Page 1 of 1

Wildcards in cOS CLI

Posted: 25 Apr 2018, 08:22
by johnhenriksson
I would like a more dynamic CLI. We have very large configurations and sometimes it's frustrating to get the right output from the console. If a customer has 10 of our 150 configured ike SA's and we would like to show these SA's only, it would be nice to just type

Code: Select all

ike -show *CUSTOMER*
and all their SA's would appear.

// John

Re: Wildcards in cOS CLI

Posted: 26 Apr 2018, 09:09
by ansj
Hello,

If the customer has their 10 SA's towards the same remote IP you can show only their SA's by writing the command:

Code: Select all

ike -show <remote endpoint>
When you write you'd like to be able to filter on *CUSTOMER*, do you mean "customer" as a text string?
Should this command then show all SA's that are bound to an interface which name contains the specified text string?
Or do you mean there should be implemented some type of "Customer" field on the IPsec interface where you can enter which customer the tunnel is associated with, which can then be filtered on?

/André

Re: Wildcards in cOS CLI

Posted: 26 Apr 2018, 09:52
by anders s
I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering

Re: Wildcards in cOS CLI

Posted: 27 Apr 2018, 07:48
by Anton
Hello John

I understand what you mean, I have created a RFE with ID:COP-20963 to implement wildcard support in the following commands:

Code: Select all

ike -show
ike -show -tunnel=
ipsec -show 
ike -tunnel
ike -delete
ike -connect

@anders s, what do you mean? Do you want to add SA information to the ike -tunnels command?

Best regards
Anton

Re: Wildcards in cOS CLI

Posted: 27 Apr 2018, 16:54
by anders s
Something like this:

clavister:/> ipsec -show -pattern=*customerA* -includeinactive

--- IPsec SAs for *customerA*:

IPsec Tunnel Local Network Remote Network Remote Endpoint Status
------------------ ------------------ ------------------ ------------------ --------
customerA-sto 10.25.42.0/24 172.16.9.0/24 10.235.233.30 UP
customerA-sto 10.25.42.0/24 172.18.0.0/24 10.235.233.30 DOWN
customerA-got 10.25.42.0/24 172.16.8.0/24 10.193.254.117 DOWN

Thanks for ike -connect btw, I had missed that command

Re: Wildcards in cOS CLI

Posted: 04 May 2018, 09:29
by johnhenriksson
Thanks for your response! Yes, I would indeed be able to "filter" the output based on a text pattern in the IPSec tunnel name. And, NO! There should not be a exclusive field in the IPSec object regarding the customer name. We do that in the naming context. I would only like to be able to filter the output from the CLI command.

// John

Re: Wildcards in cOS CLI

Posted: 09 May 2018, 15:54
by Anton
Hi

@anders s

I see your point and a good suggestion. That would be an easy way to see the status of the tunnel and also a way to show the potential SAs that could be created for that tunnel. I have reported this to our developers, development ID: COP-21009.

I also missed the ike -connect for the longest time it's very handy :mrgreen:

@johnhenriksson

We will see what the architects say I do not know how much work that is need to implement such functionality. But I think it would be really nice, it can be a bit frustrating to look up a tunnel if you have a lot of them.

Best regards
Anton