def erspan_post_config():
"""
Author: Lakshminarayana D ([email protected])
Using this post config at module level. So, applicable for all test cases which includes in this module.
:return: None
"""
# Unconfig ip address on DUT-1
for port, ip_addr, in zip(data.port_list_d1, data.ip_list_d1):
ip.delete_ip_interface(vars.D1, port, ip_addr, data.subnet_mask)
# Unconfig ip address on DUT-2
for port, ip_addr in zip(data.port_list_d2, data.ip_list_d2):
ip.delete_ip_interface(vars.D2, port, ip_addr, data.subnet_mask)
# Unconfig static route
_, network = ip.get_network_addr("{}/{}".format(data.ip_T1D2P1, data.subnet_mask))
ip.delete_static_route(vars.D1, data.ip_D2D1P1, network)
_, network = ip.get_network_addr("{}/{}".format(data.ip_T1D1P1, data.subnet_mask))
ip.delete_static_route(vars.D2, data.ip_D1D2P1, network)
# Unconfig mirror session
mirror.delete_session(vars.D1, data.session_name)
# Unconfig acl rule
acl_dscp.config_classifier_table(dut=vars.D1, enable="del", class_name=data.acl_rule)
# Unconfig acl table
acl_dscp.config_service_policy_table(dut=vars.D1, policy_kind='unbind', interface_name=vars.D1T1P1, stage='in',
service_policy_name=data.acl_table_name, policy_type=data.type)
acl_dscp.config_service_policy_table(dut=vars.D1, policy_kind='unbind', interface_name=vars.D1T1P2, stage='in',
service_policy_name=data.acl_table_name, policy_type=data.type)
acl_dscp.config_policy_table(dut=vars.D1, enable='del', policy_name=data.acl_table_name)
acl.delete_acl_table(vars.D1, acl_table_name="L3_IPV6_INGRESS", acl_type="L3V6")
def ssh_module_hooks(request):
global vars
vars = st.ensure_min_topology("D1D2:2")
initialize_variables()
ssh_module_prolog()
config_ip_address()
enable_sshv6(vars.D1)
yield
config_ip_address(oper='remove')
acl_obj.delete_acl_table(vars.D1)
disable_sshv6(vars.D1)
snmp_config(config='remove')
def delete_ACLtable_scale(dut, **kwargs):
"""
Author:
delete_ACLtable_scale(dut=dut1,max_acl=10,acl_name='ACL')
:return:
"""
result = True
if 'max_acl' in kwargs:
max_acl = kwargs['max_acl']
else:
max_acl = 1
if 'acl_name' in kwargs:
acl_name = kwargs['acl_name']
else:
st.log('Mandatory parameter aclName is not found')
return False
st.log('Deleting ACL tables ')
for i in range(max_acl):
acl_obj.delete_acl_table(dut=dut, acl_table_name=acl_name + str(i))
return result
def test_ft_ssh_add_user_verify():
"""
Author : Prudvi Mangadu ([email protected])
"""
user_ssh = 0
acl_sshv4 = 0
acl_sshv6 = 0
acl_snmp = 0
if not snmp_config(config='add'): acl_snmp = +1
ipaddress = st.get_mgmt_ip(vars.D1)
if not ipaddress:
st.report_env_fail("ip_verification_fail")
snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community,
ipaddress,
ssh_data.oid_sysName)
out = config_nondefault_user()
if not out: user_ssh = +1
st.log("connecting to device with username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final,
ssh_data.commands_to_verify):
st.error('Cannot SSH into Device with default credentials')
user_ssh = +1
st.log('connecting to device with username={},password={}'.format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
if not st.exec_ssh(vars.D1, ssh_data.usr_non_default,
ssh_data.pwd_non_default, ssh_data.commands_to_verify):
st.error('Cannot SSH into Device with non-default credentials')
user_ssh = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if not output:
user_ssh = +1
IPAddr = ensure_service_params(vars.D1, "snmptrap", "ip") + "/32"
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_ACL|RULE_1",
"SRC_IP", IPAddr)
change_acl_rules(acl_data.acl_json_config_control_plane, "SSH_ONLY|RULE_1",
"SRC_IP", IPAddr)
change_acl_rules(acl_data.acl_json_config_control_plane, "SSH_ONLY|RULE_2",
"SRC_IP", ssh_data.ipv4_network)
change_acl_rules(acl_data.acl_json_config_control_plane,
"V6_SSH_ONLY|RULE_1", "SRC_IPV6",
ssh_data.ipv6_network_D1)
acl_config = acl_data.acl_json_config_control_plane
st.log("ACL_DATA: {}".format(acl_config))
apply_acl_config(vars.D1, acl_config)
acl_obj.show_acl_table(vars.D1)
acl_obj.show_acl_rule(vars.D1)
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_ACL",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("SNMP_ACL"))
acl_snmp = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SSH_ONLY",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("SSH_ONLY"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY"))
acl_sshv6 = +1
hostname = basic_obj.get_hostname(vars.D1)
st.log("HOSTNAME: {}".format(hostname))
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if hostname not in snmp_out: acl_snmp = +1
st.log("connecting to device with default username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv6 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv6 = +1
st.log(
"connecting to device with non default username={},password={}".format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_non_default,
ssh_data.pwd_non_default)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_non_default,
ssh_data.pwd_non_default)
if not output: acl_sshv6 = +1
config_save(vars.D1)
st.log('rebooting the device.')
