Skip to main content

Use NQE to grab Helper IP's from Interfaces

  • June 12, 2024
  • 1 reply
  • 95 views
  • Translate
cariddir
Spotter
Forum|alt.badge.img+4

Apologies - This isn’t a question, and I can’t change it to a conversation -

With recent changes in our NAC servers, we needed to check that our ‘ip helper-addresses’ were consistent to our regional standards. This is something we usually did with Python, but here’s a simple script to grab the helpers on each of the interfaces.  I got the script working, but had some formatting issues, and thankfully a colleague was able to use some logic to format (@danny,Ramirez) via this statement:

let ips = (foreach ip in ServerIP where match.data.IntName == ip.data.IntName select distinct toString(ip.data.helper))

Ideally, we would would define the NAC servers per region, and export them as a check, but I haven’t gotten there yet ;-)

pattern = ```
interface {IntName:string} 
  ip helper-address {helper:ipv4Address}
```;

foreach device in network.devices
// Feel free to trim the scope with a where
// where "Branch" in device.tagNames && "Core" in device.tagNames && "C9500" in device.tagNames
	 let outputs = device.outputs
foreach command in outputs.commands
	where command.commandType == CommandType.CONFIG
	let parsed = parseConfigBlocks(OS.IOS_XE , command.response)
foreach match in blockMatches(parsed, pattern)
let ServerIP = blockMatches(device.files.config, pattern)
// Thanks Danny !
let ips = (foreach ip in ServerIP where match.data.IntName == ip.data.IntName select distinct toString(ip.data.helper))

select distinct{
  Hostname:device.name, 
  Intf:match.data.IntName, 
  Helpers:ips, 
  Tag: device.tagNames
}

resulting in a list of device interfaces and the helpers:

 

For Questions/Enhancements/Comments: rcariddi@gmail.com
Tyson Henrie
G
A
4 people like this
  • Tyson Henrie
    Tyson Henrie
  • G
    GaryB
  • A
    Ahmed
  • N
    NQEwizard

1 reply

A
Spotter
Forum|alt.badge.img+4
  • AndyLSpotter
  • Spotter
  • 18 replies
  • June 13, 2024

You could consider creating a lists such as ...

validservers = ["address 1", "address 2", "address 3"]

for each region then in your code compare each IP helper address to this list

validIP(device, ip) =
min(for each x in [0]
// any logic for which device is appropriate for a given list of valid servers would be put here. For example use tagNames on devices to select the right list
// define as true when the ip is not in the list
let violation = ip not in validservers
select violation
};

You’d need to alter the logic for the final area of the script so that you run the validIP function, which provides a true value for any IP not in the valid server list. 

 

(i’ve not built this, so it may contain typo’s)

Translate
G
C
cariddir
3 people like this
  • G
    GaryB
  • C
    Corey
  • cariddir
    cariddir

Reply


Badge winners

  • Community Contributor
    AricaFNhas earned the badge Community Contributor
  • NQE Collaborator
    gbaronhas earned the badge NQE Collaborator
  • Community Contributor
    CarlBhas earned the badge Community Contributor
  • Community Contributor
    gbaronhas earned the badge Community Contributor
  • Community Contributor
    Christopherhas earned the badge Community Contributor
Show all badges

Most helpful members this week

Terms of UseCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings