This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to make UPM script changes permanent

how to make UPM script changes permanent

David_Rahn
New Contributor

‎07-08-2015 02:20 PM

I have a script that uses a port up log trigger to look at the FDB and see if the mac is in a list then delete the PORT from the DATA vlan and add it to one of several different vlans ( based on the MAC)

I do not have the PORT DOWN trigger putting things back as we found 3rd Party APs in DHCP mode would get an IP in the wrong VLAN and would reboot, thus having a loop.

so instead: Port comes UP , we read the FDB if the FDB matches an Aruba OUI we move the PORT to the WIFI vlan... the AP reboots , link goes down, the port stays in the wifi vlan; the AP comes up and everything is GOOD...

the Problem is if the switch reboots, the Port belongs to NO vlan ( original config it was in the DATA vlan) the FDB never will learn if there is NO vlan... so the port never gets moved to the WIFI vlan. ( actually the voice vlan is tagged on these ports but the AP does not talk to that vlan so the fdb problem still exists)

so wondering if anyone else can tell me how to make a UPM script perminint, and if not why does part of the script ( the deleteing of the port from the Data vlan ) stay and not the adding of the port to the wifi vlan?

what I would like is on a reboot the ports went back to default state ( in the data vlan )

then the scripts would work fine to move things back to the proper vlan ...

a close second would be if the config just stayed in the state it was in ( like if I could save the config in the script) so the ports would stay in the wifi vlan after power outage things would come back online ( if you move items you would need to reconfigure the switch , but I am OK with that)

thanks for your help

script bits :

create upm profile MAC-Detect
if (!$match($EVENT.LOG_PARAM_0,1:52)) then
create log entry "!!!!UPLINK_PORT_STATUS_CHANGE_NO_UPM_ACTION_TAKEN!!!!!!!!"
return 0
endif
set var MAC1 6c:f3:7f:
set var MAC2 d8:c7:c8:
set var MAC3 ac:a3:1e:
set var MAC4 00:40:8c:
set var MAC5 ac??8e:
set var MAC6 00:20:4a:
set var MAC7 18:64:72:
set var VLAN1 Wifi
set var VLAN2 security
set var myWaitVar $TCL(after [expr 1000 * 6])
set var CLI.OUT " "
show fdb ports $EVENT.LOG_PARAM_0
set var list1 $TCL(split ${CLI.OUT} "\n")
set var list2 $TCL(lindex $(list1) 2)
set var list3 $TCL(string replace $(list2) 9 65 {})
create log entry ($list3)_mac_entry
if (!$match($list3, $MAC1)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN1 add port $EVENT.LOG_PARAM_0
create log entry "Aruba_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC2)) then
configure vlan data del port $EVENT.LOG_PARAM_0
conf

igure vlan $VLAN1 add port $EVENT.LOG_PARAM_0
create log entry "Aruba_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC3)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN1 add port $EVENT.LOG_PARAM_0
create log entry "Aruba_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC4)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN2 add port $EVENT.LOG_PARAM_0
create log entry "AXIS_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC5)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN2 add port $EVENT.LOG_PARAM_0
create log entry "AXIS_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC6)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN2 add port $EVENT.LOG_PARAM_0
create log entry "Security_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
if (!$match($list3, $MAC7)) then
configure vlan data del port $EVENT.LOG_PARAM_0
configure vlan $VLAN1 add port $EVENT.LOG_PARAM_0
create log entry "Aruba_device_connected_on_port_($EVENT.LOG_PARAM_0)"
return 0
endif
create log entry " MAC_DETECT_FAILED_DEVICE_UNKNOWN_STAYS_IN_DATA_VLAN"
return 1
.
#Period used to end block-mode



create log filter Log_PortUp
configure log filter Log_PortUp add events vlan.msgs.portLinkStateUp
create log target upm MAC-detect
configure log target upm MAC-detect filter Log_PortUp severity Info only
configure log target upm MAC-detect match Any



0 Kudos
9 REPLIES 9

dflouret
Extreme Employee

‎07-09-2015 11:26 PM

Easily...
configure netlogin add mac-list aa??cc:00:00:00 24 password ports 1-3would strip the last bytes and send aabbcc000000 with a password of password to radius or the local database whenever a mac starting with aa??cc appears in ports 1 to 3. The number after the mac (24) is a mask and is the number of bits to pass (ffffff000000)

If you want to simply get the OUI of any mac, use
configure netlogin add mac-list ff:ff:ff:00:00:00 24 password ports 1-3
0 Kudos

David_Rahn
New Contributor

‎07-09-2015 11:13 PM

my ignorance. .. can I use mac login and mask the mac and only look at the oui?
0 Kudos

dflouret
Extreme Employee

‎07-09-2015 09:07 PM

Is there a reason why you are not using mac-based network login?
0 Kudos

David_Rahn
New Contributor

‎07-08-2015 02:36 PM

Thank you ... trying it now..

any idea why some items are permanent and others are not ( config vlan data del port x vs config vlan wifi add port x) ?

0 Kudos

Dorian_Perry
Extreme Employee

‎07-08-2015 02:28 PM

Hi David,

I believe the command you are looking for is "enable cli scripting permanent". Add the command at the beginning of the UPM Script. Also add a "save" at the end of the UPM Script to save the configuration.
0 Kudos
GTM-P2G8KFN