Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted

Trigger-Template 1st Match

Authority
Posts: 20
2165     0

Is there a way to have a Trigger-Template match the first occurence and ignore any other matches.  I am looking for a way to have my script look for any configuration line that has "port-security" and then run some trigger commands.  I don't want to trigger-commands to run subsequent times for each line that matches the intial check.

 

I am looking for something like:

 

Trigger-Template:  {1st time match}

   port-security 

 

interface GigabitEthernet0/1
switchport access vlan 32
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 34
switchport port-security maximum 25
switchport port-security violation restrict
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
end

Highlighted

Re: Trigger-Template 1st Match

Expert
Posts: 236
2165     0

You can create a global variable and initialize it to false/no:

  SET: $foundmatch = "no"

 

After your trigger executes on the first match, make the trigger command execution conditional on that variable:

  Trigger-Commands: {$foundmatch eq "no"}

    Command1

    Command2

  SET: $foundmatch = "yes"

 

The remaining match iterations will not send any commands.

 

A similar approach is used in scripts to only enter configuration mode once and to send the "end" command after the final iteration.  That "config changed" variable can also be tested to determine if the running-config should be saved.

Highlighted

Re: Trigger-Template 1st Match

Authority
Posts: 20
2165     0

Thanks.  That is exactly what I had done.  Was just looking for a more streamlined way if one existed.  Here is my entire script.  It works as expected, but I would welcome any input to make it better.

=============

 

Script-Filter:
$Vendor eq "Cisco" and $Type in ["Switch","Switch-Router"] and $sysDescr like /IOS/

################

Action:
Find Interfaces

Action-Commands:
SET: $UpdateMade = "no"
sho ip int brief

Output-Triggers:
Process Interfaces

################
Trigger:
Process Interfaces

Trigger-Description:
Find valid interfaces to check for helpers - An interface that has an ip address and is "up"

Trigger-Variables:
$IntName /(\w+\d+(\/\d{1,2}|\/\d{1,2}\/\d+|\/\d{1,2}\.\d+|\/\d{1,2}\:\d+)?|\w+-\w+\d{1,3})/

Trigger-Template:
[[$intName]]\s+unassigned

Trigger-Commands: {$UpdateMade eq "no"}
show run interface $intName
SET:$cmdsRemoved = "no"

Trigger-Commands: {$UpdateMade eq "yes"}
do show run interface $intName
SET:$cmdsRemoved = "no"

Output-Triggers:
ParseOutput
################
Trigger:
ParseOutput

Trigger-Variables:
$cmd /switchport\sport-security\smaximum|switchport\sport-security\sviolation\srestrict|switchport\sport-security\saging\stime|switchport\sport-security\saging\stype|switchport\sport-security/

Trigger-Template:
[[$cmd]]

Trigger-Filter:
$cmd like /port-security/

Trigger-Commands: {$UpdateMade eq "no"}
config t

# Only remove the commands 1 time, not for each match of "port-security"

Trigger-Commands: {$cmdsRemoved eq "no"}
int $intName
no switchport port-security maximum
no switchport port-security violation restrict
no switchport port-security aging time
no switchport port-security aging type inactivity
no switchport port-security
exit
SET:$UpdateMade = "yes"
SET:$cmdsRemoved = "yes"

 


########
Action:

End and Write Memory

Action-Description:
End and Write Memory only if we entered config mode.

Action-Commands: {$UpdateMade eq "yes"}
end
write mem
SET:$UpdateMade = "no"

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You