Question

Using EDP output in scripting


I would like to use sh edp ports all in script to indentify trunk ports.
Created script, loaded it and got error in that line. Is there some limitation to this?

"
...

set var CLI.OUT " "
show edp ports all
set var inputA $TCL(list ${CLI.OUT})
set var listA $TCL(split $inputA "\n")
set var countA $TCL(llength $listA)

....

"

BR
Davor

18 replies

Userlevel 6
Hey Devor I tried this and it worked for me. Here's the output of running the script I added show statement to show what the var are. Unfortunately I did this on my VM so I didn't have any data. Summit-PC.18 # enable cli scripting Summit-PC.19 # enable cli scripting Summit-PC.20 # set var CLI.OUT " " Summit-PC.21 # show edp ports all Port Neighbor Neighbor-ID Remote Age Num Port Vlans ============================================================================= Summit-PC.22 # set var inputA $TCL(list ${CLI.OUT}) Summit-PC.23 # set var listA $TCL(split $inputA "\n") Summit-PC.24 # set var countA $TCL(llength $listA) Summit-PC.25 # show var inputA { Port Neighbor Neighbor-ID Remote Age Num Port Vlans ============================================================================= } Summit-PC.26 # show var listA \{ {Port Neighbor Neighbor-ID Remote Age Num} { Port Vlans} ============================================================================= \} Summit-PC.27 # show var countA 5 Summit-PC.28 # Please let me know what your output is when you run this Thanks P
Userlevel 6
Hey Devor

I ran it again using my VM image in a virtual lab and here's the output running it as a script. I have the show var commands still in there to show what is in each var statement.

Summit-PC.1 # tftp 192.168.56.1 -v vr-m -g -r testscript.xsf
Downloading testscript.xsf on primary Node ... done!
Summit-PC.2 # load script testscript
{
Port Neighbor Neighbor-ID Remote Age Num
Port Vlans
=============================================================================
2 Summit-PC 00:00:08:00:27:57:b0:6a 1:2 41 1
=============================================================================
}
\{ {Port Neighbor Neighbor-ID Remote Age Num} { Port Vlans} ============================================================================= {2 Summit-PC 00:00:08:00:27:57:b0:6a 1:2 41 1 } ============================================================================= \}
7
Summit-PC.3 #
Hello,
I'm struggling with regxp that will read out output from “sh edp”. Currently using {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)}.
Could you help me defining how should regxp for reading out "sh edp ports all" output look like.

BR
Davor
Userlevel 6
Hey Davor

what are you trying to get out of the script?

the above looks like you are trying to get the MAC address or something

Thanks
P
I would like to use and identify all fields and use them later on to mark my trunk ports using port description. Maybe even to disable edp on all ports except one that has edp enabled device connected. As template, i'm using Mr. Padilla's ELRPOn.xsf script. At final stage i would like to identify my trunk ports on all of my edge switches and enable dhcp snooping/trusted server. Configuration on dhcp snooping has differences on trunk and edge ports.

BR
Davor
Userlevel 4
So, to be clear, you want a script to check each port to see if an EDP neighbor is found, and if not, to "disable EDP" on that port. You then want a script to discover which ports are participating in sharing, and then "configure trusted-ports {ports} trust-for dhcp-server" on the master port. Presumably, you also want to "enable ip-security dhcp-snooping vlan..." on the ports not sharing nor having any EDP neighbor, correct? The last bit will require finding out the VLANs on those ports to enable dhcp-snooping on them. Is this an accurate summary? Will you be loading this script on each edge-switch only once?
That is correct. Also would like to add description to each trunk port copying from EDP peer name. Tried modifying ELRPON.xsf script but it is not working as it should. I can send you what i made so far.

Thing that dhcp-snoping script would be very valuable

Thanks for help,

Davor
Userlevel 4
Ok. I have a grab-bag of scripts that do something close to what you need. Let me crank something out and get it back to you.
Userlevel 6
Great thanks Matt

Disclosure statement:
Davor any scripts that are written and posted on the Hub are best effort and must be validated by the user. These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility.

