-PC.22 # set var inputA $TCL(list ${CLI.OUT})
Summit-PC.23 # set var listA $TCL(split $inputA "\n")
Summit-PC.24 # set var countA $TCL(llength $listA)
Summit-PC.25 # show var inputA
{
Port Neighbor Neighbor-ID Remote Age Num
Port Vlans
=============================================================================
}
Summit-PC.26 # show var listA
\{ {Port Neighbor Neighbor-ID Remote Age Num} { Port Vlans} ============================================================================= \}
Summit-PC.27 # show var countA
5
Summit-PC.28 #

Please let me know what your output is when you run this
Thanks
P
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Devor

I ran it again using my VM image in a virtual lab and here's the output running it as a script.  I have the show var commands still in there to show what is in each var statement.

Summit-PC.1 # tftp 192.168.56.1 -v vr-m -g -r testscript.xsf
Downloading testscript.xsf on primary Node ... done!
Summit-PC.2 # load script testscript
{
Port   Neighbor                       Neighbor-ID         Remote  Age    Num
                                                           Port         Vlans
=============================================================================
2      Summit-PC                 00:00:08:00:27:57:b0:6a   1:2    41     1
=============================================================================
}
\{ {Port   Neighbor                       Neighbor-ID         Remote  Age    Num} {                                                           Port         Vlans} ============================================================================= {2      Summit-PC                 00:00:08:00:27:57:b0:6a   1:2    41     1    } ============================================================================= \}
7
Summit-PC.3 #

Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
Hello,


I'm struggling with regxp that will read out output from “sh edp”. Currently using {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)}.
Could you help me defining how should regxp for reading out "sh edp ports all" output look like.

BR
Davor


Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Davor

what are you trying to get out of the script? 

the above looks like you are trying to get the MAC address or something

Thanks
P
Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
I would like to use and identify all fields and use them later on to mark my trunk ports using port description. Maybe even to disable edp on all ports except one that has edp enabled device connected. As template, i'm using Mr. Padilla's ELRPOn.xsf script. At final stage i would like to identify my trunk ports on all of my edge switches and enable dhcp snooping/trusted server. Configuration on dhcp snooping has differences on trunk and edge ports.

BR
Davor
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
So, to be clear, you want a script to check each port to see if an EDP neighbor is found, and if not, to "disable EDP" on that port. You then want a script to discover which ports are participating in sharing, and then "configure trusted-ports {ports} trust-for dhcp-server" on the master port. Presumably, you also want to "enable ip-security dhcp-snooping vlan..." on the ports not sharing nor having any EDP neighbor, correct? The last bit will require finding out the VLANs on those ports to enable dhcp-snooping on them. Is this an accurate summary? Will you be loading this script on each edge-switch only once?

Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
That is correct. Also would like to add description to each trunk port copying from EDP peer name. Tried modifying ELRPON.xsf script but it is not working as it should. I can send you what i made so far. 

Thing that dhcp-snoping script would be very valuable 

Thanks for help,

Davor
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Ok. I have a grab-bag of scripts that do something close to what you need. Let me crank something out and get it back to you.
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Great thanks Matt

Disclosure statement:
Davor any scripts that are written and posted on the Hub are best effort and must be validated by the user.  These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility.

If Matt posts some of his scripts know that neither he nor Extreme Networks are responsible for the ongoing operation of the script nor are we responsible for any outages or network issues caused by the script.  Use any script posted on this site as test scripts that must be validated before use in any production network by the user of the script.

I just want to make sure that everyone realizes these are not done as part of a true Professional Services scope.

