Cisco IOS TCL Scripting

bojan.vujic · ‎12-21-2007

Respected,

I need to create TCL script on my 1841, which will check status of dialer1 interface, and if protocol is up and interface is up, then it will delete all local vpn sessions.

Anyone who can help me with this? I never do anything similarâ€¦.

cpubob · ‎12-21-2007

Here is the script that will do a command based on the up or down operation status of an interface.

This script is very, VERY basic, no spell checking of the interface, no check of previous interface state

the last time the script was run

proc clearvpn { int } {

set int_out [exec "show interfaces"]

## regex looks for the interface you specified when you called

## the procedure Variable var_dontcare is a copy of variable

## int_out, variable var_int_status contains the operation status

## of the interface.

regexp "$int is \[a-z \]\{2,25\}, line protocol is (\[a-z\]\{2,5\}).*" $int_out var_dontcare var_int_status

if {[info exists var_int_status]} {

if {[string equal up $var_int_status]} {

##

## Replace the following line with the command you wish to run.

##

exec "clear ip bgp *"

puts "VPN's cleared"

} elseif {[string equal down $var_int_status]} {

puts "Interface is down" }

} else {

puts "Interface does not exist! Check spelling"

}

You can have the procedure auto initialize from an ftp server.

To accomplish that, add the following global command with your info:

scripting tcl init ftp://user:password@10.1.1.1/tclscript/initfiles3.tcl

-or-

you can store the tcl file locally on the flash:

scripting tcl init flash://initfiles3.tcl

-or-

just call the file when you start tclsh

source slot0:clearvpn.tcl

Here is the output of me using the command.

Rack1R1#tclsh

Rack1R1(tcl)#

Rack1R1(tcl)#proc clearvpn { int } {

+>

+>set int_out [exec "show interfaces"]

+>

+>## regex looks for the interface you specified when you called

+>## the procedure Variable var_dontcare is a copy of variable

+>## int_out, variable var_int_status contains the operation status

+>## of the interface.

+>

+>$rotocol is (\[a-z\]\{2,5\}).*" $int_out var_dontcare var_int_status

+>

+>if {[info exists var_int_status]} {

+> if {[string equal up $var_int_status]} {

+> ##

+> ## Replace the following line with the command you wish to run.

+> ##

+> exec "clear ip bgp *"

+> puts "VPN's cleared"

+> } elseif {[string equal down $var_int_status]} {

+> puts "Interface is down" }

+> } else {

+> puts "Interface does not exist! Check spelling"

+> }

+>}

Rack1R1(tcl)#clearvpn serial2/0

Interface does not exist! Check spelling

Rack1R1(tcl)#clearvpn Serial2/0

Interface is down

Rack1R1(tcl)#clearvpn FastEthernet0/0

VPN's cleared

Rack1R1(tcl)#

03:53:58: %BGP-5-ADJCHANGE: neighbor 131.1.3.3 Down User reset

03:53:58: %BGP-5-ADJCHANGE: neighbor 131.1.5.5 Down User reset

03:53:58: %BGP-5-ADJCHANGE: neighbor 131.1.19.9 Down User reset

03:53:59: %BGP-5-ADJCHANGE: neighbor 131.1.3.3 Up

Rack1R1(tcl)#

03:54:00: %BGP-5-ADJCHANGE: neighbor 131.1.5.5 Up

Rack1R1(tcl)#

03:54:02: %BGP-5-ADJCHANGE: neighbor 131.1.19.9 Up

Rack1R1(tcl)#

bojan.vujic · ‎12-24-2007

Please, Can you help me with this file, how to download on router, where to put it, on flash or nvram or where?

I really don't have any experience with this kind scriptingâ€¦

Thank you for your assistance it is rally helpful.

cpubob · ‎01-02-2008

Now there are lots of ways to do this, you do not even need to copy this to your router to get it to work, but I thought this would be the easiest to start with. I've included the steps as an attachment because the formating is messed up below but you can get the general idea. Setup a tftp server and put the tcl file on it so you can copy it to your router.

Rack1R1#dir disk0:

Directory of disk0:/

No files in directory

133910528 bytes total (133910528 bytes free)

Rack1R1#

Rack1R1#ping 192.168.1.72

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.72, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/20/36 ms

Rack1R1#

Rack1R1#copy tftp://192.168.1.72/clearvpn.tcl disk0:

Destination filename [clearvpn.tcl]?

Accessing tftp://192.168.1.72/clearvpn.tcl...

Loading clearvpn.tcl from 192.168.1.72 (via FastEthernet0/0): !

[OK - 764 bytes]

764 bytes copied in 0.152 secs (5026 bytes/sec)

Rack1R1#

Rack1R1#dir disk0:

Directory of disk0:/

1 -rw- 764 Jan 2 2008 13:14:26 +00:00 clearvpn.tcl

133910528 bytes total (133906432 bytes free)

Rack1R1#

Rack1R1#tclsh

Rack1R1(tcl)#clearvpn

invalid command name "clearvpn" ^

% Invalid input detected at '^' marker.

Rack1R1(tcl)#

Rack1R1(tcl)#source disk0:/clearvpn.tcl

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn

no value given for parameter "int" to "clearvpn"

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn fa 0/0

called "clearvpn" with too many arguments

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn fa0/0

Interface does not exist! Check spelling

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn Fastethernet0/0

Interface does not exist! Check spelling

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn FastEthernet0/0

VPN's cleared

Rack1R1(tcl)#

Rack1R1(tcl)#exit

Rack1R1#

cpubob · ‎01-02-2008

If you are going to use this a lot, then I would set the router to automatically load this script every time you go into tclsh, by setup up the tcl init variables. See below or attached for details.

Rack1R1#

Rack1R1#tclsh

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn

invalid command name "clearvpn" ^

% Invalid input detected at '^' marker.

Rack1R1(tcl)#exit

Rack1R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Rack1R1(config)#scripting tcl init disk0:clearvpn.tcl

Rack1R1(config)#exit

Rack1R1#

Rack1R1#tclsh

Rack1R1(tcl)#clearvpn

no value given for parameter "int" to "clearvpn"

Rack1R1(tcl)#

Rack1R1(tcl)#clearvpn FastEthernet0/0

VPN's cleared

Rack1R1(tcl)#