MAIN‎ > ‎Networking‎ > ‎

NET-NOTES

Regular expressions

posted Sep 19, 2015, 1:55 PM by Leszek Pilat


Anchors

^
Start of string, or start of line in multi-line pattern
\A
Start of string
$
End of string, or end of line in multi-line pattern
\Z
End of string
\b
Word boundary
\B
Not word boundary
\<
Start of word
\>
End of word

Character Classes

\c
Control character
\s
White space
\S
Not white space
\d
Digit
\D
Not digit
\w
Word
\W
Not word
\x
Hexade­cimal digit
\O
Octal digit

POSIX

[:upper:]
Upper case letters
[:lower:]
Lower case letters
[:alpha:]
All letters
[:alnum:]
Digits and letters
[:digit:]
Digits
[:xdigit:]
Hexade­cimal digits
[:punct:]
Punctu­ation
[:blank:]
Space and tab
[:space:]
Blank characters
[:cntrl:]
Control characters
[:graph:]
Printed characters
[:print:]
Printed characters and spaces
[:word:]
Digits, letters and underscore

Assertions

?=
Lookahead assertion
?!
Negative lookahead
?<=
Lookbehind assertion
?!= or ?<!
Negative lookbehind
?>
Once-only Subexp­ression
?()
Condition [if then]
?()|
Condition [if then else]
?#
Comment
 

Quanti­fiers

*
0 or more
{3}
Exactly 3
+
1 or more
{3,}
3 or more
?
0 or 1
{3,5}
3, 4 or 5
Add a ? to a quantifier to make it ungreedy.

Escape Sequences

\
Escape following character
\Q
Begin literal sequence
\E
End literal sequence
"­Esc­api­ng" is a way of treating characters which have a special meaning in regular expres­sions literally, rather than as special charac­ters.

Common Metach­ara­cters

^
[
.
$
{
*
(
\
+
)
|
?
<
>
The escape character is usually \

Special Characters

\n
New line
\r
Carriage return
\t
Tab
\v
Vertical tab
\f
Form feed
\xxx
Octal character xxx
\xhh
Hex character hh
 

Groups and Ranges

.
Any character except new line (\n)
(a|b)
a or b
(...)
Group
(?:...)
Passive (non-c­apt­uring) group
[abc]
Range (a or b or c)
[^abc]
Not (a or b or c)
[a-q]
Lower case letter from a to q
[A-Q]
Upper case letter from A to Q
[0-7]
Digit from 0 to 7
\x
Group/­sub­pattern number "­x"
Ranges are inclusive.

Pattern Modifiers

g
Global match
i *
Case-i­nse­nsitive
m *
Multiple lines
s *
Treat string as single line
x *
Allow comments and whitespace in pattern
e *
Evaluate replac­ement
U *
Ungreedy pattern
* PCRE modifier

String Replac­ement

$n
nth non-pa­ssive group
$2
"­xyz­" in /^(abc­(xy­z))$/
$1
"­xyz­" in /^(?:a­bc)­(xyz)$/
$`
Before matched string
$'
After matched string
$+
Last matched string
$&
Entire matched string
Some regex implem­ent­ations use \ instead of $.


Use wildcard characters to match certain classes of characters:
Character	Matches
=2E		Any character
#		Any digit
^		Beginning of line
$		End of line

Use brackets to match sets and ranges:
Character	Matches
[xyz]		Any character x, y, or z
[^xyz]		Any character except x, y, or z
[a-z]		Any character from a to z

Use backsplash characters to match non-printing characters:
Character	Matches
\t		Tab
\r		Line break (return)
\n		Unix line break (line feed)
\f		Page break (form feed)
\x		The character x unless x is one of the digits 0-9

Use repetition to match a series of characters:
Character	Matches
P*		Zero of more P's
P+		One of more P's
P?		Zero of one P's

P can be a literal character, a wildcard character, and range
pattern, or a special character.

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

posted Nov 12, 2014, 8:45 PM by Leszek Pilat   [ updated Nov 12, 2014, 8:47 PM ]

The gadget spec URL could not be found

Locate the SHA1 Key Hash

If the computer that performed the AP conversion is available, you can obtain the Secure Hash Algorithm 1 (SHA1) Key Hash from the .csv file that is in the Cisco Upgrade Tool directory.�If the .csv file is unavailable, you can issue a debug command on the WLC in order to retrieve the SHA1 Key Hash.

Complete these steps:

  1. Turn on the AP and connect it to the network.

  2. Enable the debugging on the WLC command-line interface (CLI).

    The command is debug pm pki enable.

