What does this script most likely do?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello, everybody!

I have a script on all my switches:

create upm profile blackhole1set var portb 0
set var portb $TCL(string range ${EVENT.LOG_PARAM_0} 36 39)
disable port $portb
create log entry "Port $portb blocked by UPM"
delete var portb

Do you have any idea what could it do? Blocks a port? For what reason?

Many thanks in advance,

Ilya
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Michal Rz

Michal Rz

  • 742 Points 500 badge 2x thumb
show us,
sh configuration upm
maybe there is something more?
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Please, take a look at the output:

Slot-1 sw-514-1.6 # sh conf upm#
# Module upm configuration.
#
create upm profile blackhole1
set var portb 0
set var portb $TCL(string range ${EVENT.LOG_PARAM_0} 36 39)
disable port $portb
create log entry "Port $portb blocked by UPM"
delete var po
.
create upm profile mac_move
set var portb1 0
set var portb2 0
set var mac 0
set var portb1 $EVENT.LOG_PARAM_2
set var portb2 $EVENT.LOG_PARAM_3
set var mac $EVENT.LOG_PARAM_0
disable port $portb1
disable port $portb2
create log entry "Port $portb1 and $portb2 was disabled by UPM sript (mac_move), flapping MAC is $mac "
delete var portb1
delete var portb2
delete var
.
Photo of Hagemann, Olaf

Hagemann, Olaf, Employee

  • 1,306 Points 1k badge 2x thumb
It blocks a port. The port number is delivered through a TCL script out of an event log entry. What is missing is the trigger for the script which regularly is an event filter.
Before we added the feature in ELRP to disable a port once a loop is detected, we could just create log entries that a loop is detected. Hence there were a lot of customers who triggered a script by this log entry and disabled the port. Just an idea.
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb

Yes, this script is to disable a port.

As Hagemann already mentioned, there should be a configuration under "ems" section that will triger this UPM profile.

If you could provide ems configuration, then we could know the reason.


"set var portb $TCL(string range ${EVENT.LOG_PARAM_0} 36 39)"

With above line, the port number to block (disable) would be extracted from the log message, and then, the port is disabled by "disable port $portb" line.

Lastly, this UPM generates system log message as a result of above behavior by:

"create log entry "Port $portb blocked by UPM"

If this UPM is executed successfully, then there should be log message in the switch with string "Port <port> blocked by UPM".

Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hello, David,

please, take a look at the output:

* Slot-1 sw-514-1.6 # sh conf "ems"
#
# Module ems configuration.
#
create log filter blackhole
create log filter cfg_save
create log filter mac_move
configure log filter DefaultFilter add events All severity warning
configure log filter DefaultFilter add events FDB.FdbNotice
configure log filter DefaultFilter add events Kern.Info
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add exclude events FDB.FdbNotice match string "Failed to flush FDB for VPIF"
configure log filter DefaultFilter add exclude events vlan.ack.warn match string "No ack returned"
configure log filter DefaultFilter add exclude events vlan.msgs.portLinkStateDown
configure log filter DefaultFilter add exclude events vlan.msgs.portLinkStateUp
configure log filter DefaultFilter add exclude events HAL.IPv4Adj.Warning match string "# L3 hash table entries already 0."
configure log filter blackhole add events FDB.FdbNotice match string "blackholed"
configure log filter cfg_save add events cli.logRemoteCmd match string "save"
configure log filter mac_move add events FDB.MACTracking.MACMove
enable log target console
configure syslog add 192.168.251.1:514 vr VR-Default local7
enable log target syslog 192.168.251.1:514 vr VR-Default local7
configure log target syslog 192.168.251.1:514 vr VR-Default local7 filter DefaultFilter severity Info
configure log target syslog 192.168.251.1:514 vr VR-Default local7 match Any
configure log target syslog 192.168.251.1:514 vr VR-Default local7 format timestamp hundredths date dd-mm-yyyy event-name none host-name
create log target upm blackhole1
enable log target upm blackhole1
configure log target upm blackhole1 filter blackhole severity Notice only
create log target upm tftp-save
enable log target upm tftp-save
configure log target upm tftp-save filter cfg_save severity Info
create log target upm mac_move
enable log target upm mac_move
configure log target upm mac_move filter mac_move severity Notice only
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
Hi Ilya,

When I look at the "ems" configuration you pasted here and above UPM configuration you replied to Michal post, it looks like there are two UPM profiles in the switch. The "blackhole1" is UPM profile for FDB blackhole and the "mac_move" is UPM profile for MAC-tracking.

For the "blackhole1" UPM profile, I assume there may be a configuration related with FDB blackhole feature in the switch (e.g. making blackhole MAC addresses when exceeding MAC-limit configured). So if there is those kind of event related FDB blackhole so that "FDB.FdbNotice" log with string "blackholed" is logged, then the "blackhole1" UPM is triggered and executed. The action of this UPM profile is "disabling the port" as I told already.

For the "mac_move" UPM profile, when mac movement is detected by the "MAC tracking" feature in EXOS, then "FDB.MACTracking.MACMove" system log will be logged with port number where the MAC move is detected. Then, the "mac_move" UPM will be executed and follow the actions specified in the UPM profile (disable port 1, port 2 and generate log message).

Following is sample log of MACMove:

<Noti:FDB.MACTracking.MACMove> MM-A: The MAC address <MAC> on VLAN "PC_125" has moved from port 6:1 to port 1:38
(Edited)