Thanks
P
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Sorry to be a pain. I have the script, but I'm waiting for legal boilerplate to post it. I apologize for the delay, Davor.
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Davor,

Per the lawyers:

Any scripts that are written and posted on the Hub are provided “AS IS” with no warranty or representation as to its use.  Any use should be carefully considered and be validated by the user. These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility, and are not provided pursuant to any authorized services or professional services entitlement or obligation by Extreme Networks, its subsidiaries, agents or licensors.  In no event shall the poster nor Extreme Networks be responsible for the functionality of the script nor are we responsible for any outages or network issues caused by use or integration of the script, including any degradation of functionality of Extreme products or technology. It is strongly recommended that any use of scripts or other technical information posted on this site must be validated before use in any production network by the user of the script.

With that said:

disable clip
set var cli.out 0
show port no
set var s $TCL(split ${cli.out} "\n")
set var i 4
set var e $TCL(lsearch $s *D-Disabled*)
set var e ($e - 1)
while ($i < $e) do
   set var l $TCL(lindex $s $i)
   set var p $TCL(lindex $l 0)
   set var cli.out 0
   show edp port $p
   set var se $TCL(split ${cli.out} "\n")
   set var le $TCL(llength $se)
   if ($le < 7) then
      disable edp port $p
   endif
   set var cli.out 0
   show port $p info detail
   set var sp $TCL(split ${cli.out} "\n")
   set var l $TCL(lsearch $sp *Trunking:*)
   set var ln $TCL(lindex $sp $l)
   set var t $TCL(regexp {Master} $ln)
   if ($t == 1) then
      config trusted-port $p trust-for dhcp-server
   else
      set var t $TCL(regexp {Cfg} $l)
      if ($t != 1) then
         set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
         set var iv ($iv + 1)
         set var ev $TCL(lsearch $sp *STP\ cfg:*)
         set var ev ($ev - 1)
         while ($iv <$ev) do
            set var l $TCL(lindex $sp $iv)
            set var v $TCL(lindex $l 1)
            set var v $TCL(string map {, ""} $v)
            enable ip-security dhcp-snooping vlan $v port $p violation-action drop-packet block-mac permane
            set var iv ($iv + 2)
         endwhile
      endif
   endif
   set var i ($i + 1)
endwhile
delete var cli.out
delete var s
delete var i
delete var e
delete var l
delete var p
delete var se
delete var le
delete var sp
delete var ln
delete var t
delete var iv
delete var ev
delete var v
disable clip




Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
Hello,

Thanks for script you posted. I have tested it and found it has issues. Currently working on fixing your script and adding few more lines.

You did not added something like:
enable ip-security dhcp-snooping vlan xxx  port xx violation-action none
, for trunk ports.

Will get back to you when solve issues i'm having.

I can post my semi-working script,  based on Mr. Padilla's ELRPON script. 

BR
Davor
(Edited)
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Davon,

I forgot that that was necessary on the trunk/DHCP server ports.

You should simply have to add the following after the "config trusted-port $p trust-for dhcp-server" line:

      set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
      set var iv ($iv + 1)
      set var ev $TCL(lsearch $sp *STP\ cfg:*)
      set var ev ($ev - 1)
      while ($iv < $ev) do
         set var l $TCL(lindex $sp $iv)
         set var v $TCL(lindex $l 1)
         set var v $TCL(string map {, ""} $v)
         enable ip-security dhcp-snooping vlan $v port $p violation-action none
         set var iv ($iv + 2)
      endwhile

I haven't tested it, but it should work. Let me know if there are problems with it.

Are there other issues with the script?
Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
Per the lawyers:

Any scripts that are written and posted on the Hub are provided “AS IS” with no warranty or representation as to its use.  Any use should be carefully considered and be validated by the user. These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility, and are not provided pursuant to any authorized services or professional services entitlement or obligation by Extreme Networks, its subsidiaries, agents or licensors.  In no event shall the poster nor Extreme Networks be responsible for the functionality of the script nor are we responsible for any outages or network issues caused by use or integration of the script, including any degradation of functionality of Extreme products or technology. It is strongly recommended that any use of scripts or other technical information posted on this site must be validated before use in any production network by the user of the script.

