def findMacbyIp(addr, host):
# Find what the MAC address is associated with the provided IP address
# If client IP address is on a vlan hosted on a firewall, pull MAC from firewall
# Currently not fully implemented yet
'''if (
"10.x.x." in ipAddr or
"10.x.x." in ipAddr or
"10.x.x." in ipAddr
):
# Below 2 lines not used; left for future ASA support
showArp = "show arp | include "
host = hostCoreASA
asaClient = True
# If client IP address is not on a firewall-hosted vlan, pull MAC from Core
else:
showArp = "show ip arp | include "
asaClient = False'''
showArp = "show ip arp | include "
asaClient = False
# Set command to run for ARP table lookup
command = showArp + addr + "\n"
# Run command, save output to 'result'
if asaClient:
result = sfn.runSSHCommandASA(command, host, creds)
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(result):
print "Client IP address is not found on the core switch or the ASA. Error #301. Please try again"
fn.debugScript('301')
# Split result into list split by newlines
result = result.splitlines()
# Replace everywhere with multiple spaces with only a single space
result = fn.replaceDoubleSpaces(result[-3])
else:
result = sfn.runSSHCommand(command, host, creds)
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(result):
print "Client IP address is not found in the core network. Error #302. Please try again"
fn.debugScript('302')
# Replace everywhere with multiple spaces with only a single space
result = fn.replaceDoubleSpaces(result)
# Split result by individual spaces
result = result.split(" ")
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(result[2]):
print "Client MAC address is not found. Please try again"
sys.exit()
# Otherwise, return MAC address found from ARP table
else:
if result[2] == "arp":
print "Client IP address is identified as on the firewall but cannot be found on it. Error #303. Please try again"
fn.debugScript('303')
else:
return result[2]
def findIpByMac(addr, host):
# Find what the IP address is associated with the provided MAC address
showArp = "show ip arp | include "
command = showArp + addr
# Run command, save output to 'result'
result = sfn.runSSHCommand(command, host, creds)
# If MAC address isn't in ARP table, or listed as Incomplete, check a firewall to see if its hosted there
if fn.errorCheckEmptyIncResult(result):
# Currently not fully implemented yet
'''showArp = "show arp | include "
command = showArp + addr
host = hostCoreASA
asaClient = True'''
if asaClient:
result = sfn.runSSHCommandASA(command, host, creds)
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(result):
print "Client MAC address is not found on the core switch or internal ASA. Error #201. Please try again"
fn.debugErrorOut('201')
# Split result into list split by newlines
result = result.splitlines()
# Replace everywhere with multiple spaces with only a single space
result = fn.replaceDoubleSpaces(result[-3])
# Split result by individual spaces
result = result.split(" ")
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(result[2]):
print "Client MAC address is not found. Error #202. Please try again"
fn.debugScript('202')
# Otherwise, return MAC address found from ARP table
else:
if result[2] == "arp":
print "Client IP address is identified as as on the firewall but cannot be found on it. Error #203. Please try again"
fn.debugScript('203')
else:
return result[1]
else:
# Replace everywhere with multiple spaces with only a single space
result = fn.replaceDoubleSpaces(result)
# Split result by individual spaces
clientIPAddr = result.split(" ")
# If MAC address isn't in ARP table, or listed as Incomplete, exit script
if fn.errorCheckEmptyIncResult(clientIPAddr[0]):
print "Client IP address is not found. Please try again"
fn.debugScript('204')
# Otherwise, return IP address found from ARP table
else:
return clientIPAddr[0]
def validatePortProtocolUserInput(input):
# Loop for each inputted port number and protocol
for x in input:
# Reduce all spacing to just a single space per section
x = fn.replaceDoubleSpaces(x)
# Strip any new lines from the input
x = fn.stripNewline(x)
# Split string by spaces. The 1st field is the port, the 2nd field is the protocol
xList = x.split(" ")
# Port is xList[0], protocol is xList[1]
if not ifn.validatePortNumber(
xList[0]) or not ifn.validatePortProtocol(xList[1]):
