Solved: Create an EEM to find a port (mac address)

andre.ortega · ‎03-14-2014

Hello there,

I´d like to create a script to find where an IP address is associated.

Manually I can do that using the command "show arp | in 10.10.10.50" (IP that I am looking for), that give me the mac address and then I use the command "show mac ad ad 4055.39dc.f468" (mac associated to that IP).

GW01#show arp | in 10.10.10.71
Internet 10.10.10.71 0 4055.39dc.f468 ARPA Vlan10
GW01#show mac ad ad 4055.39dc.f468
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
10 4055.39dc.f468 DYNAMIC Po4
Total Mac Addresses for this criterion: 1

Would be nice if I can execute the EEM informing the IP address (example: findport 10.10.10.50) and get the final result (interface where this IP is associated).

How could I do that? How to pass the IP address that I have typed to EEM and after, how to get the MAC address that the first command shown?

Thanks for all.

Dan Frey · ‎03-17-2014

The error message could be related to: https://tools.cisco.com/bugsearch/bug/CSCsy89677

If that is the case the error message is cosmetic only.

View solution in original post

Dan Frey · ‎03-20-2014

The script has been changed slightly and is shown below. Put this into a file and on the switch flash drive or local media.

#############

foreach ip $::argv {
set result [exec "show arp | inc $ip"]
if [regexp {[a-zA-Z]+\s+\d+\.\d+\.\d+\.\d+\s+\d+\s+([0-9a-f]+\.[0-9a-f]+\.[0-9a-f]+)\s+ARPA} $result match mac ] {
set output [exec "show mac address-table address $mac"]
regexp {(\d+\s+[0-9a-f]+\.[0-9a-f]+\.[0-9a-f]+\s+[A-Z]+\s+[0-9\/a-zA-Z]+)} $output match output
puts "$ip = $output"
} else {
puts "$ip not in arp table"

}}

########

My file is called resolve.tcl and this can be run in exec mode on the switch.

Switch_1#tclsh flash:resolve.tcl 192.168.0.2 192.168.0.1 192.168.0.3
192.168.0.2 = 1 0024.14ac.0f48 DYNAMIC Fa0/11
192.168.0.1 = 1 0001.6c14.f8c1 DYNAMIC Fa0/12
192.168.0.3 not in arp table

Switch_1#

View solution in original post

Dan Frey · ‎03-15-2014

If you want to make it interactive then the tcl shell on the switch is also an option. A simple script to run the commands for you that can be pasted into the TCL shell.

==============

Switch_1#tclsh
Switch_1(tcl)#proc resolve {args} {
foreach ip $args {
set result [exec "show arp | inc $ip"]
if [regexp {[a-zA-Z]+\s+\d+\.\d+\.\d+\.\d+\s+\d+\s+([0-9a-f]+\.[0-9a-f]+\.[0-9a-f]+)\s+ARPA} $result match mac ] {
set output [exec "show mac address-table address $mac"]
regexp {(\d+\s+[0-9a-f]+\.[0-9a-f]+\.[0-9a-f]+\s+[A-Z]+\s+[0-9\/a-zA-Z]+)} $output match output
puts "$ip = $output"
} else {
puts "$ip not in arp table"
}
}}

==========

Then type resolve and the all the ip addresses you want to map.

Switch_1(tcl)#resolve 192.168.0.125 192.168.0.3 192.168.0.2
192.168.0.125 = 1 7001.6c14.1dc1 DYNAMIC Fa0/12
192.168.0.3 not in arp table
192.168.0.2 = 1 7024.14ac.0f48 DYNAMIC Fa0/11

Switch_1(tcl)#

andre.ortega · ‎03-17-2014

Thank you so much Daniel.

I tried your script but I am getting a error...

SW10(tcl)#proc resolve {args} {
% Ambiguous command: "proc resolve {args} {"

Regards

Dan Frey · ‎03-17-2014

The error message could be related to: https://tools.cisco.com/bugsearch/bug/CSCsy89677

If that is the case the error message is cosmetic only.

famiglietti.m · ‎03-20-2014

I really like this, but I would like to be able to give someone access to do the "resolve" part without giving them access to the tclsh - like an operator instead of an admin. Is there a way to make it a stored procedure and just call the procedure whenever needed? I want to be able to assign the right to a certain privilege level - like priv 5 or something like that.

andre.ortega · ‎03-20-2014

Yes!! I was thinking exactly about it.

I am not concerned about privileg levels, but it would be really wonderful if we can just put the script once, and after that use only a command (in this case "resolve").

Dan Frey · ‎03-20-2014