We found the 10.0.0.* network!
Combining the previous commands, the entire script would appear as follows:
set mybuffer [exec “show ip interface brief”]
set foundposition [string first “10.0.0.” $mybuffer]
if {$foundposition > -1} {
puts “We found the 10.0.0.* network!”
}
The script is now finished. You can either enter the commands line by line at the Tcl prompt or save the script on the IOS device to be used later.
Copying a Tcl Script to a Cisco IOS Device
Entering Tcl commands on a line-by-line basis is an arduous task. To take advantage of the real power of Tcl, the script needs to reside on the IOS device or server.
You can copy the script to the IOS device in several different ways. Scripts can be trans-ferred using Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), Secure
Chapter 3: Tcl Functioning in Cisco IOS 39
Copy Protocol (SCP), Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS), XModem, Ymodem, Remote File Copy (RCP), or even using “sneaker-net” (copying the script to removable media and walking it to the device).
To transfer scripts to an IOS device, other than sneakernet, a server must be configured to host the file-transfer service. This could be your PC, a UNIX host, or an IOS device that contains the script.
TFTP is one of the more common methods. As previously noted, a TFTP server must first be configured. Several commercial, free, and integrated applications are readily available for most operating systems. It is beyond the scope of this book to provide installation and configuration documentation on file server applications.
After the TFTP server has been set up and configured properly, the procedure to copy the Tcl script to the IOS device (flash:) is as follows:
Router#copy tftp: flash:
Address or name of remote host []? 192.168.1.17 Source filename []? chap3e1.tcl
Destination filename [chap3e1.tcl]? myscript.tcl Accessing tftp://192.168.1.17/chap3e1.tcl...
Loading chap3e1.tcl from 192.168.1.17 (via Tunnel1): ! [OK - 170 bytes]
170 bytes copied in 0.100 secs (1700 bytes/sec)
Caution Be aware, there are no inherent mechanisms within TFTP to validate a login, and the data (script) is sent across the network in clear text. Someone with a packet sniffer could easily capture the information you are retrieving from the TFTP server, or log in to the TFTP server and download data.
FTP provides an alternative to transfer a Tcl script to an IOS device. Many FTP software applications are available. Use the following command on the IOS device to copy a file via FTP, and follow the prompts:
Router#copy ftp: flash:
Although FTP has a mechanism for username and passwords, the information is sent in the clear across the network. Consequently, passwords and data can be easily captured.
A more secure method to transfer a script to an IOS device is using SCP. SCP uses the Secure Shell (SSH) protocol to securely transfer information. Unlike TFTP and FTP, the passwords and actual data transferred during the interactive session are all encrypted. To begin a secure copy, follow the prompts after entering the following command:
Router#copy scp: flash:
Cisco IOS devices also can transfer files using either HTTP or the secure HTTPS protocol.
HTTP is the protocol used by web browsers, and HTTPS builds on top of that protocol by adding security. Follow the prompts after entering the following command on the IOS device:
Router#copy http: (or https:) flash:
After the script has been copied to the IOS device, it can now be executed. Before start-ing the script, you must validate that the script is present, usstart-ing the followstart-ing command:
Router#dir flash:chap3e1.tcl Directory of flash:/chap3e1.tcl
18 -rw- 170 Sep 16 2009 23:56:48 +00:00 chap3e1.tcl
The script is located in the local flash.
To start the script, you must enter Tcl mode and start the script using the source com-mand as follows:
Router(tcl)#source flash:chap3e1.tcl We found the 10.0.0.* network!
The preceding example is interactively running a Tcl interpreter. The Tcl interpreter exists both before the source command is entered and continues to run after the source com-mand finishes. Why is this important? The Tcl script will have access to any variables or procedures that may exist before the Tcl script is “sourced,” and you can examine any variables or procedures left behind by the source command.
For example:
Router(tcl)#puts $foundposition 201
The variable foundpostion did not exist in the running Tcl interpreter until you sourced the Tcl script and created the variable. To get a list of all variables known by the current Tcl interpreter, you can enter the following:
Router(tcl)#info vars
mybuffer tcl_interactive tcl_version sys_type argv argv0 tcl_traceCompile tclDefaultLibrary
foundposition tcl_pkgPath tcl_patchLevel argc tcl_traceExec tcl_platform
Most of the variables are created automatically for you. However, you can see other variables in the list created from the previous script, mybuffer and foundposition. When you exit the Tcl interpreter, these variables will be destroyed and will not persist after the exit, as shown here:
Router(tcl)#exit Router#tclsh
Router(tcl)#info vars
tcl_version sys_type argv argv0 tcl_interactive tclDefaultLibrary tcl_pkgPath tcl_patchLevel argc
tcl_traceExec tcl_platform
Chapter 3: Tcl Functioning in Cisco IOS 41
The preceding examples demonstrated how a Tcl script can be run interactively using the source command. Alternatively, the Tcl script can be run one time and then immediately exit the Tcl interpreter. This could be done to run a more complicated script where you are only interested in the end result and do not want to examine any variables after the script completes. For this reason, IOS provides additional parameters to the tclsh com-mand, similar to what is provided in a UNIX environment:
Router#tclsh flash:chap3e1.tcl We found the 10.0.0.* network!
From the preceding output, you can see that a new Tcl interpreter is started, and it immediately “sourced” the script named flash:chap3e1.tcl and presented the output. In the end, the Tcl interpreter was destroyed when the Tcl script completed.