If Matt posts some of his scripts know that neither he nor Extreme Networks are responsible for the ongoing operation of the script nor are we responsible for any outages or network issues caused by the script. Use any script posted on this site as test scripts that must be validated before use in any production network by the user of the script.

I just want to make sure that everyone realizes these are not done as part of a true Professional Services scope.

Thanks
P
Userlevel 4
Sorry to be a pain. I have the script, but I'm waiting for legal boilerplate to post it. I apologize for the delay, Davor.
Userlevel 4
Davor,

Per the lawyers:

Any scripts that are written and posted on the Hub are provided “AS IS” with no warranty or representation as to its use. Any use should be carefully considered and be validated by the user. These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility, and are not provided pursuant to any authorized services or professional services entitlement or obligation by Extreme Networks, its subsidiaries, agents or licensors. In no event shall the poster nor Extreme Networks be responsible for the functionality of the script nor are we responsible for any outages or network issues caused by use or integration of the script, including any degradation of functionality of Extreme products or technology. It is strongly recommended that any use of scripts or other technical information posted on this site must be validated before use in any production network by the user of the script.

With that said:

disable clip
set var cli.out 0
show port no
set var s $TCL(split ${cli.out} "\n")
set var i 4
set var e $TCL(lsearch $s *D-Disabled*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var p $TCL(lindex $l 0)
set var cli.out 0
show edp port $p
set var se $TCL(split ${cli.out} "\n")
set var le $TCL(llength $se)
if ($le < 7) then
disable edp port $p
endif
set var cli.out 0
show port $p info detail
set var sp $TCL(split ${cli.out} "\n")
set var l $TCL(lsearch $sp *Trunking:*)
set var ln $TCL(lindex $sp $l)
set var t $TCL(regexp {Master} $ln)
if ($t == 1) then
config trusted-port $p trust-for dhcp-server
else
set var t $TCL(regexp {Cfg} $l)
if ($t != 1) then
set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
set var iv ($iv + 1)
set var ev $TCL(lsearch $sp *STP\ cfg:*)
set var ev ($ev - 1)
while ($iv <$ev) do
set var l $TCL(lindex $sp $iv)
set var v $TCL(lindex $l 1)
set var v $TCL(string map {, ""} $v)
enable ip-security dhcp-snooping vlan $v port $p violation-action drop-packet block-mac permane
set var iv ($iv + 2)
endwhile
endif
endif
set var i ($i + 1)
endwhile
delete var cli.out
delete var s
delete var i
delete var e
delete var l
delete var p
delete var se
delete var le
delete var sp
delete var ln
delete var t
delete var iv
delete var ev
delete var v
disable clip
Hello,

Thanks for script you posted. I have tested it and found it has issues. Currently working on fixing your script and adding few more lines.

You did not added something like:
enable ip-security dhcp-snooping vlan xxx port xx violation-action none
, for trunk ports.

Will get back to you when solve issues i'm having.

I can post my semi-working script, based on Mr. Padilla's ELRPON script.

BR
Davor
Userlevel 4
Davor wrote:

Hello,

Thanks for script you posted. I have tested it and found it has issues. Currently working on fixing your script and adding few more lines.

You did not added something like:
enable ip-security dhcp-snooping vlan xxx port xx violation-action none
, for trunk ports.

Will get back to you when solve issues i'm having.

I can post my semi-working script, based on Mr. Padilla's ELRPON script.

BR
Davor

Davon,

I forgot that that was necessary on the trunk/DHCP server ports.

You should simply have to add the following after the "config trusted-port $p trust-for dhcp-server" line:

set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
set var iv ($iv + 1)
set var ev $TCL(lsearch $sp *STP\ cfg:*)
set var ev ($ev - 1)
while ($iv < $ev) do
set var l $TCL(lindex $sp $iv)
set var v $TCL(lindex $l 1)
set var v $TCL(string map {, ""} $v)
enable ip-security dhcp-snooping vlan $v port $p violation-action none
set var iv ($iv + 2)
endwhile

I haven't tested it, but it should work. Let me know if there are problems with it.

