CiscoTools How it Works

CiscoTools consists of two parts. One part retrieving data from routers and/or switches (using crontab), another presenting and/or interpreting data (web/CGI).

The scripts used to retrieve data are:
script familyfunction
arplog scriptsget arp cache from routers (map mac to ipaddr)
maclog scriptsget mac-address-table from swithes (map mac to switch interface)

arplog scripts

arplog scripts are located under /home/cisco/bin and consist of:

scriptfunction
arplog-allcalls arplog for each router listed in /home/cisco/access/cisco-routers-location
arplogconnects to a given router (ipaddr or hostname in command line)
arplog-filterperl filter handling output retrieved from router
get-arp-snmp2perl script getting arp data via snmp v2c
get-arp-sshshell/expect script getting arp data via ssh
get-arp-telnetshell/expect script getting arp data via telnet

arplog-all

Syntax:

arplog-all location
arplog-all executes arplog for each router listed in /home/cisco/access/cisco-routers-location

arplog-all should be run using (something like) crontab every 5 minutes.

Example crontab entry:
*/5 * * * * /home/cisco/bin/arplog-all location >/dev/null 2>/dev/null

arplog

Syntax:

arplog location hostname
arplog location ipaddr
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers

arplog uses the authentication information given in /home/cisco/access/cisco-routers-location

The following logic is used when logging on to a router:

IF EXISTS file /home/cisco/access/cisco-global
THEN
  get UNAME und PWORD as default authentication data
END
For each router a username and password can be entered, which is fine if usernames and passwords are all different on your routers.
If all routers have the same username and password (e. g. use of tacacs) then enter "-" as username and password.
In that case the UNAME and PWORD mentioned above will be used to login to your router.

If your router does not require a username, use "-" as username but supply a valid password.
Only if all your routers use a password only (no username) you can use "-" for both username and password.
In that case set UNAME also to "-".

Let's assume you have created a file /home/cisco/access/cisco-global containing:

UNAME=cisco
PWORD=myway#42
SNMPCOMMUNITY=notpublic

Let's also assume you have created a file /home/cisco/access/cisco-routers-location containing:

################################################################################
# cisco-routers
################################################################################
# ipaddr        user    passwd          transport       # remark
################################################################################
192.168.1.1     -       -               telnet          # global authentication
192.168.2.1     -       noday#01        telnet          # no username
192.168.3.1     admin   local#22        ssh             # local username/password
192.168.4.1     -       nopublic        snmp2           # snmp community nopublic

router 192.168.1.1 will be visited using telnet and username cisco, password myway#42 (from /home/cisco/access/cisco-global)
router 192.168.2.1 will be visited using telnet and no username, password noday#01
router 192.168.3.1 will be visited using ssh and username admin, password local#22
router 192.168.4.1 will be visited using snmp v2c and community nopublic

arplog-filter

arplog-filter reads previously stored data first.
The data contains a time stamp. If a given mac and ipaddr was seen by a router the time stamp is updated.
Finally arplog-filter writes back the updated datat.

The result is a documentation of which mac address had which ipaddr and a last time seen.
It's a simple way of detecting and documenting ipaddr changes and/or ipaddr moving between macs.

get-arp-snmp2

get-arp-snmp2 gets data via snmp v2c using the SNMP_Session Perl module.

Syntax:

get-arp-snmp2 community@hostname
get-arp-snmp2 community@ipaddr
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location

get-arp-snmp2 will output data in the following format:

mac,ipaddr,vlan

get-arp-ssh

get-arp-ssh gets data via ssh using expect.

Syntax:

get-arp-ssh hostname username password
get-arp-ssh ipaddr username password
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location

get-arp-ssh will output data in the given Cisco IOS format provided by the Cisco router device.

get-arp-telnet

get-arp-telnet gets data via telnet using expect.

Syntax:

get-arp-telnet hostname username password [enable]
get-arp-telnet ipaddr username password [enable]
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location

get-arp-telnet will output data in the given Cisco IOS format provided by the Cisco router device.

maclog scripts

maclog scripts are located under /home/cisco/bin and work mostly like arplog scripts.
However, they connect to switches rather than routers and map mac to switch interfaces rather than mac to ipddr.
maclog scripts consist of:

scriptfunction
maclog-allcalls maclog for each switch listed in /home/cisco/access/cisco-switches
maclogconnects to a given switch (ipaddr or hostname in command line)
maclog-filterperl filter handling output retrieved from switch
get-mac-snmp2perl script getting mac data via snmp v2c
get-mac-sshshell/expect script getting mac data via ssh
get-mac-telnetshell/expect script getting mac data via telnet

maclog-all

Syntax:

maclog-all location
maclog-all executes maclog for each switch listed in /home/cisco/access/cisco-switches-location

maclog-all should be run using (something like) crontab every 5 minutes.

Example crontab entry:
*/5 * * * * /home/cisco/bin/maclog-all location >/dev/null 2>/dev/null

maclog

Syntax:

maclog location hostname
maclog location ipaddr
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location

maclog uses the same authentication mechanism as arplog except the file listing all switches is /home/cisco/access/cisco-switches-location and there is an additional field for "mode".

get-mac-snmp2

get-mac-snmp2 gets data via snmp v2c using the SNMP_Session Perl module.

Syntax:

get-mac-snmp2 community@hostname
get-mac-snmp2 community@ipaddr
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location

get-mac-snmp2 will output data in the following format:

mac,interface,vlan
Note: interface may be in long format.

get-mac-ssh

get-mac-ssh gets data via ssh using expect.

Syntax:

get-mac-ssh hostname username password [enable]
get-mac-ssh ipaddr username password [enable]
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location

get-mac-ssh will output data in the given Cisco IOS format provided by the Cisco switch device.

get-arp-telnet

get-mac-telnet gets data via telnet using expect.

Syntax:

get-mac-telnet hostname username password [enable]
get-mac-telnet ipaddr username password [enable]
Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location

get-mac-telnet will output data in the given Cisco IOS format provided by the Cisco switch device.

maclog-filter

maclog-filter reads previously stored data first.
The data contains a time stamp. If a given mac was seen on a given switch interface the time stamp is updated.
Finally maclog-filter writes back the updated datat.

The result is a documentation of which mac address was seen last on which switch interface.
It's a simple way of detecting and documenting devices moving from one switch to another (e. g. roaming).