TcL Network Interface Mapper

Cory Anderson · ‎02-04-2013

Is there a way to run a a TcL script that checks the MAC Address table, compares it to the ARP table, does an NSLookup for each entry, and gives a list of interfaces with the hostname of the device that's attached?

I did see Joseph Clarke wrote a script that does something like an NSlookup here:

https://supportforums.cisco.com/thread/171925

As someone with very little programming skills, where can I get started to get a grasp of TcL and what it can & can't do on a Cisco device?

Cory Anderson

Joe Clarke · ‎02-06-2013

I don't know of an existing script for this, but it is very doable. You would need to use a script like my host.tcl script for the nslookup piece. You could either modify that code or simply call that script as an external component. Two books that can help you get started with Tcl and especially Tcl on IOS are:

Tcl Scripting on IOS : http://www.amazon.com/TcL-Scripting-Cisco-Networking-Technology/dp/1587059452/ref=sr_1_1?ie=UTF8&qid=1360160132&sr=8-1&keywords=tcl+ios

Practical Programming in Tcl and Tk : http://www.amazon.com/Practical-Programming-Tcl-4th-Edition/dp/0130385603/ref=sr_1_2?ie=UTF8&qid=1360160153&sr=8-2&keywords=tcl+tk

The first will give you a number of good IOS-specific examples. The second one is a general language guide.

Cory Anderson · ‎02-06-2013

Thanks Joseph, I purchased the TcL Scripting in IOS book, and I'll order the Practical Programming in Tcl soon.

Cory Anderson · ‎03-22-2013

Hi Joe,

I started working on this a little today. I've gotten this:

tclsh

set ARP [split [exec "show ip arp | i Internet"] "\n"]

foreach line $ARP {

set CURIP [lindex $line 1]

set CURMAC [lindex $line 3]

set INT [exec "show mac address-table address $CURMAC | i Fa|Gi|Te"]

set CURINT [lindex $INT 3]

puts "$CURIP,$CURMAC,$CURINT"

}

Sample Output:

10.0.0.1,0018.8b32.5fa8,Gi0/5

The Problem I'm having now is with ARP's that are incomplete...Now I'm going to see if your multiple pipe script will work in a TcL to do:

set ARP [split [exec "show ip arp | e Incomplete| i Internet"] "\n"]

After I get that done, I guess I'll look at the NSlookupish script that I mentioned

Cory Anderson · ‎03-22-2013

Well right after sending that I realized, instead of going through all that:

show ip arp | i Vlan|Gi|Fa|Te

Joe Clarke · ‎03-23-2013

Multi-pipe would be an overkill for this. Since you're already in Tcl, just use regexp to skip incomplete lines. For example:

foreach line $ARP {

if { [regexp {Incomplete} $line] } {

continue

}

....

Cory Anderson · ‎04-04-2013

Thanks Joe; Getting it slowly but surely.

I'm struggling a little with TcL, more struggling with the logic of programing in general.

The thing I'm going for now, is to find trunks, and exclude the line of the ip spreadsheet if the interface a mac was learned on is a trunk.

puts $list_b ; # trunk interfaces

Gi0/25

Gi0/26

puts $list_a ; # ip_spreadsheet_entries

10.10.10.1,0015.f990.0460,Gi0/26

10.10.10.2,0015.f990.0461,Gi0/25

10.10.10.3,0015.f990.0463,Gi0/24

foreach ip $list_a

set num 0;

while { $num == 0 } {

foreach trunk $list_b {

set num [regexp ($trunk) $ip]

if {$num == 0 } {

append output \n $ip

}

#the results I'm getting....

puts $output ;

10.10.10.1,0015.f990.0460,Gi0/26

10.10.10.2,0015.f990.0461,Gi0/25

10.10.10.3,0015.f990.0463,Gi0/24

#The Results I'm trying to get

10.10.10.3,0015.f990.0463,Gi0/24

I know it's a logic problem, I don't quite know how to search each line of a list for each line of another list....

Joe Clarke · ‎04-06-2013

If list_b contains your trunks, then do this:

foreach ip $list_a {

set parts [split $ip ,]

if { [lsearch -exact $list_b [lindex $parts 2]] == -1 } {

append output \n $ip

}

puts $output

Cory Anderson · ‎04-06-2013

Thanks Joseph! I ended up figuring out a solution (that's nowhere near as clean). The lsearch -exact looks pretty handy. Here's what I did:

foreach line_a $list_a {
set num 0
foreach line_b $list_b {
if {$num <= 0} {
set num [regexp $line_b $line_a]
}
}
if {$num == 0} {
append output \n $line_a }
}

Joe Clarke · ‎04-07-2013

You should consider the lsearch approach. It will be much more efficient as the lists grow.

Cory Anderson · ‎04-08-2013

Thanks Joseph. I'm definitely going to user the lsearch approach. On a side note...When I read through the man page of lsearch, it doesn't really describe the capability of using each line in a list as an argument for the search. The lseach works without making me feel like I'm working on a rubics cube.

Cory Anderson · ‎04-10-2013

Hi Joseph, another thing I'm trying to figure out is how to populate my ARP table by doing a ping sweep in each subnet. I can do this semi-manually with a while loop or a for loop. I have to get the network address, broadcast & number of addresses in the subnet manually, the I can do the ping sweep.

What I have no idea of where to start is to use TcL to get all ip addresses & masks & to a ping sweep of the subnet. Is this something that is going to be possible? To difficult for a beginner?

Thanks,

Cory Anderson

Joe Clarke · ‎04-10-2013

It's not that straight-forward. Have a look at the attached script and look at the do_IOSgetaddress procedure. It will show you how you can get the IP address and netmasks from an IOS device for a given interface. There is also a

do_IOSgetinterfaces procedure that will get all interfaces of an IOS device.

Cory Anderson · ‎04-15-2013

Thanks Joseph,

I will definetly take a look at this.

I did figure this problem out. I've attached the ping sweep script, it maybe better to change the line from exec "ping" to lappend \n to verify functionality.

It also has some unnecessary lines, but it was a learning experience for me. I really appreciate all of your help, & direction.

Cory Anderson