Are there other issues with the script?
Per the lawyers:

Any scripts that are written and posted on the Hub are provided “AS IS” with no warranty or representation as to its use. Any use should be carefully considered and be validated by the user. These scripts, regardless of who writes them, assume that the user accepts all of the risk and responsibility, and are not provided pursuant to any authorized services or professional services entitlement or obligation by Extreme Networks, its subsidiaries, agents or licensors. In no event shall the poster nor Extreme Networks be responsible for the functionality of the script nor are we responsible for any outages or network issues caused by use or integration of the script, including any degradation of functionality of Extreme products or technology. It is strongly recommended that any use of scripts or other technical information posted on this site must be validated before use in any production network by the user of the script.

With that said:
#@MetaDataStart#@DetailDescriptionStart
###############################################################################
#@DetailDescriptionEnd
enable cli scripting
disable cli-config-logging
disable clipaging
create log entry "**********Starting CLI Script**********"
###############################################################################
#@ScriptDescription "Short Script Description"
#@VariableFieldLabel "When this script encounters errors, do you wish to abort or ignore (abort or ignore)"
set var ynCliModeAbortEnabled abort
#@SeparatorLine
# Begin custom variable definitations
# set var addOrDelete $CLI.ARGV1
set var addOrDelete 1
# End of custom variable definitations
#@MetaDataEnd
###############################################################################
# CONFIGURATION DETAIL
###############################################################################
# ERROR HANDLING
###############################################################################
if (!$match($ynCliModeAbortEnabled,ignore)) then
create log entry "CLI mode set for Ignore on error"
configure cli mode scripting ignore-error
else
create log entry "CLI mode set for abort on error"
configure cli mode scripting abort-on-error
endif
###############################################################################
# Start of CLI Script (Enter the custom script code below)
###############################################################################
set var CLI.OUT " "
show edp ports all
set var inputA $TCL(list ${CLI.OUT})
set var listA $TCL(split $inputA "\n")
set var countA $TCL(llength $listA)
set var icountBack ($countA - 0)
set var icount 0
#
#
while ($icount < $icountBack) do
set var findIt $TCL(lindex $listA $icount)
set var findTrunkPorts $TCL(regexp {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)} $findIt)
set var findEnd $TCL(regexp {configure\sqosprofile} $findIt)
#
if ($findTrunkPorts == 1) then
set var vlanNameOnly $TCL(regexp -inline {(?![0-9:]+\s+)([A-Za-z0-9._+-]+\s+)([0-9:]+\s+)([0-9:]+\s+)([0-9]+\s+)([0-9]+\s+)} $findIt)
set var value0 $TCL(lindex $vlanNameOnly 0)
set var value1 $TCL(lindex $vlanNameOnly 1)
set var value3 $TCL(lindex $vlanNameOnly 3)
if ($addOrDelete == 1) then
configure ports $(value0) display-string Trunk_$(value1)_$(value3)
endif
if ($addOrDelete == 0) then
create log entry "NO TURUNK PORTS"
endif
endif
#
if ($findEnd == 1) then
set var icount ($icountBack)
endif
set var icount ($icount + 1)
endwhile
#
if ($VAREXISTS(CLI.OUT)) then
delete var CLI.OUT
endif
if ($VAREXISTS(inputA)) then
delete var inputA
endif
if ($VAREXISTS(listA)) then
delete var listA
endif
if ($VAREXISTS(countA)) then
delete var countA
endif
if ($VAREXISTS(icount)) then
delete var icount
endif
if ($VAREXISTS(findEnd)) then
delete var findEnd
endif
if ($VAREXISTS(findIt)) then
delete var findIt
endif
if ($VAREXISTS(icountBack)) then
delete var icountBack
endif
if ($VAREXISTS(value0)) then
delete var value0
endif
if ($VAREXISTS(value1)) then
delete var value1
endif
if ($VAREXISTS(value3)) then
delete var value3
endif
if ($VAREXISTS(vlanNameOnly)) then
delete var vlanNameOnly
endif
if ($VAREXISTS(findTrunkPorts)) then
delete var findTrunkPorts
endif
if ($VAREXISTS(printCommand)) then
delete var printCommand
endif
if ($VAREXISTS(addOrDelete)) then
delete var addOrDelete
endif
if ($VAREXISTS(ynCliModeAbortEnabled)) then
delete var ynCliModeAbortEnabled
endif
###############################################################################
# End of CLI Script
###############################################################################
create log entry "**********Finshed running CLI Script**********"
enable clipaging
disable cli-config-logging
disable cli scripting
Hello,

I have tested script but it does not work.