st.reboot(vars.D1, 'fast')
acl_obj.show_acl_table(vars.D1)
acl_obj.show_acl_rule(vars.D1)
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SSH_ONLY",
"RULE_1"):
st.log("Failed to create ACL rule '{}' ".format("SSH_ONLY"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY",
"RULE_1"):
st.log("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY"))
acl_sshv4 = +1
if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_ACL",
"RULE_1"):
st.error("Failed to create ACL rule '{}' ".format("SNMP_ACL"))
acl_snmp = +1
hostname = basic_obj.get_hostname(vars.D1)
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if hostname not in snmp_out: acl_snmp = +1
'''
change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_ACL|RULE_1", "SRC_IP", "2.2.2.2/24")
acl_config = acl_data.acl_json_config_control_plane
apply_acl_config(vars.D1, acl_config)
acl_obj.show_acl_rule(vars.D1)
snmp_out = execute_command(ssh_conn_obj, snmp_cmd)
if "Timeout" not in snmp_out: acl_snmp = + 1
'''
st.log("connecting to device with default username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2,
ssh_data.usr_default, ssh_data.pwd_final)
if output: acl_sshv6 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv4 = +1
output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1,
ssh_data.usr_default, ssh_data.pwd_final)
if not output: acl_sshv6 = +1
if acl_sshv4:
st.report_tc_fail("test_ft_controlplane_acl_service_sshv4",
"ssh_failed",
"with control plane ACL service SSHv4 after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_sshv4",
"ssh_failed",
"with control plane ACL service SSHv4 after reboot")
if acl_sshv6:
st.report_tc_fail("test_ft_controlplane_acl_service_sshv6",
"ssh_failed",
"with control plane ACL service SSHv6 after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_sshv6",
"ssh_failed",
"with control plane ACL service SSHv6 after reboot")
if acl_snmp:
st.report_tc_fail("test_ft_controlplane_acl_service_snmp",
"snmp_output_failed",
"with control plane ACL service SNMP after reboot")
else:
st.report_tc_pass("test_ft_controlplane_acl_service_snmp",
"snmp_output_failed",
"with control plane ACL service SNMP after reboot")
acl_obj.delete_acl_table(vars.D1)
if acl_sshv4 or acl_sshv6 or acl_snmp:
st.generate_tech_support(vars.D1,
"controlplane_acl_services_after_reboot")
st.log("connecting to device with username={},password={}".format(
ssh_data.usr_default, ssh_data.pwd_final))
if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final,
ssh_data.commands_to_verify):
st.error(
'Cannot SSH into Device with default credentials after reboot')
user_ssh = +1
st.log('connecting to device with username={},password={}'.format(
ssh_data.usr_non_default, ssh_data.pwd_non_default))
if not st.exec_ssh(vars.D1, ssh_data.usr_non_default,
ssh_data.pwd_non_default, ssh_data.commands_to_verify):
st.error(
'Cannot SSH into Device with non-default credentials after reboot')
user_ssh = +1
config_nondefault_user(config='remove')
if user_ssh:
st.report_fail("ssh_failed")
st.report_pass("test_case_passed")
def crm_acl_unconfig(data=[]):
acl_obj.show_ip_access_list(data.D1)
tables = ["ACL_TABLE0", "ACL_TABLE1"]
for table in tables:
acl_obj.delete_acl_table(data.D1, acl_table_name=table, acl_type='ip')
acl_obj.show_ip_access_list(data.D1)
def test_fuctPBR_02():
global description
global descriptionv6
global vars
vars = st.get_testbed_vars()
final_result = True
description = 'IPv4_ACL_redirect_NH'
descriptionv6 = 'IPv6_ACL_redirect_NH'
st.log(
