Hi NCM Users
I'm brand new at NCM scripting and need some tips with the following requirements
I'm need to configure a Cisco Router ACL which contains the IP address of one of the router's ip Address. This means that this ACL will have a specific set of entries where part of the ACL text is a variable.
So for example, if router A has interface G0/0 at 10.1.1.1/24, I need to write a script where
@ipnetwork = @ContextNode ->I/F-G0/0->IP Address
so that I can apply it to a script something like this...
script ChangeLoginBannerCiscoIOS ( NCM.Nodes @ContextNode, string @ipnetwork)
access-list 1 permit @ipnetwork 0.0.0.255
I've read that a variable cannot be set from a script command (sh ip int -> @ipnetwork ) is not possible. So node can configuration objects in the configuration database be assigned to variables for passing to command scripts?
Many thanks for your help
Hi Mesverrum and community
Thanks for the tip. It took some effort with syntax and going into the Database to figure this out but I managed to get it to work. One of the biggest problem is the nesting requirement to look for interface data in two tables.
Here's the script below to find an interface by it's name, looking up the IP address and using that IP address to generate a ACL entry, including reverse mask. Nested if/then/else syntax would be nice
This change template configures ACL for SSZ_LAN Security
Cisco, IOS, VLAN Membership
The node the template will operate on. All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.
script SSZ_LAN_ACL ( NCM.Nodes @ContextNode )
// Loop through Interfaces and lookup Interface ID and IP Address/Mask
foreach (@interfaceItem in @ContextNode.Interfaces)
foreach (@ip in @interfaceItem.IpAddresses)
// Search for Interface G0/0.1 and get its IP address
if (@interfaceItem.InterfaceDescription == 'GigabitEthernet0/0.1')
// Create ACL variables
@SszLanIPAdress = @ip.IPAddress
@SszIpNetwork = setoctet(@SszLanIPAdress, 4,0)
// Create reverse Mask for ACL
if ( @ip.SubnetMask == '255.255.255.0' )
@IpLanMask = '0.0.0.255'
if ( @ip.SubnetMask == '255.255.254.0' )
@IpLanMask = '0.0.1.255'
if ( @ip.SubnetMask == '255.255.252.0' )
@IpLanMask = '0.0.3.255'
// remove previous ACL
ip access-list extended SSH-Access
remark Accesss list for SSH access to device from local G0/0.1 interface
permit tcp @SszIpNetwork @IpLanMask any eq 22
line vty 0 4
access-class SSH-Access in
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.