CiscoTools consists of two parts. One part retrieving data from routers and/or switches (using crontab), another presenting and/or interpreting data (web/CGI).
The scripts used to retrieve data are:
script family | function |
arplog scripts | get arp cache from routers (map mac to ipaddr) |
maclog scripts | get mac-address-table from swithes (map mac to switch interface) |
arplog scripts are located under /home/cisco/bin and consist of:
script | function |
arplog-all | calls arplog for each router listed in /home/cisco/access/cisco-routers-location |
arplog | connects to a given router (ipaddr or hostname in command line) |
arplog-filter | perl filter handling output retrieved from router |
get-arp-snmp2 | perl script getting arp data via snmp v2c |
get-arp-ssh | shell/expect script getting arp data via ssh |
get-arp-telnet | shell/expect script getting arp data via telnet |
Syntax:
arplog-all locationarplog-all executes arplog for each router listed in /home/cisco/access/cisco-routers-location
*/5 * * * * /home/cisco/bin/arplog-all location >/dev/null 2>/dev/null
Syntax:
arplog location hostnameUse the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers
arplog location ipaddr
arplog uses the authentication information given in /home/cisco/access/cisco-routers-location
The following logic is used when logging on to a router:
IF EXISTS file /home/cisco/access/cisco-globalFor each router a username and password can be entered, which is fine if usernames and passwords are all different on your routers.
THEN
get UNAME und PWORD as default authentication data
END
If your router does not require a username, use "-" as username
but supply a valid password.
Only if all your routers use a password only (no username) you can use
"-" for both username and password.
In that case set UNAME also to "-".
Let's assume you have created a file /home/cisco/access/cisco-global containing:
UNAME=cisco
PWORD=myway#42
SNMPCOMMUNITY=notpublic
Let's also assume you have created a file /home/cisco/access/cisco-routers-location containing:
################################################################################
# cisco-routers
################################################################################
# ipaddr user passwd transport # remark
################################################################################
192.168.1.1 - - telnet # global authentication
192.168.2.1 - noday#01 telnet # no username
192.168.3.1 admin local#22 ssh # local username/password
192.168.4.1 - nopublic snmp2 # snmp community nopublic
router 192.168.1.1 will be visited using telnet and username cisco, password myway#42 (from /home/cisco/access/cisco-global)
router 192.168.2.1 will be visited using telnet and no username, password noday#01
router 192.168.3.1 will be visited using ssh and username admin, password local#22
router 192.168.4.1 will be visited using snmp v2c and community nopublic
arplog-filter reads previously stored data first.
The data contains a time stamp. If a given mac and ipaddr
was seen by a router the time stamp is updated.
Finally arplog-filter writes back the updated datat.
The result is a documentation of which mac address had which ipaddr and a last time seen.
It's a simple way of detecting and documenting ipaddr changes and/or ipaddr moving between macs.
get-arp-snmp2 gets data via snmp v2c using the SNMP_Session Perl module.
Syntax:
get-arp-snmp2 community@hostnameUse the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location
get-arp-snmp2 community@ipaddr
get-arp-snmp2 will output data in the following format:
mac,ipaddr,vlan
get-arp-ssh gets data via ssh using expect.
Syntax:
get-arp-ssh hostname username passwordUse the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location
get-arp-ssh ipaddr username password
get-arp-ssh will output data in the given Cisco IOS format provided by the Cisco router device.
get-arp-telnet gets data via telnet using expect.
Syntax:
get-arp-telnet hostname username password [enable]Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location
get-arp-telnet ipaddr username password [enable]
get-arp-telnet will output data in the given Cisco IOS format provided by the Cisco router device.
maclog scripts are located under /home/cisco/bin and work mostly like arplog scripts.
However, they connect to switches rather than routers and map mac to switch interfaces rather than mac to ipddr.
maclog scripts consist of:
script | function |
maclog-all | calls maclog for each switch listed in /home/cisco/access/cisco-switches |
maclog | connects to a given switch (ipaddr or hostname in command line) |
maclog-filter | perl filter handling output retrieved from switch |
get-mac-snmp2 | perl script getting mac data via snmp v2c |
get-mac-ssh | shell/expect script getting mac data via ssh |
get-mac-telnet | shell/expect script getting mac data via telnet |
Syntax:
maclog-all locationmaclog-all executes maclog for each switch listed in /home/cisco/access/cisco-switches-location
*/5 * * * * /home/cisco/bin/maclog-all location >/dev/null 2>/dev/null
Syntax:
maclog location hostnameUse the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location
maclog location ipaddr
maclog uses the same authentication mechanism as arplog except the file listing all switches is /home/cisco/access/cisco-switches-location and there is an additional field for "mode".
get-mac-snmp2 gets data via snmp v2c using the SNMP_Session Perl module.
Syntax:
get-mac-snmp2 community@hostnameUse the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location
get-mac-snmp2 community@ipaddr
get-mac-snmp2 will output data in the following format:
mac,interface,vlanNote: interface may be in long format.
get-mac-ssh gets data via ssh using expect.
Syntax:
get-mac-ssh hostname username password [enable]Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-switches-location
get-mac-ssh ipaddr username password [enable]
get-mac-ssh will output data in the given Cisco IOS format provided by the Cisco switch device.
get-mac-telnet gets data via telnet using expect.
Syntax:
get-mac-telnet hostname username password [enable]Use the same format (ipaddr or hostname) used in /home/cisco/access/cisco-routers-location
get-mac-telnet ipaddr username password [enable]
get-mac-telnet will output data in the given Cisco IOS format provided by the Cisco switch device.
maclog-filter reads previously stored data first.
The data contains a time stamp. If a given mac was seen
on a given switch interface the time stamp is updated.
Finally maclog-filter writes back the updated datat.
The result is a documentation of which mac address was seen last on which switch interface.
It's a simple way of detecting and documenting devices moving from one switch to another (e. g. roaming).