Wildcards in cOS CLI

Post your thoughts and suggestions here!
Post Reply
johnhenriksson
Posts: 21
Joined: 07 Jan 2016, 13:49

Wildcards in cOS CLI

Post by johnhenriksson » 25 Apr 2018, 08:22

I would like a more dynamic CLI. We have very large configurations and sometimes it's frustrating to get the right output from the console. If a customer has 10 of our 150 configured ike SA's and we would like to show these SA's only, it would be nice to just type

Code: Select all

ike -show *CUSTOMER*
and all their SA's would appear.

// John
Friends Don’t Let Friends Build Large L2 Networks

ansj
Posts: 15
Joined: 15 Jul 2016, 08:53

Re: Wildcards in cOS CLI

Post by ansj » 26 Apr 2018, 09:09

Hello,

If the customer has their 10 SA's towards the same remote IP you can show only their SA's by writing the command:

Code: Select all

ike -show <remote endpoint>
When you write you'd like to be able to filter on *CUSTOMER*, do you mean "customer" as a text string?
Should this command then show all SA's that are bound to an interface which name contains the specified text string?
Or do you mean there should be implemented some type of "Customer" field on the IPsec interface where you can enter which customer the tunnel is associated with, which can then be filtered on?

/André

anders s
Posts: 33
Joined: 27 Sep 2011, 14:41

Re: Wildcards in cOS CLI

Post by anders s » 26 Apr 2018, 09:52

I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering

Anton
Posts: 26
Joined: 16 Jun 2016, 18:50
Location: Clavister HQ - Örnsköldsvik

Re: Wildcards in cOS CLI

Post by Anton » 27 Apr 2018, 07:48

Hello John

I understand what you mean, I have created a RFE with ID:COP-20963 to implement wildcard support in the following commands:

Code: Select all

ike -show
ike -show -tunnel=
ipsec -show 
ike -tunnel
ike -delete
ike -connect

@anders s, what do you mean? Do you want to add SA information to the ike -tunnels command?

Best regards
Anton

anders s
Posts: 33
Joined: 27 Sep 2011, 14:41

Re: Wildcards in cOS CLI

Post by anders s » 27 Apr 2018, 16:54

Something like this:

clavister:/> ipsec -show -pattern=*customerA* -includeinactive

--- IPsec SAs for *customerA*:

IPsec Tunnel Local Network Remote Network Remote Endpoint Status
------------------ ------------------ ------------------ ------------------ --------
customerA-sto 10.25.42.0/24 172.16.9.0/24 10.235.233.30 UP
customerA-sto 10.25.42.0/24 172.18.0.0/24 10.235.233.30 DOWN
customerA-got 10.25.42.0/24 172.16.8.0/24 10.193.254.117 DOWN

Thanks for ike -connect btw, I had missed that command

johnhenriksson
Posts: 21
Joined: 07 Jan 2016, 13:49

Re: Wildcards in cOS CLI

Post by johnhenriksson » 04 May 2018, 09:29

Thanks for your response! Yes, I would indeed be able to "filter" the output based on a text pattern in the IPSec tunnel name. And, NO! There should not be a exclusive field in the IPSec object regarding the customer name. We do that in the naming context. I would only like to be able to filter the output from the CLI command.

// John
Friends Don’t Let Friends Build Large L2 Networks

Anton
Posts: 26
Joined: 16 Jun 2016, 18:50
Location: Clavister HQ - Örnsköldsvik

Re: Wildcards in cOS CLI

Post by Anton » 09 May 2018, 15:54

Hi

@anders s

I see your point and a good suggestion. That would be an easy way to see the status of the tunnel and also a way to show the potential SAs that could be created for that tunnel. I have reported this to our developers, development ID: COP-21009.

I also missed the ike -connect for the longest time it's very handy :mrgreen:

@johnhenriksson

We will see what the architects say I do not know how much work that is need to implement such functionality. But I think it would be really nice, it can be a bit frustrating to look up a tunnel if you have a lot of them.

Best regards
Anton

Post Reply