Execute a script when a rule is used
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-01-2016 01:06 PM
Hello,
I'm working with NAC and so netlogin.
We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.
We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.
I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.
Thanks
Gaspard
I'm working with NAC and so netlogin.
We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.
We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.
I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.
Thanks
Gaspard
38 REPLIES 38
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
If you are using LLDP as the trigger, and you turn on netlogin on a port, if I remember correctly, LLDP is disabled (as is EDP) at least for the processing of PDUs ingress. So, under that circumstance, your trigger for UPM won't work. EDP packets do originate from a port with netlogin enabled.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
"^' means the beginning of the string. It is used in regular expression to match the OUI of MAC address which is the first 24-bit number that uniquely identifes a vendor or manufacturer. Extreme switches have a MAC address that begins with "00:04:96".
# set var EVENT.DEVICE_MAC 00:04:96:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
0
# set var EVENT.DEVICE_MAC 00:04:00:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
-1
In addition, I agree Matt that the "regexp" TCL function is more appropriate here since "EVENT.DEVICE_MAC" is not a list.
# set var EVENT.DEVICE_MAC 00:04:96:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
0
# set var EVENT.DEVICE_MAC 00:04:00:37:54:2B
# set var m $TCL(lsearch -regex ${EVENT.DEVICE_MAC} "^00:04:96")
# sh var m
-1
In addition, I agree Matt that the "regexp" TCL function is more appropriate here since "EVENT.DEVICE_MAC" is not a list.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
It might work better to use the regexp function. e.g.:
x205.35 # show var mac00:01:02:0A:0B:0C
x205.36 # set var t $TCL(regexp ^00:01:02 $mac)
x205.37 # show var t
1
x205.38 # set var t $TCL(regexp ^00:01:03 $mac)
x205.39 # show var t
0
So the lines could be:
set var m $TCL(regexp ^00:04:96 ${EVENT.DEVICE_MAC} )
if ($m) then
...
x205.35 # show var mac00:01:02:0A:0B:0C
x205.36 # set var t $TCL(regexp ^00:01:02 $mac)
x205.37 # show var t
1
x205.38 # set var t $TCL(regexp ^00:01:03 $mac)
x205.39 # show var t
0
So the lines could be:
set var m $TCL(regexp ^00:04:96 ${EVENT.DEVICE_MAC} )
if ($m) then
...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
Hello,
I did some testing, and it seems that it doesn't see the MAC with that OUI.
I does the else statement, but not the if
Does the " ^ " make the OUI not work ? Seems like it doesn't match the switch's MAC, which has this OUI.
Thanks
I did some testing, and it seems that it doesn't see the MAC with that OUI.
I does the else statement, but not the if
Does the " ^ " make the OUI not work ? Seems like it doesn't match the switch's MAC, which has this OUI.
Thanks
