Code: Select all
ike -show *CUSTOMER*// John
Wildcards in cOS CLI
-
johnhenriksson
- Posts: 21
- Joined: 07 Jan 2016, 13:49
Wildcards in cOS CLI
I would like a more dynamic CLI. We have very large configurations and sometimes it's frustrating to get the right output from the console. If a customer has 10 of our 150 configured ike SA's and we would like to show these SA's only, it would be nice to just type and all their SA's would appear.
// John
// John
Friends Don’t Let Friends Build Large L2 Networks
Re: Wildcards in cOS CLI
Hello,
If the customer has their 10 SA's towards the same remote IP you can show only their SA's by writing the command:
When you write you'd like to be able to filter on *CUSTOMER*, do you mean "customer" as a text string?
Should this command then show all SA's that are bound to an interface which name contains the specified text string?
Or do you mean there should be implemented some type of "Customer" field on the IPsec interface where you can enter which customer the tunnel is associated with, which can then be filtered on?
/André
If the customer has their 10 SA's towards the same remote IP you can show only their SA's by writing the command:
Code: Select all
ike -show <remote endpoint>Should this command then show all SA's that are bound to an interface which name contains the specified text string?
Or do you mean there should be implemented some type of "Customer" field on the IPsec interface where you can enter which customer the tunnel is associated with, which can then be filtered on?
/André
Re: Wildcards in cOS CLI
I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering
Re: Wildcards in cOS CLI
Hello John
I understand what you mean, I have created a RFE with ID:COP-20963 to implement wildcard support in the following commands:
@anders s, what do you mean? Do you want to add SA information to the ike -tunnels command?
Best regards
Anton
I understand what you mean, I have created a RFE with ID:COP-20963 to implement wildcard support in the following commands:
Code: Select all
ike -show
ike -show -tunnel=
ipsec -show
ike -tunnel
ike -delete
ike -connect
@anders s, what do you mean? Do you want to add SA information to the ike -tunnels command?
Best regards
Anton
Re: Wildcards in cOS CLI
Something like this:
clavister:/> ipsec -show -pattern=*customerA* -includeinactive
--- IPsec SAs for *customerA*:
IPsec Tunnel Local Network Remote Network Remote Endpoint Status
------------------ ------------------ ------------------ ------------------ --------
customerA-sto 10.25.42.0/24 172.16.9.0/24 10.235.233.30 UP
customerA-sto 10.25.42.0/24 172.18.0.0/24 10.235.233.30 DOWN
customerA-got 10.25.42.0/24 172.16.8.0/24 10.193.254.117 DOWN
Thanks for ike -connect btw, I had missed that command
clavister:/> ipsec -show -pattern=*customerA* -includeinactive
--- IPsec SAs for *customerA*:
IPsec Tunnel Local Network Remote Network Remote Endpoint Status
------------------ ------------------ ------------------ ------------------ --------
customerA-sto 10.25.42.0/24 172.16.9.0/24 10.235.233.30 UP
customerA-sto 10.25.42.0/24 172.18.0.0/24 10.235.233.30 DOWN
customerA-got 10.25.42.0/24 172.16.8.0/24 10.193.254.117 DOWN
Thanks for ike -connect btw, I had missed that command
-
johnhenriksson
- Posts: 21
- Joined: 07 Jan 2016, 13:49
Re: Wildcards in cOS CLI
Thanks for your response! Yes, I would indeed be able to "filter" the output based on a text pattern in the IPSec tunnel name. And, NO! There should not be a exclusive field in the IPSec object regarding the customer name. We do that in the naming context. I would only like to be able to filter the output from the CLI command.
// John
// John
Friends Don’t Let Friends Build Large L2 Networks
Re: Wildcards in cOS CLI
Hi
@anders s
I see your point and a good suggestion. That would be an easy way to see the status of the tunnel and also a way to show the potential SAs that could be created for that tunnel. I have reported this to our developers, development ID: COP-21009.
I also missed the ike -connect for the longest time it's very handy
@johnhenriksson
We will see what the architects say I do not know how much work that is need to implement such functionality. But I think it would be really nice, it can be a bit frustrating to look up a tunnel if you have a lot of them.
Best regards
Anton
@anders s
I see your point and a good suggestion. That would be an easy way to see the status of the tunnel and also a way to show the potential SAs that could be created for that tunnel. I have reported this to our developers, development ID: COP-21009.
I also missed the ike -connect for the longest time it's very handy
@johnhenriksson
We will see what the architects say I do not know how much work that is need to implement such functionality. But I think it would be really nice, it can be a bit frustrating to look up a tunnel if you have a lot of them.
Best regards
Anton