# Port number and protocol isn't valid, return False
return False
# All port number and protocol are valid, return True
return True
def validateIPMaskUserInput(input):
# Loop for each inputted source IP address and subnet mask
for x in input:
# Reduce all spacing to just a single space per section
x = fn.replaceDoubleSpaces(x)
# Strip any new lines from the input
x = fn.stripNewline(x)
# Split string by spaces. The 1st field is the IP address, the 2nd field is the subnet mask
xList = x.split(" ")
# IP address is xList[0], subnet mask is xList[1]
if not ifn.validateIPAddress(xList[0]) or not ifn.validateSubnetMask(
xList[1]):
# IP address or subnet mask isn't valid, return False
return False
# All IP addresses and subnet masks are valid, return True
return True
###########
# Counter for number of source IP's
i = 0
################################################################################
### Section - Sort through all Source IP addresses and subnet masks provided ###
################################################################################
# Loop for each inputted source IP address and subnet mask
for source in sourceInput:
# Increment counter for number of source IP's submitted
i += 1
# Reduce all spacing to just a single space per section
source = fn.replaceDoubleSpaces(source)
# Split string by spaces. The 1st field is the IP address, the 2nd field is the subnet mask
sourceList = source.split(" ")
# Needed to preserve user provided source in below loop, and be able to change these Cmd varables without affecting original user input
# IP address
sourceIPCmd = sourceList[0]
# Subnet mask
sourceMaskCmd = sourceList[1]
# Loop once only in case initial source isn't in ASA routing table, then search for default route
for k in range(2):
# Command to check for interface source would originate from
command = "show route %s | inc via" % (sourceIPCmd)
# Get result of above command when run on the firewall
result = nfn.runSSHCommandInSession(command, ssh)
sshConn.send("terminal length 0\n")
# Pause to allow command to complete
time.sleep(.5)
# Show all ports currently blocked by STP
sshConn.send("show spanning-tree blockedports\n")
# Pause to allow command to complete
time.sleep(1)
# Set terminal output settings back to default settings
sshConn.send("terminal length 24\n")
# Save any command output as 'output'
output = sshConn.recv(5000)
# Disconnect from the SSH session
sfn.disconnectFromSSH(ssh)
# Replace everywhere with multiple spaces with only a single space
output = fn.replaceDoubleSpaces(output)
# Replace all newlines (\r\n) in output with a single space
output = re.sub(r"\r\n", " ", output)
# Split result by individual spaces
output = output.split(" ")
# Tracking variable for excluding duplicate interface entries in list
# Intialize/reset as an empty list
trackList = []
# For each interface in output, identified by '/', print with no duplicates
for line in output:
# '//' detection needed as NX-OS outputs URL's in login banner
# 'and/or' detection needed in case it is in a login banner (custom fix)
if ("/" in line or "Po" in line) and not ("//" in line or "and/or" in line):
# If interface isn't currently in the list (unique interface), add it to list
if (line not in trackList) and line:
trackList.append(line)
for a in range(0,2):
showMac = "show mac address-table | include %s" % (macAddr)
# Run 1st command, save output to 'result'
result = sfn.runSSHCommand(showMac, host, creds)
# If outputList is empty, ping IP address from switch and recheck MAC address table (to force it to populate)
if not result:
commandPing = "ping " + ipAddr
sfn.runSSHCommand(commandPing, host, creds)
sleep(1)
a += 1
else:
# Break from 'for' loop
break
# Replace everywhere with multiple spaces with only a single space
result1 = fn.replaceDoubleSpaces(result)
# Split result by individual spaces
outputList = result1.split(" ")
# Set last index for outputList to 2nd from last if last index is empty
# Needed for variations in the MAC Address Table output between IOS and IOS-XE/NX-OS
try:
i = fn.indexLookup(outputList[-1])
except ValueError:
fn.debugErrorOut('102')
iface = outputList[i]
# if MAC not found on core host/switch, error is thrown here:
# Traceback (most recent call last):
# File "device-lookup.py", line 262, in <module>