cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

How do you extract device interface configuration as variable input to configuration script

Hi NCM Users

I'm brand new at NCM scripting and need some tips with the following requirements

I'm need to configure a Cisco Router ACL which contains the IP address of one of the router's ip Address. This means that this ACL will have a specific set of entries where part of the ACL text is a variable.

So for example, if router A has interface G0/0 at 10.1.1.1/24, I need to write a script where

@ipnetwork = @ContextNode ->I/F-G0/0->IP Address

so that I can apply it to a script something like this...

script ChangeLoginBannerCiscoIOS ( NCM.Nodes @ContextNode, string @ipnetwork)

{

  CLI

  {

    configure terminal

    access-list 1 permit @ipnetwork 0.0.0.255

    ...

    ...

    etc.

    exit

  }

I've read that a variable cannot be set from a script command (sh ip int ->  @ipnetwork ) is not possible. So node can configuration objects in the configuration database be assigned to variables for passing to command scripts?

Many thanks for your help

Phil

Labels (2)
Tags (2)
0 Kudos
2 Replies

These will probably help, b asically anything on the NCM nodes table in the database can be called as a variable in the scripts, they mention ${agentIP} but I want to say just plain ${ipaddress} is also one.

Looking for list of NCM variables

Advanced network config change template commands

- Marc Netterfield, Github

Hi Mesverrum and community

Thanks for the tip. It took some effort with syntax and going into the Database to figure this out but I managed to get it to work. One of the biggest problem is the nesting requirement to look for interface data in two tables.

Here's the script below to find an interface by it's name, looking up the IP address and using that IP address to generate a ACL entry, including reverse mask. Nested if/then/else syntax would be nice

/*

.CHANGE_TEMPLATE_DESCRIPTION

        This change template configures ACL for SSZ_LAN Security

.CHANGE_TEMPLATE_TAGS

        Cisco, IOS, VLAN Membership

.PLATFORM_DESCRIPTION

        Cisco IOS

.PARAMETER_LABEL @ContextNode

        NCM Node

.PARAMETER_DESCRIPTION @ContextNode

        The node the template will operate on.  All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.

*/

script SSZ_LAN_ACL (  NCM.Nodes @ContextNode )

{

string @IpLanMask

string @SszLanIPAdress

string @SszIpNetwork

// Loop through Interfaces and lookup Interface ID and IP Address/Mask

foreach (@interfaceItem in @ContextNode.Interfaces)

{

foreach (@ip in @interfaceItem.IpAddresses)

{

// Search for Interface G0/0.1 and get its IP address

if (@interfaceItem.InterfaceDescription == 'GigabitEthernet0/0.1')

{  

// Create ACL variables

@SszLanIPAdress = @ip.IPAddress

@SszIpNetwork = setoctet(@SszLanIPAdress, 4,0)

// Create reverse Mask for ACL

if (  @ip.SubnetMask == '255.255.255.0' )

{

@IpLanMask = '0.0.0.255'

}

if (  @ip.SubnetMask == '255.255.254.0' )

{

@IpLanMask = '0.0.1.255'

}

if (  @ip.SubnetMask == '255.255.252.0' )

{

@IpLanMask = '0.0.3.255'

}

// remove previous ACL

CLI

{          

configure terminal

ip access-list extended SSH-Access

remark Accesss list for SSH access to device from local G0/0.1 interface

permit tcp @SszIpNetwork @IpLanMask any eq 22

line vty 0 4

  access-class SSH-Access in

exit

exit

}

}

}

}

}