Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
1
Helpful
2
Replies

Using "IF" staement in TCL script to modify a switchport config

Go to solution
Network @RKI
Level 1
Level 1

‎05-06-2024 06:32 AM

Hi all,

this ist a part of our switch port config on a C9300 with an IOSXE 17.9.X:

+++
interface GigabitEthernet1/0/7
description RADIUS Port
switchport access vlan XY
switchport mode access
authentication priority dot1x mab
+++

now due to some internal issues we have to modify all of the switchports and turn the authentication priority to "mab dot1x".

It's not possible to use the interface-range command because of some ports in between that do not use RADIUS.

So i'm thinking about a TCL script with an IF statement, maybe something like:

if {description equals RADIUS Port or authenticatio priority equals dot1x mab}
set authentication priority mab dot1x

can anyone help with the hole syntax please.

Thanks in advance
Saif

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎05-06-2024 11:27 AM

Give this a try in tclsh mode.

set lines [exec show ip int brief]
set intflist ""
foreach line [split $lines "\n"] {
    if [regexp {^(GigabitEthernet[0-9\/]+)\s+} $line match intf] {
        lappend intflist $intf
    }
}

set command "set authentication priority mab dot1x"
foreach intf $intflist {
    set desc [exec show interface $intf | inc Description]
    if [regexp {(Description: Radius Port|Description: authentication priority equals dot1x mab)} $desc match description] {
       puts "executing $intf $command"
       ios_config "interface $intf" "$command"              
    }
}

 

 

View solution in original post

2 Replies 2

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎05-06-2024 11:27 AM

Give this a try in tclsh mode.

set lines [exec show ip int brief]
set intflist ""
foreach line [split $lines "\n"] {
    if [regexp {^(GigabitEthernet[0-9\/]+)\s+} $line match intf] {
        lappend intflist $intf
    }
}

set command "set authentication priority mab dot1x"
foreach intf $intflist {
    set desc [exec show interface $intf | inc Description]
    if [regexp {(Description: Radius Port|Description: authentication priority equals dot1x mab)} $desc match description] {
       puts "executing $intf $command"
       ios_config "interface $intf" "$command"              
    }
}

 

 

Go to solution
Network @RKI
Level 1
Level 1
In response to Dan Frey

‎05-07-2024 04:30 AM

Hi Dan,

thanks a lot for the script. It worked

Just one note: the second "set" in the line:

set command "set authentication priority mab dot1x"

is unnecessary. So it has to be:

 set command "authentication priority mab dot1x"

Best regards
Saif

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card