This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How do you extract device interface configuration as variable input to configuration script

pnicaud over 4 years ago

Hi NCM Users

I'm brand new at NCM scripting and need some tips with the following requirements

I'm need to configure a Cisco Router ACL which contains the IP address of one of the router's ip Address. This means that this ACL will have a specific set of entries where part of the ACL text is a variable.

So for example, if router A has interface G0/0 at 10.1.1.1/24, I need to write a script where

@ipnetwork = @ContextNode ->I/F-G0/0->IP Address

so that I can apply it to a script something like this...

script ChangeLoginBannerCiscoIOS ( NCM.Nodes @ContextNode, string @ipnetwork)

{

CLI

{

configure terminal

access-list 1 permit @ipnetwork 0.0.0.255

...

etc.

exit

}

I've read that a variable cannot be set from a script command (sh ip int -> @ipnetwork ) is not possible. So node can configuration objects in the configuration database be assigned to variables for passing to command scripts?

Many thanks for your help

Phil

Top Replies

0 mesverrum over 4 years ago

These will probably help, b asically anything on the NCM nodes table in the database can be called as a variable in the scripts, they mention ${agentIP} but I want to say just plain ${ipaddress} is also one.
Looking for list of NCM variables
Advanced network config change template commands
Cancel
Vote Up +1 Vote Down

Cancel
0 pnicaud over 4 years ago in reply to mesverrum

Hi Mesverrum and community
Thanks for the tip. It took some effort with syntax and going into the Database to figure this out but I managed to get it to work. One of the biggest problem is the nesting requirement to look for interface data in two tables.
Here's the script below to find an interface by it's name, looking up the IP address and using that IP address to generate a ACL entry, including reverse mask. Nested if/then/else syntax would be nice
/*
.CHANGE_TEMPLATE_DESCRIPTION
        This change template configures ACL for SSZ_LAN Security
.CHANGE_TEMPLATE_TAGS
        Cisco, IOS, VLAN Membership
.PLATFORM_DESCRIPTION
        Cisco IOS
.PARAMETER_LABEL @ContextNode
        NCM Node
.PARAMETER_DESCRIPTION @ContextNode
        The node the template will operate on. All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.
*/
script SSZ_LAN_ACL ( NCM.Nodes @ContextNode )
{
string @IpLanMask
string @SszLanIPAdress
string @SszIpNetwork
// Loop through Interfaces and lookup Interface ID and IP Address/Mask
foreach (@interfaceItem in @ContextNode.Interfaces)
{
foreach (@ip in @interfaceItem.IpAddresses)
{
// Search for Interface G0/0.1 and get its IP address
if (@interfaceItem.InterfaceDescription == 'GigabitEthernet0/0.1')
{
// Create ACL variables
@SszLanIPAdress = @ip.IPAddress
@SszIpNetwork = setoctet(@SszLanIPAdress, 4,0)
// Create reverse Mask for ACL
if ( @ip.SubnetMask == '255.255.255.0' )
{
@IpLanMask = '0.0.0.255'
}
if ( @ip.SubnetMask == '255.255.254.0' )
{
@IpLanMask = '0.0.1.255'
}
if ( @ip.SubnetMask == '255.255.252.0' )
{
@IpLanMask = '0.0.3.255'
}
// remove previous ACL
CLI
{
configure terminal
ip access-list extended SSH-Access
remark Accesss list for SSH access to device from local G0/0.1 interface
permit tcp @SszIpNetwork @IpLanMask any eq 22
line vty 0 4
access-class SSH-Access in
exit
exit
}
}
}
}
}
Cancel
Vote Up +2 Vote Down

Cancel