Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Script with Variables

New to NCM. Trying to see how I would run a script an ACL template on NCM on remote sites with Cisco routers. All running 12.4(24)T or newer IOS. Below is an example of what I would be looking to do:

access-list 150 remark //// Test Ingress ACL ////
access-list 150 deny   tcp any host {Router Gi0/0 IP} eq telnet log
access-list 150 deny   tcp any host {Router Gi0/0 IP} eq www log
access-list 150 deny   tcp any host {Router Gi0/0 IP} range 161 162
access-list 150 deny   tcp any host {Router Gi0/0 IP} range 513 514
access-list 150 deny   udp any host {Router Gi0/0 IP} range 161 162
access-list 150 deny   udp any host {Router Gi0/0 IP} range 513 514
access-list 150 deny   tcp any host {Router Gi0/0 IP} eq 443 log
access-list 150 deny   tcp any host {Router Gi0/0 IP} range 881 889 log
access-list 150 permit ip any any

I would then pust a script simular to this numerous sites. If i have to manually define the site specific IP addresses, then there is no difference from do it manually without NCM. Obviously, the scripts would be much more painful than this, but this will give me an idea of how to work this in NCM. Thanks all!

Find more posts tagged with

Accepted answers

All comments

jcpetrey

From what I have seen I don't think you can do that from within a "script," but I do think that you would be able to do that from within a "Config Change Template" from the web interface. You will have to write it yourself, but I think it should work.

In the Config Change Tempates you can define variables and can either have a method of selecting them with Node Tree and checkboxes OR typing the value into a text box.

I haven't made one myself, but I know that it supports variables, loops, and if then.

betspi

I'm intersted to know if you have found a solution to this. We have a similar scenario where I need to update the access lists on over 1000 routers. The access lists are basically the same except the source address and source wildcard bits are different for example on router a it might be

access-list 101 permit ip 172.16.200.0 0.0.0.15 172.20.0.0 0.3.255.255

and router b might be

access-list 101 permit ip 172.16.200.16 0.0.0.15 172.20.0.0 0.3.255.255

orionofmyeye

i am interested too

betspi

Here's how I accomplished this task:

I created custom properties for the network, wildcard bits, and subnet.

I then downloaded this script: To write all the custom properties to the NCM database. The hardest part about the script was getting Perl setup and the OBDC connection correct. The script is run from the server itself and not through the web console.

Then I created a scheduled job config change template and ran it again the 1100 devices.

The command script was similar to this:

no access-list 101

no access-list 102

no access-list 104

no access-list 98

access-list 98 permit 216.161.174.0 0.0.0.255

access-list 98 permit 208.176.162.0 0.0.0.255

access-list 98 permit ${ClassC} 0.0.0.255

access-list 101 permit ip ${Subnet} ${WildcardBits} 172.20.0.0 0.3.255.255

access-list 101 permit ip ${Subnet} ${WildcardBits} 172.24.0.0 0.4.255.255

access-list 101 permit ip ${Subnet} ${WildcardBits} 192.168.0.0 0.0.255.255

access-list 104 deny ip ${Subnet} ${WildcardBits} 172.20.0.0 0.3.255.255

access-list 104 deny ip ${Subnet} ${WildcardBits} 172.24.0.0 0.4.255.255

access-list 104 deny ip ${Subnet} ${WildcardBits} 192.168.0.0 0.0.255.255

access-list 104 permit ip ${Subnet} ${WildcardBits} any

The B side is still somewhat of a manual process for the most part but I just created a text file with the access lists and modified it as needed and then dropped the config back in.

Hope this helps!