I nested piece of scrip in right position?

***************

disable clipset var cli.out 0
show port no
set var s $TCL(split ${cli.out} "\n")
set var i 4
set var e $TCL(lsearch $s *D-Disabled*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var p $TCL(lindex $l 0)
set var cli.out 0
show edp port $p
set var se $TCL(split ${cli.out} "\n")
set var le $TCL(llength $se)
if ($le < 7) then
disable edp port $p
endif
set var cli.out 0
show port $p info detail
set var sp $TCL(split ${cli.out} "\n")
set var l $TCL(lsearch $sp *Trunking:*)
set var ln $TCL(lindex $sp $l)
set var t $TCL(regexp {Master} $ln)
if ($t == 1) then
config trusted-port $p trust-for dhcp-server
set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
set var iv ($iv + 1)
set var ev $TCL(lsearch $sp *STP\ cfg:*)
set var ev ($ev - 1)
while ($iv < $ev) do
set var l $TCL(lindex $sp $iv)
set var v $TCL(lindex $l 1)
set var v $TCL(string map {, ""} $v)
enable ip-security dhcp-snooping vlan $v port $p violation-action none
set var iv ($iv + 2)
endwhile
else
set var t $TCL(regexp {Cfg} $l)
if ($t != 1) then
set var iv $TCL(lsearch $sp *VLAN\ cfg:*)
set var iv ($iv + 1)
set var ev $TCL(lsearch $sp *STP\ cfg:*)
set var ev ($ev - 1)
while ($iv <$ev) do
set var l $TCL(lindex $sp $iv)
set var v $TCL(lindex $l 1)
set var v $TCL(string map {, ""} $v)
enable ip-security dhcp-snooping vlan $v port $p violation-action drop-packet block-mac permane
set var iv ($iv + 2)
endwhile
endif
endif
set var i ($i + 1)
endwhile
delete var cli.out
delete var s
delete var i
delete var e
delete var l
delete var p
delete var se
delete var le
delete var sp
delete var ln
delete var t
delete var iv
delete var ev
delete var v
disable clip

****************

I have on my LINK / TRUNK ports one untag network (Vlan Default) that i use as my control/admin vlan for accesing switches. Script is adding "drop-packet block-mac permane" to that vlan and it should not.
Script should detect Trunk ports and all vlan that are defined on that port should have "enable ip-security dhcp-snooping vlaxxx port xx violation-action none". Also on that port i would like to have port description "Trunk-(remote sw name)", so i can use that later on for grouping in RIdgeline"

BR
Davor

PS

Thanks for your help..
Hello,

I've been reading all the posts and I'm still confused.

What is the simplest way to basically get the output of the show edp

My case is :
- Check if there is a switch connected on that port
- if there is, execute the if part, otherwise execute the else part.

If you can help me quickly, that'd be great

thanks
Userlevel 4
This is simply to check if any edp neighbor exists.

set var cli.out 0
show edp ports all | in "^[0-9]+"
set var t $tcl(split ${cli.out} "\n")
set var n $tcl(llength $t)

if ($n > 1) then
.....
else
.....
endif
Kevin Kim wrote:

This is simply to check if any edp neighbor exists.

set var cli.out 0
show edp ports all | in "^[0-9]+"
set var t $tcl(split ${cli.out} "\n")
set var n $tcl(llength $t)

if ($n > 1) then
.....
else
.....
endif

With your script and after some investigation, I did

enable cli scripting
set var CLI.OUT 0
set var PORT 22 ( that's for testing)
show edp ports $PORT | i $PORT
set var gigi $TCL(lrange ${CLI.OUT} 7 7)
show edp ports $PORT | i $PORT
set var gigi2 $TCL(lrange ${CLI.OUT} 0 0)

if ($gigi == $PORT || $gigi2 == $PORT) then (Depends on CLI or netsight application)
create log message "IF statement"
Else
create log message "ELSE statement"
endif

Thanks 🙂

Reply