    (Cisco Controller) >debug pm pki enable
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: getting (old) aes ID cert handle...
    Mon May 22 06:34:10 2006: sshpmGetCID: called to evaluate <bsnOldDefaultIdCert>
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, CA cert 
    >bsnOldDefaultCaCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 1, CA cert 
    >bsnDefaultRootCaCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 2, CA cert 
    >bsnDefaultCaCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 3, CA cert 
    >bsnDefaultBuildCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 4, CA cert 
    >cscoDefaultNewRootCaCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 5, CA cert 
    >cscoDefaultMfgCaCert<
    Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, ID cert 
    >bsnOldDefaultIdCert<
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key 
    Data
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 30820122 300d0609 
    2a864886 f70d0101 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 01050003 82010f00 
    3082010a 02820101 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 00c805cd 7d406ea0 
    cad8df69 b366fd4c 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 82fc0df0 39f2bff7 
    ad425fa7 face8f15 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� f356a6b3 9b876251 
    43b95a34 49292e11 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 038181eb 058c782e 
    56f0ad91 2d61a389 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� f81fa6ce cd1f400b 
    b5cf7cef 06ba4375 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� dde0648e c4d63259 
    774ce74e 9e2fde19 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 0f463f9e c77b79ea 
    65d8639b d63aa0e3 
    Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data� 7dd485db 251e2e07 
    9cd31041 b0734a55 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 463fbacc 1a61502d 
    c54e75f2 6d28fc6b 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 82315490 881e3e31 
    02d37140 7c9c865a 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 9ef3311b d514795f 
    7a9bac00 d13ff85f 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 97e1a693 f9f6c5cb 
    88053e8b 7fae6d67 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� ca364f6f 76cf78bc 
    bc1acc13 0d334aa6 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 031fb2a3 b5e572df 
    2c831e7e f765b7e5 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� fe64641f de2a6fe3 
    23311756 8302b8b8 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� 1bfae1a8 eb076940 
    280cbed1 49b2d50f 
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data� f7020301 0001
    Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: SSC Key Hash is 
    9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
    Mon May 22 06:34:14 2006: LWAPP Join-Request MTU path from AP 00:0e:84:32:04:f0 
    is 1500, remote debug mode is 0
    Mon May 22 06:34:14 2006: spamRadiusProcessResponse: AP Authorization failure for 
    00:0e:84:32:04:f0

The gadget spec URL could not be found



How to limit port bandwidth on CISCO 3750

posted Nov 12, 2014, 8:36 PM by Leszek Pilat   [ updated Nov 12, 2014, 8:38 PM ]

The gadget spec URL could not be found





mls qos
!
class-map match-any Policy1MB
match ip dscp 0 8 16 24 32 40 48 56
!
policy-map Limit1MB
class Policy1MB
police 3000000 512000 exceed-action drop
!
end

int fast 1/0/1
speed 10
duplex full
service-policy input Limit1MB
srr-que bandwidth limit 30

The gadget spec URL could not be found



Cisco IOS Embedded Event Manager

posted Sep 12, 2014, 8:24 PM by Leszek Pilat   [ updated Sep 12, 2014, 8:27 PM ]

The gadget spec URL could not be found




Overview

Below diagram is representation of EEM system:

Eem.jpg

Event Detectors

The event detectors (sometimes referred to as "event publisher") notifiy the EEM server when an event of interest occurs.

Here is a list of relevant event detectors, and when they are triggered:

  • Command-Line Interface (CLI) Event Detector - triggered when specific command is entered via CLI; uses a regular expression match
  • Enhanced-Object-Tracking Event Detector - Status of tracked object changes
  • Interface-Counter Event Detector - Cisco IOS interface counter for a specific interface crosses a threshold
  • SNMP Event Detector - Poll a SNMP MIB variable, trigger event when variable reaches threshold
  • Syslog Event Detector - regular expression match of a locally generated syslog message
  • Timers Event Detector - timer events including absolute day/time, countdown to zero, or watchdog timer.
  • None Event Detector - "event manager run" CLI command executes an EEM policy

You specify an event using the "event" keyword in (config-applet)# mode.

Actions

Once you have defined your event, you specify some action to take once that event occurs. Some relevant actions:

  • CLI action (run some CLI commads)
  • SYSLOG action (generate syslog)
  • SNMP trap action
  • Reading / setting state of tracked object
  • mail action (send email)
  • Calling another EEM applet

EEM applets may have only 1 event, but multiple actions. Actions are executed in the order of their "labels" (second parameter specified for each action).

Configuration

Configuration is in three parts:

Specify an applet name

(config)# event manager applet memory-fail

Specify an event to match

(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.48.1.1.1.6.1 get-type exact entry-op lt entry-val 5120000 poll-interval 90 

this event triggers when system memory falls below 512MB.

(config-applet)# event syslog pattern "Interface GigabitEthernet0/0, changed state to down" occurs 3

this event triggers when a syslog message that matches the above pattern is generated. Occurs 3 means event happens after 3 occurances of SYSLOG message.

(config-applet)# event cli pattern "write mem.^" sync yes

When CLI pattern i smatched, event is triggered. sync determines if CLI command is executed synchronously (sync=yes) with the EEM actions, or if EEM action is taken and then CLI command is run (sync=no).

(config-applet)# event timer watchdog time 60

EEM action is taken everytime timer expires (and then timer resets). In this case, execute action once every minute.

(config-applet)# event none

When event none is specified, you manually active the EEM applet using the "event manager run" command.

