Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Network Change & Configuration Management

Reply
Accepted Solution

Remove Multiple Commands from Interfaces

Authority
Posts: 20
4896     0

I am trying to remove port-security commands from a Cisco Switch.  The interface commands on a typical switch look like the following:

 

interface GigabitEthernet0/1
switchport access vlan 32
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 34
switchport port-security maximum 4
switchport port-security violation restrict
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
end

 

I wish to remove all the commands in RED.  I am utilizing the Regular Expression Test, to correctly define my Trigger-Variables and Trigger-Templates.    

 

They are defined as:

 

Trigger-Variables

$cmdattrbs string

 

Trigger-Template

switchport port-security [[$cmdattrbs]]

 

Upon executing the test, it grabs the 1st 4 lines correctly, but the 5th line "switchport port-security" matches the cmdattrbs of the next line "spanning-tree portfast", which is not the desired outcome.  Is there a way to match a line with no attributes after "switchport port-security"?

 

 

 

Re: Remove Multiple Commands from Interfaces

Authority
Posts: 20
4896     0

I modified the Trigger-Variables and Templates to the following and this seems to capture the 5 lines I am looking for.  Not sure if there is a better way.

 

Trigger-Variables

$cmdattrbs /maximum\s\d{1,2}|violation\srestrict|aging\stime\s\d{1,2}|aging\stype\sinactivity|\s/

 

Trigger-Template

switchport port-security [[$cmdattrbs]]

Re: Remove Multiple Commands from Interfaces

Authority
Posts: 20
4896     0
 Script: Regular Expression Test 
 15:04:11  Script-Filter 
 15:04:12   Filter matches 
 15:04:12  
 true 

 

 1. Action: 'Regular Expression Test Action' 
 15:04:12  Action-Commands 

 

 
 1.1. Trigger: 'Regular Expression Test Trigger'Output: 'Regular Expression Test Action'  
 15:04:12  Trigger-Template 
 15:04:12   Template matches 
 15:04:12  
 switchport port-security (maximum 25
 15:04:12  Trigger-Variables 
 15:04:12   $cmdattrbs = 'maximum 25' 
 15:04:12  Trigger-Commands 
 15:04:12   SET: $donothing = "true" 

 

 
 1.2. Trigger: 'Regular Expression Test Trigger'Output: 'Regular Expression Test Action'  
 15:04:12  Trigger-Template 
 15:04:12   Template matches 
 15:04:12  
 switchport port-security (violation restrict
 15:04:12  Trigger-Variables 
 15:04:12   $cmdattrbs = 'violation restrict' 
 15:04:12  Trigger-Commands 
 15:04:12   SET: $donothing = "true" 

 

 
 1.3. Trigger: 'Regular Expression Test Trigger'Output: 'Regular Expression Test Action'  
 15:04:12  Trigger-Template 
 15:04:12   Template matches 
 15:04:12  
 switchport port-security (aging time 1
 15:04:12  Trigger-Variables 
 15:04:12   $cmdattrbs = 'aging time 1' 
 15:04:12  Trigger-Commands 
 15:04:12   SET: $donothing = "true" 

 

 
 1.4. Trigger: 'Regular Expression Test Trigger'Output: 'Regular Expression Test Action'  
 15:04:12  Trigger-Template 
 15:04:12   Template matches 
 15:04:12  
 switchport port-security (aging type inactivity
 15:04:12  Trigger-Variables 
 15:04:12   $cmdattrbs = 'aging type inactivity' 
 15:04:12  Trigger-Commands 
 15:04:12   SET: $donothing = "true" 

 

 
 1.5. Trigger: 'Regular Expression Test Trigger'Output: 'Regular Expression Test Action'  
 15:04:12  Trigger-Template 
 15:04:12   Template matches 
 15:04:12  
 switchport port-security ( 
 15:04:12  Trigger-Variables 
 15:04:12   $cmdattrbs = ' ' 
 15:04:12  Trigger-Commands 
 15:04:12   SET: $donothing = "true" 

Re: Remove Multiple Commands from Interfaces

Adviser
Posts: 244
4896     0

Appreciate your post and the amount of information/context you provided.  I'll ensure this gets routed to the right folks!

 

Eric

If you appreciate my efforts, please give me a kudo ↓ or Accept as solution to help others find it faster.

Re: Remove Multiple Commands from Interfaces

Adviser
Posts: 408
4896     0

Mark,

 

Trigger-Varriables:

   $test string

 

 

Trigger-Template:

  switchport port-[[$test]]

 

Screenshot 2015-12-08 05.23.55.png

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Remove Multiple Commands from Interfaces

[ Edited ]
Authority
Posts: 20
4896     0

Thank you Sif.  I am still having trouble executing the loop in a streamlined fashion.  I want to do the following:

 

1.  Go into Configuration Mode 1 time for each switch -    config t

2.  Go into the interface 1 time and then execute the removal of the 5 switchport port-security commands.

3.  Then end out of configuration mode  - end

4.  Save the config.

 

My trials have me going in and out of config mode and specifying the interface before each removal command.  Is there a better way to do this  My script I have at the moment is below.  Any help would be appreciated.

 

===============

 

Script-Filter:
$Vendor eq "Cisco" and $Type in ["Switch","Switch-Router"] and $sysDescr like /IOS/

################

Action:
Find Interfaces

Action-Commands:
SET: $UpdateMade = "no"
sho ip int brief

Output-Triggers:
Process Interfaces

################
Trigger:
Process Interfaces

Trigger-Description:
Find valid interfaces to check for helpers - An interface that has an ip address and is "up"

Trigger-Variables:
$IntName /(\w+\d+(\/\d{1,2}|\/\d{1,2}\/\d+|\/\d{1,2}\.\d+|\/\d{1,2}\:\d+)?|\w+-\w+\d{1,3})/

Trigger-Template:
[[$intName]]\s+unassigned

Trigger-Commands:
sho run interface $intName

Output-Triggers:
ParseOutput
################
Trigger:
ParseOutput

Trigger-Variables:
$cmdattrbs string

Trigger-Template:
switchport port-[[$cmdattrbs]]

Trigger-Commands: {$UpdateMade eq "no"}
DEBUG:config t
DEBUG:int $intName
SET:$UpdateMade = "yes"

Trigger-Commands: {$UpdateMade eq "yes"}
DEBUG:no switchport port-$cmdattrbs

 

########
Action:

End and Write Memory

Action-Description:
End and Write Memory only if we entered config mode.

Action-Commands:{$UpdateMade eq "yes"}
DEBUG:end
DEBUG:write mem

Re: Remove Multiple Commands from Interfaces

Expert
Posts: 231
4896     0

Look at Example5.ccs -- it does exactly what you want by using the $UpdateMade variable.

The only change that I would recommend is to send "end" instead of "exit".  If the series of config commands cause the parser to enter a sub-command mode (e.g., interface xxx), "exit" will back out one level to global mode, whereas "end" will leave config mode entirely.

Highlighted

Re: Remove Multiple Commands from Interfaces

Expert
Posts: 231
4896     0

Sif,

 

I've not seen matches continue into the next line of output as mthiel117 observed.  Since Ruby regexp supposedly enables multi-line mode by default, I inferred that the underlying Perl code for CCS implicitly applies an end-of-line ($) to the complete match pattern line in a template.  Not true?

 

- Marty

Showing results for 
Search instead for 
Do you mean 

Recommended for You