Thursday, July 10, 2014

OP script - look up a vendor mac oui directly from a juniper switch using slax and cURL

I found a couple of cool things in Juniper scripting.

There is the ability to retrieve data over an internet connection using curl. From Juniper - cURL is a tool that uses the libcurl library and permits data transfers using a number of protocols, including FTP, FTPS, HTTP, HTTPS, SCP, and SMTP.

BTW I'm using cURL on an EX switch that is running 12.3R3.4. I didn't see this on 11.4 code.

This got me thinking. Whenever I'm troubleshooting a switch, usually due to some errant device in the network, I have to look up the IEEE Mac OUI address. This entails copying each mac address in the mac table of the script. Then I can go to a website like and paste the MACOUI to retrieve the vendor of the mac. This could be a pain if you had to parse through hundreds of mac addresses.

Luckily, has an API. 

So what if we used the power of curl and scripting to do this for you. Instead of having to open up a separate web browser, have the switch fetch the info over the internet and do it for you.

See the difference below.

user@SWITCH# run show ethernet-switching table                  
Ethernet-switching table: 9 entries, 6 learned, 0 persistent entries
  VLAN             MAC address       Type         Age Interfaces
  v250              *                 Flood          - All-members
  v150              *                 Flood          - All-members
  v150              00:00:05:00:00:00 Learn          0 ge-0/0/47.0
  v150              00:21:59:c7:09:41 Learn          0 ge-0/0/47.0
  v150              00:24:dc:d3:1a:10 Learn          0 ge-0/0/45.0
  v100              *                 Flood          - All-members
  v100              00:00:03:00:00:00 Learn          0 ge-0/0/45.0
  v100              00:24:dc:d3:1a:10 Learn          0 ge-0/0/45.0
  v100              a8:d0:e5:5a:59:08 Learn          0 ge-0/0/45.0

Now as an OP script:

user@SWITCH# run op mac-resolve                   
Vlan           Mac address Interfaces       Age Vendor 
v150  00:00:05:00:00:00 ge-0/0/47.0 0 XEROX CORPORATION
v150  00:21:59:c7:09:41 ge-0/0/47.0 0 Juniper Networks
v150  00:24:dc:d3:1a:10 ge-0/0/45.0 0 Juniper Networks
v100  00:00:03:00:00:00 ge-0/0/45.0 0 XEROX CORPORATION
v100  00:24:dc:d3:1a:10 ge-0/0/45.0 0 Juniper Networks
v100  a8:d0:e5:5a:59:08 ge-0/0/45.0 0 Juniper Networks

Now I can imagine if you really wanted to do some kind of accounting, you could create a Web page of equipment and users in your network. You could create scripts to populate this database. For example, DHCP users would have both their user logins and mac addresses. Then you could build onto this script by extracting the user login and show the user who is connected to the interface above.

The source code

version 1.1;
ns curl extension = "";

ns junos= "*/junos";

ns xnm= "";

ns jcs= "";

import "../import/junos.xsl";

match / {
    <op-script-results> {
        var $mac-info =  <command> "show ethernet-switching table";
        var $mac-table = jcs:invoke($mac-info);
        <output> "Vlan\tMac address\t\tInterfaces\tAge\tVendor ";
        for-each($mac-table//mac-table-entry) {
          if (current()/mac-address != "*") {
        var $test = current()/mac-address;
        var $str = substring ($test,1,8);
          var $url = "" _ $str;
        var $options := {
        <url> $url;
        <method> "get";
        var $curl = curl:open();
        var $results = curl:perform($curl,$options);
        var $int = current()/mac-interfaces-list;
        var $int2 = translate ($int, "\t\n\r", "");
        <output> current()/mac-vlan _"\t" _ current()/mac-address _"\t" _ $int2 
_ "\t"_ current()/mac-age _ "\t"_ $results/raw-data;
        expr curl:close($curl);


No comments:

Post a Comment