Specify an action to take

CLI action

Essentially opens a VTY session and executes the commands. First action cli item must always be the "enable" command to ensure subsequent commands run at privilege level 15 (no password needs to be specified). If you want to configure something with the CLI action, don't forget the second item must be "config t". You can debug CLI actions with "debug event manager action cli."

Here is an example of a set of CLI actions to clear counters on interface E0/1:

(config-applet)# action 1.0 cli command "enable"
(config-applet)# action 2.0 cli command "clear counters Ethernet0/1" pattern "confirm"
(config-applet)# action 3.0 cli command "y"

The "pattern" keyword as seen in line 2 of above example is used when the output of a command does not return the exec-level prompt (router> or router#). This can happen when output contains more than one page resulting in a " --More--", requires confirmation "[confirm]", or requires additional input (for example a ping with extended options). Specifying a pattern tells IOS to wait for this pattern instead of the exec prompt.SYSLOG action:(config-applet)# action 1.0 syslog priority critical msg "Memory Exhausted; current available memory is $snmp_oid_val bytes."Mail action:(config-applet)# action 2.0 mail server 192.168.1.10 to engineering@example.com from devtest@example.com subject "Memory failure" body "Memory exhausted; current available memory is $_snmp_oid_val bytes"

Verification

Useful EEM commands

#show event manager policy registered
#show event manager history events

Useful EEM debug commands

#debug event manager action cli

Examples

Embedded Event Manager - Interface - No Shut

EEM being used to monitor an interface and perform a "no shut" if the interface state changes to down

event manager applet F0/1
 event syslog pattern "Interface FastEthernet0/1, changed state to down"
 action 1.0 cli command "enable"
 action 1.1 cli command "config terminal"
 action 1.2 cli command "interface fas 0/1"
 action 1.3 cli command "no shut"
 action 9.5 syslog msg "FastEthernet0/1 is UP leveraging EEM"

Embedded Event Manager - Default Route

Here is a EEM Scenario Question:

Provide a solution that provides failover capabilities from the primary link to the backup link and failback capabilities from the backup link to the primary link. You must send a syslog message stating "Failed over to the Backup Link" during failover and a syslog message "Failed Back to the Primary Link" when failing back.

Requirements:

  • You cannot use IP SLA
  • You cannot use dynamic routing on R1
  • You cannot modify the current routing configuration on R2 and R4
  • You cannot use static floating routes on R1

EEM-Routing.png

R1

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
interface Serial1/0
 ip address 10.0.1.1 255.255.255.0
interface Serial1/1
 ip address 10.0.0.1 255.255.255.0

R2

interface FastEthernet0/0
 ip address 192.168.0.2 255.255.255.0
interface Serial1/0
 ip address 10.0.1.2 255.255.255.0
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
ip route 192.168.1.0 255.255.255.0 Serial1/0

R4

interface FastEthernet0/0
 ip address 192.168.0.4 255.255.255.0
interface Serial1/0
 ip address 10.0.0.4 255.255.255.0
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
ip route 192.168.1.0 255.255.255.0 Serial1/0

Give it a try --- Solution Below

Solution

There are many ways to tackle an issue and in this case I choose to leverage object tracking and EEM (Embedded Event Manager provides real-time network event detection and automation)

track 1 interface Serial1/0 line-protocol
ip route 0.0.0.0 0.0.0.0 Serial1/0
event manager applet Primary-Backup
 event syslog pattern "1 interface Se1/0 line-protocol Up->Down"
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/0"
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/1"
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed over to the Backup Link"
event manager applet Backup-Primary
 event syslog pattern "1 interface Se1/0 line-protocol Down->Up"
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/1"
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/0"
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed Back to the Primary Link"

Explanation

track 1 interface Serial1/0 line-protocol - (this tracks the line protocol of the interface, we could have used IP SLA but the requirements prohibited us from doing so)
ip route 0.0.0.0 0.0.0.0 Serial1/0 - (Default route using the primary link)
event manager applet Primary-Backup - (Name of the EEM Applet)
 event syslog pattern "1 interface Se1/0 line-protocol Up->Down" - (Syslog message generated from object tracking 1 configuration")
 action 1.0 cli command "enable" - (command to put the applet into enable mode)
 action 2.0 cli command "configure terminal" - (command to put the applet into global configuration mode)
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/0" - (command to remove the default route pointing to the primary link)
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/1" - (command to add the default route pointing to the backup link)
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed over to Backup Link" - (Create syslog message based on the requirements)
event manager applet Backup-Primary - (Name of the EEM Applet)
 event syslog pattern "1 interface Se1/0 line-protocol Down->Up" - (Syslog message generated from object tracking 1 configuration")
 action 1.0 cli command "enable" - (command to put the applet into enable mode)
 action 2.0 cli command "configure terminal" - (command to put the applet into global configuration mode)
 action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 serial 1/1"   - (command to remove the default route pointing to the backup link)
 action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 serial 1/0"  - (command to add the default route pointing to the primary link)
 action 50.0 cli command "end"
 action 99.0 syslog msg "Failed Back to the Primary Link" - (Create syslog message based on the requirements)

The gadget spec URL could not be found


1-4 of 4