'This test covers StSoSeConf014 StSoSeConf015 StSoSeVer014 StSoSeVer015'
)
st.log('creating IPv4 static route')
ipfeature.create_static_route(dut1,
static_ip=srpIP,
next_hop=nextHop_ip,
shell='')
ipfeature.create_static_route(dut1,
static_ip=srpIPv6,
next_hop=nextHop_ipv6,
shell='',
family='ipv6')
st.log(
'creating IPv4 ACL table and binding to the ports in Ingress direction'
)
acl_obj.create_acl_table(dut1,
name=acl_table_name,
stage=stage,
type=type,
description=description,
ports=[r1_tg_ports1])
acl_obj.create_acl_table(dut1,
name=acl_table_namev6,
stage=stage,
type=typev6,
description=descriptionv6,
ports=[r1_tg_ports1])
st.log(
'Creating ACL rules with src_ip dst_ip port and action as forward drop'
)
acl_obj.create_acl_rule(dut1,
table_name=acl_table_name,
rule_name=rule_list[0],
priority=priority_list[0],
packet_action=pktAction + nextHop_ip + '|' +
r1_tg_ports2,
SRC_IP="{}/{}".format(srpIP, maskACL),
DST_IP="{}/{}".format(dstIP, maskACL))
acl_obj.create_acl_rule(dut1,
table_name=acl_table_name,
rule_name=rule_list[9],
priority=priority_list[9],
packet_action='drop',
IP_TYPE='ipv4any')
acl_obj.create_acl_rule(dut1,
table_name=acl_table_namev6,
rule_name=rule_list[0],
priority=priority_list[0],
packet_action=pktAction + nextHop_ipv6 + '|' +
r1_tg_ports2,
SRC_IPV6="{}/{}".format(srpIPv6, '128'),
DST_IPV6="{}/{}".format(dstIPv6, '128'))
acl_obj.create_acl_rule(dut1,
table_name=acl_table_namev6,
rule_name=rule_list[9],
priority=priority_list[9],
packet_action='drop',
IP_TYPE='ipv6any')
#acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[0],priority=priority_list[0], packet_action=pktAction+nextHop_ip+'|'+r1_tg_ports2, SRC_IP="{}/{}".format(srpIP, maskACL),DST_IP="{}/{}".format(dstIP, maskACL))
start_stop_traffic(tg1, tg2, tg_dut1_p1_handle, tg_dut1_p2_handle)
traffic_details = {
'1': {
'tx_ports': [vars.T1D1P1],
'tx_obj': [tg1],
'exp_ratio': [[1, 0, 1, 0]],
'rx_ports': [vars.T1D1P2],
'rx_obj': [tg2],
'stream_list': [[stream_id1, stream_id2, stream_id3, stream_id4]]
}
}
test1 = tgapi.validate_tgen_traffic(traffic_details=traffic_details,
mode='streamblock',
comp_type='packet_count')
if test1 is False:
st.error("Traffic Verification Failed")
final_result = False
t1 = acl_obj.verify_acl_stats(dut1,
table_name=acl_table_name,
rule_name=rule_list[0],
packet_count=expCount)
t2 = acl_obj.verify_acl_stats(dut1,
table_name=acl_table_name,
rule_name=rule_list[9],
packet_count=expCount)
t3 = acl_obj.verify_acl_stats(dut1,
table_name=acl_table_namev6,
rule_name=rule_list[0],
packet_count=expCount)
t4 = acl_obj.verify_acl_stats(dut1,
table_name=acl_table_namev6,
rule_name=rule_list[9],
packet_count=int(expCount) + 16)
if False in list(set([t1, t2, t3, t4])):
tc = [t1, t2, t3, t4].index(False)
print("TC failed for rule : " + str((tc + 1)))
st.error("ACL stats validation Failed")
final_result = False
else:
st.log('ACL stats validation Passed')
st.log('Deleting IPv4/v6 static route')
ipfeature.delete_static_route(dut1,
static_ip=srpIP,
next_hop=nextHop_ip,
shell='')
ipfeature.delete_static_route(dut1,
static_ip=srpIPv6,
next_hop=nextHop_ipv6,
shell='',
family='ipv6')
st.log('Removing the ACL table config')
acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_name)
acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_namev6)
if final_result:
st.log(
"PBR-Test:Validation of PBR REDIRECT_TO_Next-Hop interface Passed")
st.report_pass('test_case_passed')
else:
st.error(
"PBR-Test : Validation of PBR REDIRECT_TO_Next-Hop interface failed"
)
st.report_fail('test_case_failed')