def findMacbyIp(addr, host): # Find what the MAC address is associated with the provided IP address # If client IP address is on a vlan hosted on a firewall, pull MAC from firewall # Currently not fully implemented yet '''if ( "10.x.x." in ipAddr or "10.x.x." in ipAddr or "10.x.x." in ipAddr ): # Below 2 lines not used; left for future ASA support showArp = "show arp | include " host = hostCoreASA asaClient = True # If client IP address is not on a firewall-hosted vlan, pull MAC from Core else: showArp = "show ip arp | include " asaClient = False''' showArp = "show ip arp | include " asaClient = False # Set command to run for ARP table lookup command = showArp + addr + "\n" # Run command, save output to 'result' if asaClient: result = sfn.runSSHCommandASA(command, host, creds) # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(result): print "Client IP address is not found on the core switch or the ASA. Error #301. Please try again" fn.debugScript('301') # Split result into list split by newlines result = result.splitlines() # Replace everywhere with multiple spaces with only a single space result = fn.replaceDoubleSpaces(result[-3]) else: result = sfn.runSSHCommand(command, host, creds) # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(result): print "Client IP address is not found in the core network. Error #302. Please try again" fn.debugScript('302') # Replace everywhere with multiple spaces with only a single space result = fn.replaceDoubleSpaces(result) # Split result by individual spaces result = result.split(" ") # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(result[2]): print "Client MAC address is not found. Please try again" sys.exit() # Otherwise, return MAC address found from ARP table else: if result[2] == "arp": print "Client IP address is identified as on the firewall but cannot be found on it. Error #303. Please try again" fn.debugScript('303') else: return result[2]
def findIpByMac(addr, host): # Find what the IP address is associated with the provided MAC address showArp = "show ip arp | include " command = showArp + addr # Run command, save output to 'result' result = sfn.runSSHCommand(command, host, creds) # If MAC address isn't in ARP table, or listed as Incomplete, check a firewall to see if its hosted there if fn.errorCheckEmptyIncResult(result): # Currently not fully implemented yet '''showArp = "show arp | include " command = showArp + addr host = hostCoreASA asaClient = True''' if asaClient: result = sfn.runSSHCommandASA(command, host, creds) # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(result): print "Client MAC address is not found on the core switch or internal ASA. Error #201. Please try again" fn.debugErrorOut('201') # Split result into list split by newlines result = result.splitlines() # Replace everywhere with multiple spaces with only a single space result = fn.replaceDoubleSpaces(result[-3]) # Split result by individual spaces result = result.split(" ") # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(result[2]): print "Client MAC address is not found. Error #202. Please try again" fn.debugScript('202') # Otherwise, return MAC address found from ARP table else: if result[2] == "arp": print "Client IP address is identified as as on the firewall but cannot be found on it. Error #203. Please try again" fn.debugScript('203') else: return result[1] else: # Replace everywhere with multiple spaces with only a single space result = fn.replaceDoubleSpaces(result) # Split result by individual spaces clientIPAddr = result.split(" ") # If MAC address isn't in ARP table, or listed as Incomplete, exit script if fn.errorCheckEmptyIncResult(clientIPAddr[0]): print "Client IP address is not found. Please try again" fn.debugScript('204') # Otherwise, return IP address found from ARP table else: return clientIPAddr[0]
def validatePortProtocolUserInput(input): # Loop for each inputted port number and protocol for x in input: # Reduce all spacing to just a single space per section x = fn.replaceDoubleSpaces(x) # Strip any new lines from the input x = fn.stripNewline(x) # Split string by spaces. The 1st field is the port, the 2nd field is the protocol xList = x.split(" ") # Port is xList[0], protocol is xList[1] if not ifn.validatePortNumber( xList[0]) or not ifn.validatePortProtocol(xList[1]): # Port number and protocol isn't valid, return False return False # All port number and protocol are valid, return True return True
def validateIPMaskUserInput(input): # Loop for each inputted source IP address and subnet mask for x in input: # Reduce all spacing to just a single space per section x = fn.replaceDoubleSpaces(x) # Strip any new lines from the input x = fn.stripNewline(x) # Split string by spaces. The 1st field is the IP address, the 2nd field is the subnet mask xList = x.split(" ") # IP address is xList[0], subnet mask is xList[1] if not ifn.validateIPAddress(xList[0]) or not ifn.validateSubnetMask( xList[1]): # IP address or subnet mask isn't valid, return False return False # All IP addresses and subnet masks are valid, return True return True
########### # Counter for number of source IP's i = 0 ################################################################################ ### Section - Sort through all Source IP addresses and subnet masks provided ### ################################################################################ # Loop for each inputted source IP address and subnet mask for source in sourceInput: # Increment counter for number of source IP's submitted i += 1 # Reduce all spacing to just a single space per section source = fn.replaceDoubleSpaces(source) # Split string by spaces. The 1st field is the IP address, the 2nd field is the subnet mask sourceList = source.split(" ") # Needed to preserve user provided source in below loop, and be able to change these Cmd varables without affecting original user input # IP address sourceIPCmd = sourceList[0] # Subnet mask sourceMaskCmd = sourceList[1] # Loop once only in case initial source isn't in ASA routing table, then search for default route for k in range(2): # Command to check for interface source would originate from command = "show route %s | inc via" % (sourceIPCmd) # Get result of above command when run on the firewall result = nfn.runSSHCommandInSession(command, ssh)
sshConn.send("terminal length 0\n") # Pause to allow command to complete time.sleep(.5) # Show all ports currently blocked by STP sshConn.send("show spanning-tree blockedports\n") # Pause to allow command to complete time.sleep(1) # Set terminal output settings back to default settings sshConn.send("terminal length 24\n") # Save any command output as 'output' output = sshConn.recv(5000) # Disconnect from the SSH session sfn.disconnectFromSSH(ssh) # Replace everywhere with multiple spaces with only a single space output = fn.replaceDoubleSpaces(output) # Replace all newlines (\r\n) in output with a single space output = re.sub(r"\r\n", " ", output) # Split result by individual spaces output = output.split(" ") # Tracking variable for excluding duplicate interface entries in list # Intialize/reset as an empty list trackList = [] # For each interface in output, identified by '/', print with no duplicates for line in output: # '//' detection needed as NX-OS outputs URL's in login banner # 'and/or' detection needed in case it is in a login banner (custom fix) if ("/" in line or "Po" in line) and not ("//" in line or "and/or" in line): # If interface isn't currently in the list (unique interface), add it to list if (line not in trackList) and line: trackList.append(line)
for a in range(0,2): showMac = "show mac address-table | include %s" % (macAddr) # Run 1st command, save output to 'result' result = sfn.runSSHCommand(showMac, host, creds) # If outputList is empty, ping IP address from switch and recheck MAC address table (to force it to populate) if not result: commandPing = "ping " + ipAddr sfn.runSSHCommand(commandPing, host, creds) sleep(1) a += 1 else: # Break from 'for' loop break # Replace everywhere with multiple spaces with only a single space result1 = fn.replaceDoubleSpaces(result) # Split result by individual spaces outputList = result1.split(" ") # Set last index for outputList to 2nd from last if last index is empty # Needed for variations in the MAC Address Table output between IOS and IOS-XE/NX-OS try: i = fn.indexLookup(outputList[-1]) except ValueError: fn.debugErrorOut('102') iface = outputList[i] # if MAC not found on core host/switch, error is thrown here: # Traceback (most recent call last): # File "device-lookup.py", line 262, in <module>