With that said:
#@MetaDataStart#@DetailDescriptionStart
###############################################################################
#@DetailDescriptionEnd
enable cli scripting
disable cli-config-logging
disable clipaging
create log entry "**********Starting CLI Script**********"
###############################################################################
#@ScriptDescription "Short Script Description"
# @VariableFieldLabel "When this script encounters errors, do you wish to abort or ignore (abort or ignore)"
set var ynCliModeAbortEnabled abort
# @SeparatorLine
# Begin custom variable definitations
# set var addOrDelete $CLI.ARGV1
  set var addOrDelete 1
# End of custom variable definitations
#@MetaDataEnd
###############################################################################
#  CONFIGURATION DETAIL
###############################################################################
# ERROR HANDLING
###############################################################################
if (!$match($ynCliModeAbortEnabled,ignore)) then
 create log entry "CLI mode set for Ignore on error"
 configure cli mode scripting ignore-error
else
 create log entry "CLI mode set for abort on error"
 configure cli mode scripting abort-on-error
endif
###############################################################################
# Start of CLI Script (Enter the custom script code below)
###############################################################################
set var CLI.OUT " "
show edp ports all
set var inputA $TCL(list ${CLI.OUT})
set var listA $TCL(split $inputA "\n")
set var countA $TCL(llength $listA)
set var icountBack ($countA - 0)
set var icount 0

#
while ($icount < $icountBack) do
 set var findIt $TCL(lindex $listA $icount)
 set var findTrunkPorts $TCL(regexp {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)} $findIt)
 set var findEnd $TCL(regexp {configure\sqosprofile} $findIt)

if ($findTrunkPorts == 1) then
  set var vlanNameOnly $TCL(regexp -inline {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)} $findIt)
  set var value0 $TCL(lindex $vlanNameOnly 0)
  set var value1 $TCL(lindex $vlanNameOnly 1)
  set var value3 $TCL(lindex $vlanNameOnly 3)
  if ($addOrDelete == 1) then
    configure ports $(value0) display-string Trunk_$(value1)_$(value3)
  endif
  if ($addOrDelete == 0) then
    create log entry "NO TURUNK PORTS"
  endif
endif
#
if ($findEnd == 1) then
  set var icount ($icountBack)
endif
  set var icount ($icount + 1)
endwhile
#
if ($VAREXISTS(CLI.OUT)) then 
 delete var CLI.OUT
endif
if ($VAREXISTS(inputA)) then 
 delete var inputA
endif
if ($VAREXISTS(listA)) then 
 delete var listA
endif
if ($VAREXISTS(countA)) then 
 delete var countA
endif
if ($VAREXISTS(icount)) then 
 delete var icount
endif
if ($VAREXISTS(findEnd)) then 
 delete var findEnd
endif
if ($VAREXISTS(findIt)) then 
 delete var findIt
endif
if ($VAREXISTS(icountBack)) then 
 delete var icountBack
endif
if ($VAREXISTS(value0)) then 
 delete var value0
endif
if ($VAREXISTS(value1)) then 
 delete var value1
endif
if ($VAREXISTS(value3)) then 
 delete var value3
endif
if ($VAREXISTS(vlanNameOnly)) then 
 delete var vlanNameOnly
endif
if ($VAREXISTS(findTrunkPorts)) then 
 delete var findTrunkPorts
endif
if ($VAREXISTS(printCommand)) then 
 delete var printCommand
endif
if ($VAREXISTS(addOrDelete)) then 
 delete var addOrDelete
endif
if ($VAREXISTS(ynCliModeAbortEnabled)) then 
 delete var ynCliModeAbortEnabled
endif
###############################################################################
# End of CLI Script
###############################################################################
create log entry "**********Finshed running CLI Script**********"
enable clipaging
disable cli-config-logging
disable cli scripting



Photo of Davor

Davor

  • 162 Points 100 badge 2x thumb
Hello,

I have tested script but it does not work. 

I nested piece of scrip in right position?


