Below script is an example of UPM script, which can be used to check the access-list configured on each IO module and reconfigure ( clear and configure again ) the ACL. UPM script can be triggered by log message of EXOS switch by using log filter. In below script, whenever slot rebooted, it generate the relevant log and this log trigger the UPM script to be activated.
Below script used as a workaround of OS bug. If problem found on OS, it takes some time to clarify the Root cause of Bug and fix the problem on OS and release fixed version. So, even it's not the final resolution but using script as a workaround and minimizing the service impact is always good idea.
[ UPM configuration ]
Below script used as a workaround of OS bug. If problem found on OS, it takes some time to clarify the Root cause of Bug and fix the problem on OS and release fixed version. So, even it's not the final resolution but using script as a workaround and minimizing the service impact is always good idea.
[ UPM configuration ]
#
# Module upm configuration.
#
create upm profile acl1
set var cli.out " "
show access-list | in 1:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl10
set var cli.out " "
show access-list | in 10:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl2
set var cli.out " "
show access-list | in 2:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl3
set var cli.out " "
show access-list | in 3:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl4
set var cli.out " "
show access-list | in 4:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl7
set var cli.out " "
show access-list | in 7:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl8
set var cli.out " "
show access-list | in 8:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
create upm profile acl9
set var cli.out " "
show access-list | in 9:
set var output $TCL(split ${cli.out} "\n")
set var len $TCL(llength $output)
set var cnt1 ($len - 1)
if ($cnt1) then
set var i 0
while ($i < $cnt1) do
set var line $TCL(lindex $output $i)
set var port $TCL(lindex $line 1)
set var rule $TCL(lindex $line 2)
set var direction $TCL(lindex $line 3)
unconfigure access-list ports $port
configure access-list $rule ports $port $direction
set var i ($i+1)
endwhile
endif
.
[ EMS configuration - log configuration ]
create log filter aclfilter1
create log filter aclfilter2
create log filter aclfilter3
create log filter aclfilter4
create log filter aclfilter7
create log filter aclfilter8
create log filter aclfilter9
create log filter aclfilter10
configure log filter aclfilter1 add events HAL.Card.Info match string "Slot-1 is operational"
configure log filter aclfilter2 add events HAL.Card.Info match string "Slot-2 is operational"
configure log filter aclfilter3 add events HAL.Card.Info match string "Slot-3 is operational"
configure log filter aclfilter4 add events HAL.Card.Info match string "Slot-4 is operational"
configure log filter aclfilter7 add events HAL.Card.Info match string "Slot-7 is operational"
configure log filter aclfilter8 add events HAL.Card.Info match string "Slot-8 is operational"
configure log filter aclfilter9 add events HAL.Card.Info match string "Slot-9 is operational"
configure log filter aclfilter10 add events HAL.Card.Info match string "Slot-10 is operational"
create log target upm acl1
enable log target upm acl1
configure log target upm acl1 filter aclfilter1 severity Info
create log target upm acl2
enable log target upm acl2
configure log target upm acl2 filter aclfilter2 severity Info
create log target upm acl3
enable log target upm acl3
configure log target upm acl3 filter aclfilter3 severity Info
create log target upm acl4
enable log target upm acl4
configure log target upm acl4 filter aclfilter4 severity Info
create log target upm acl7
enable log target upm acl7
configure log target upm acl7 filter aclfilter10 severity Info
create log target upm acl8
enable log target upm acl8
configure log target upm acl8 filter aclfilter8 severity Info
create log target upm acl9
enable log target upm acl9
configure log target upm acl9 filter aclfilter9 severity Info
create log target upm acl10
enable log target upm acl10
configure log target upm acl10 filter aclfilter10 severity Info
No comments:
Post a Comment