To create a configuration management task for device-level changes
To create a configuration management task for port-level changes
To use the configuration automation tasks
Introduction:
This article is based on the Application Note - Automate the configuration routers for NetFlow export
In order for a Cisco router to export NetFlow records to an Entuity server, you must make some changes to the router's configuration. You can do this via Entuity configuration management.
Two tasks will be used to apply the configuration changes:
- one to make the device-level changes.
- one to make the port-level changes.
Then you can use the configuration automation tasks.
To create a configuration management task for device-level changes:
- Create a new configuration management step, as described in this section.
- in the Name field, enter: Flow export - Device
- in the Description field, enter: Configure flow export at the device level
- in the Context dropdown field, select: device
- in the Script field, enter the following:
// Determine the IP address that the NetFlow records should be exported to
serverIp = param.serverIp; // Obtain the setting provided by the user
if (param.serverIp == "zone") // For zone configurations look up the server IP
serverIp = com.entuity.jnirpc.JNIGenericRPC.getClientAddress(Integer.parseInt(device.devZoneID), false);
// Interact with the device to apply the configuration changes
expect.with
{
if(vendor.equals("9"))
{
sendln "configure terminal"
expect(configPrompt, {})
setDiagnosticLogging false
setLogUser false
sendln "ip flow-export version 5"
expect(configPrompt, {})
sendln "ip flow-export destination " + serverIp + " 9996"
expect(configPrompt, {})
setLogUser true
setDiagnosticLogging true
}
else
{
println "NO VALID METHOD FOR THIS DEVICE"
throw new Exception("no valid method for this device")
}
}
- Once you have saved the step, create a new configuration management task as described in this article, entering the same details in the Name, Description and Context fields, and selecting the step that you created above. Under the Advanced tab, enter the following in the fields:
- Job Timeout (seconds): 300
- Connection Method: use cli access parameters
- Raise Event on Completion: tick
- Collect Diagnostic Data: no tick
- Filter: simple;substringoid(this.sysOid, 6, 7) =="9"
This filter restricts this task to Cisco devices only. - Show on Context Menu: tick
- Show on View Selection: tick
This adds an option to the View context menu that allows you to execute the task on all qualifying devices (i.e., all Cisco devices). - Confirm Execution: no tick
- Selection Limit: 500
This limit is the largest number of devices that can be selected for a single Configuration Management operation.
To create a configuration management task for port-level changes:
- Create a new configuration management step, as described in this section.
- in the Name field, enter: Flow export - Port
- in the Description field, enter: Configure flow export at the port level
- in the Context dropdown field, select: port
- in the Script field, enter the following:
// Interact with the device to apply the configuration changes
expect.with
{
if(vendor.equals("9"))
{
// Obtain a suitable port name for use with the CLI
shortDesc = target.portShortDescr
portIdentifier = shortDesc.substring(2, shortDesc.length() - 2)
// Inkoke the configuration mode
sendln "configure terminal"
expect(configPrompt, {})
// Select the interface
sendln "interface " + portIdentifier
expect(configIfPrompt, {})
// Add one line to the configuration
sendln "ip flow ingress"
expect(configIfPrompt, {})
}
else
{
println "NO VALID METHOD FOR THIS DEVICE"
throw new Exception("no valid method for this device")
}
}
- Once you have saved the step, create a new configuration management task as described in this article, entering the same details in the Name, Description and Context fields, and selecting the step that you created above. Under the Advanced tab, enter the following in the fields:
- Job Timeout (seconds): 300
- Connection Method: use cli access parameters
- Raise Event on Completion: tick
- Collect Diagnostic Data: no tick
- Filter: simple;substringoid(this.ref.device.sysOid, 6, 7) == "9" &&
(portEx(this).portVirtualIndicator == 0)
This filter restricts this task to Cisco devices only, and limits it to ports that are flagged as Physical via the Classification attribute. This avoids any attempt to enter NetFlow commands for virtual ports that do not exist in the CLI configuration. - Show on Context Menu: tick
- Show on View Selection: tick
This adds an option to the View context menu that allows you to execute the task on all qualifying devices (i.e., all Cisco devices). - Confirm Execution: no tick
- Selection Limit: 500
This limit is the largest number of devices that can be selected for a single Configuration Management operation.
To use the configuration automation tasks:
For devices:
- Navigate to the desired device or View.
- Right click to opene the Context Menu. Click Configuration Management and then click Flow export - device (the task you have created above for devices).
- A Parameters for 'Flow export - Device' window will open, prompting you to enter the IP address that the devices will need to be configured to, in order to export flows. If your server is not configured to use zones, you must enter the appropriate IP address before clicking OK. If you are using zones, then leave the setting as 'zone'.
For ports:
- Navigate to the port (or multiselect all the desired ports) on a device and right click to open the Context Menu.
- Click Configuration Management, and click Flow export - port.
Comments
0 comments
Please sign in to leave a comment.