Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Automation Scripts

Reply

help Find & replace & apply

Techie
Posts: 10
4205     0

Hi 

 

I have a Core Sw has a set of DHCP, number of them does not have the correct name but in settings I can distinguish voice vlan via option 150.

ip dhcp pool_FG (VLAN 76)
   network 10.16.76.0 255.255.255.0
   default-router 10.16.76.254
   option 150 ip 10.128.1.11 10.172.50.11
   lease 90

I want to look for this dhcp and take the address.

10.16.76.0

 

And apply This commend to the router:

ip access-list extended allow-voice-tr
permit ip 10.16.76.0 any

 

Thanks for any info.

 

Re: help Find & replace & apply

Adviser
Posts: 65
4206     0

Hey,

 

Check out the getting started with CCS content on our github repository: https://github.com/infobloxopen/netmri-toolkit/tree/master/CCS/StartHere

 

On a basic level you want an action command to ouput that ip dhcp statement and filter for the ones with option 150 (IOS has "include" for that) Then use a trigger to  filter out networks and then another action command to apply the acl.

 

If you want to go a bit deeper then you could first check to see if the acl already exists and skip this device if it does. Or you could run this only on devices that don't have this acl by starting from the config search 

 

Re: help Find & replace & apply

Techie
Posts: 10
4206     0

Dear ingmar,

 

Yes this is exactly what I look for, and after the fetch for all IP addresses for voice Subnet, The script will up date access-list . If the script can to check first befor apply the access-list it be fantastic. 

 

Great content on your github repository. but nothing can help me in this task.

 

Re: help Find & replace & apply

Adviser
Posts: 65
4206     0

This is an untested draft, I don't have any dhcp on IOS so can't test this. You will probably have to modify this for it to work.

 

###########################################################################
## Export of Script: ACL update for voice basedon option 150 in DHCP
## Script-Level: 3
## Script-Category: Uncategorized
###########################################################################

Script:
	ACL update for voice basedon option 150 in DHCP

Script-Description:
	'ACL update for voice basedon option 150 in DHCP"

Script-Filter:
	$vendor in ["Cisco"]


########################################################################

Action:
	Show IP DHCP config

Action-Commands:
	show ip dhcp | include i network p 1 n 3

Output-Trigger:
	Parse Output

########################################################################

Trigger:
	Parse Output

Trigger-Variables:
	$network ip

Trigger-Template:
	network\s[[$network]]\s

Trigger-Commands:
	conf t
	ip access-list extended allow-voice-tr
	permit ip $network any
	exit

########################################################################

Action-Commands:
	exit
	write mem

Re: help Find & replace & apply

Techie
Posts: 10
4206     0

No luck yet,
I couldn't reach my goal
Thanks for your help

Showing results for 
Search instead for 
Did you mean: 

Recommended for You