***************


disable clipset var cli.out 0
show port no
set var s $TCL(split ${cli.out} "\n")
set var i 4
set var e $TCL(lsearch $s *D-Disabled*)
set var e ($e - 1)
while ($i < $e) do
   set var l $TCL(lindex $s $i)
   set var p $TCL(lindex $l 0)
   set var cli.out 0
   show edp port $p
   set var se $TCL(split ${cli.out} "\n")
   set var le $TCL(llength $se)
   if ($le < 7) then
      disable edp port $p
   endif
   set var cli.out 0
   show port $p info detail
   set var sp $TCL(split ${cli.out} "\n")
   set var l $TCL(lsearch $sp *Trunking:*)
   set var ln $TCL(lindex $sp $l)
   set var t $TCL(regexp {Master} $ln)
   if ($t == 1) then
      config trusted-port $p trust-for dhcp-server
 set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
      set var iv ($iv + 1)
      set var ev $TCL(lsearch $sp *STP\ cfg:*)
      set var ev ($ev - 1)
      while ($iv < $ev) do
         set var l $TCL(lindex $sp $iv)
         set var v $TCL(lindex $l 1)
         set var v $TCL(string map {, ""} $v)
         enable ip-security dhcp-snooping vlan $v port $p violation-action none
         set var iv ($iv + 2)
      endwhile
   else
      set var t $TCL(regexp {Cfg} $l)
      if ($t != 1) then
         set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
         set var iv ($iv + 1)
         set var ev $TCL(lsearch $sp *STP\ cfg:*)
         set var ev ($ev - 1)
         while ($iv <$ev) do
            set var l $TCL(lindex $sp $iv)
            set var v $TCL(lindex $l 1)
            set var v $TCL(string map {, ""} $v)
            enable ip-security dhcp-snooping vlan $v port $p violation-action drop-packet block-mac permane
            set var iv ($iv + 2)
         endwhile
      endif
   endif
   set var i ($i + 1)
endwhile
delete var cli.out
delete var s
delete var i
delete var e
delete var l
delete var p
delete var se
delete var le
delete var sp
delete var ln
delete var t
delete var iv
delete var ev
delete var v
disable clip


****************


I have on my LINK / TRUNK ports one untag network (Vlan Default) that i use as my control/admin vlan for accesing switches. Script is adding "drop-packet block-mac permane" to that vlan and it should not.
Script should detect Trunk ports and all vlan that are defined on that port should have "enable ip-security dhcp-snooping vlaxxx port xx violation-action none". Also on that port i would like to have port description "Trunk-(remote sw name)", so i can use that later on for grouping in RIdgeline"

BR
Davor

PS 

Thanks for your help..

Photo of Gaspard W

Gaspard W

  • 424 Points 250 badge 2x thumb
Hello,

I've been reading all the posts and I'm still confused.

What is the simplest way to basically get the output of the show edp

My case is :
- Check if there is a switch connected on that port
- if there is, execute the if part, otherwise execute the else part.

If you can help me quickly, that'd be great

thanks
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
This is simply to check if any edp neighbor exists.

set var cli.out 0
show edp ports all | in "^[0-9]+"
set var t $tcl(split ${cli.out} "\n")
set var n $tcl(llength $t)

if ($n > 1) then
   .....
else
   .....
endif
Photo of Gaspard W

Gaspard W

  • 424 Points 250 badge 2x thumb
With your script and after some investigation, I did

enable cli scripting
set var CLI.OUT 0
set var PORT 22                                   ( that's for testing)
show edp ports $PORT | i $PORT
set var gigi  $TCL(lrange ${CLI.OUT} 7 7)
show edp ports $PORT | i $PORT
set var gigi2  $TCL(lrange ${CLI.OUT} 0 0)

if ($gigi == $PORT || $gigi2 == $PORT) then       (Depends on CLI or netsight application)
create log message "IF statement"
Else
create log message "ELSE statement"
endif


Thanks :)