Using TCL and Macro Ping Scripts for CCIE Lab Reachability Testing
One common problem that causes candidates to fail the CCIE Routing & Switching Lab Exam is the lack of complete IP reachability to various segments used in the network topology. However, due to the short time constraints of the lab exam itself it can be difficult to dedicate enough time to properly verify that reachability exists between all relevant segments. In order to solve this problem two very useful features can be implemented during the lab exam, TCL scripting on the routers and macro scripting on the Catalyst switches.
TCL (Tool Control Language) is a scripting language used extensively by Cisco to facilitate the testing and automating of various functions in the IOS. For example advanced implementations on IOS can go as far as programming a router to send you an email when its interface utilization exceeds the normally defined average. In our case we will be using very basic TCL programming to sequentially run the “ping” command.
Macro scripting on the Catalyst switches is a simple way to define templates of configuration that can be applied globally or to interfaces by issuing a single command. Examples of predefined macros include the “switchport host” command, which enables portfast, sets an interface to access mode, and disabled DTP, and the “auto qos” feature. For our implementation we will be using the macros to run pings commands sequentially.
The first step in configuring a ping script is to collect the IP addresses that will be tested in the topology. There are two simple ways to do this, either through the “show ip interface brief” command or the “show ip alias”. Both of these commands show local IP addresses allocated on the device and any addresses that are being proxied for (i.e. dns proxy or NAT). The “show ip interface brief” output can be filtered through quickly by using the “show ip interface brief | exclude unassigned” command so that only interfaces with IP addresses are listed.
Next we’ll need to copy these addresses into a text editor (i.e. Windows notepad in the CCIE lab exam), and do some basic manipulation. To do so use the column select feature of SecureCRT (the terminal emulator used in the lab exam) by holding down the ALT key and then selecting with your left mouse button. This will minimize the amount of text that we have to sort through. Once you’re done you should have a neat list of addresses in notepad that looks something like this:
192.168.255.1
192.168.255.2
192.168.255.3
192.168.255.4
192.168.255.5
192.168.255.6
192.168.255.7
192.168.255.8
192.168.255.9
192.168.255.10
Next we need to manipulate these addresses for TCL on the routers and macro scripting on the switches. For TCL we are going to define the IP addresses as an array, and then use a “for” loop to run the ping command with the array as its argument. The syntax in IOS 12.4 for this implementation is as follows:
foreach VAR {
192.168.255.1
192.168.255.2
192.168.255.3
192.168.255.4
192.168.255.5
192.168.255.6
192.168.255.7
192.168.255.8
192.168.255.9
192.168.255.10
} { puts [exec "ping $VAR"] }
Specifically we are defining the array “VAR”, which represents the IP addresses, then sending the exec command “ping” with “VAR” as the argument. Now to actually run the script in IOS we first must invoke the TCL shell. This is accomplished with the exec command “tclsh”.
Rack17R1#tclsh
+>
Now paste the script from notepad into the router and it should run the pings:
Rack17R1#tclsh
+>foreach VAR {
+>192.168.255.1
+>192.168.255.2
+>192.168.255.3
+>192.168.255.4
+>192.168.255.5
+>192.168.255.6
+>192.168.255.7
+>192.168.255.8
+>192.168.255.9
+>192.168.255.10
+>} { puts [exec "ping $VAR"] }Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/89 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 140/147/164 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 140/142/144 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/65 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msType escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 msRack17R1(tcl)#
Note that in the above test we can see that the address 192.168.255.8 is unreachable. Once TCL is completed we must now make sure to exit the shell. This can be accomplished with either the “tclquit” command, or simply typing “exit” to leave the exec process. Unless TCL is exited the IOS can have some unexpected behavior, like the below example:
Rack17R1(tcl)#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack17R1(config)#route-map TCL_BREAKS_SET_COMMANDRack17R1(config-route-map)#set local-preference 100
100
Rack17R1(config-route-map)#endRack17R1(tcl)#
*Mar 1 05:45:49.906: %SYS-5-CONFIG_I: Configured from console by console
Rack17R1(tcl)#show run | section route-map
route-map TCL_BREAKS_SET_COMMAND permit 10Rack17R1(tcl)#tclquit
Rack17R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack17R1(config)#route-map SET_FIXED_WITH_TCL_EXITED
Rack17R1(config-route-map)#set local-preference 100
Rack17R1(config-route-map)#end
Rack17R1#
*Mar 1 05:46:28.882: %SYS-5-CONFIG_I: Configured from console by console
Rack17R1#show run | section route-map
route-map TCL_BREAKS_SET_COMMAND permit 10
route-map SET_FIXED_WITH_TCL_EXITED permit 10
set local-preference 100
The above output shows that TCL was invoked, then a global route-map named “TCL_BREAKS_SET_COMMAND” was defined. In this route-map the “set” command was issued. However with TCL still running the “set” command is first interpreted by TCL as an attempt to set an environment variable, instead of sent to the exec process itself. The result is that instead of setting local-preference for the purpose of BGP manipulation we are actually creating a variable named “local-preference” that has a value of 100. Once the “tclquit” command is issued we can see that the next route-map, “SET_FIXED_WITH_TCL_EXITED” successfully uses the set command.
Next for macro scripting on the Catalyst switches we will take the same list of IP addresses used before and prefix them with the commands “do ping”. The resulting list in notepad should look like this:
do ping 192.168.255.1
do ping 192.168.255.2
do ping 192.168.255.3
do ping 192.168.255.4
do ping 192.168.255.5
do ping 192.168.255.6
do ping 192.168.255.7
do ping 192.168.255.8
do ping 192.168.255.9
do ping 192.168.255.10
Next we’ll insert these commands as a sequence in a global macro as follows:
Rack17SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack17SW1(config)#macro name PING_SCRIPT
Enter macro commands one per line. End with the character '@'.
do ping 192.168.255.1
do ping 192.168.255.2
do ping 192.168.255.3
do ping 192.168.255.4
do ping 192.168.255.5
do ping 192.168.255.6
do ping 192.168.255.7
do ping 192.168.255.8
do ping 192.168.255.9
do ping 192.168.255.10
@
Rack17SW1(config)#
We now have a script named “PING_SCRIPT” that can be run from global configuration. To apply the script use the following syntax:
Rack17SW1(config)#macro global apply PING_SCRIPT
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 51/57/59 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 25/30/34 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/89/101 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 83/87/93 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 50/57/59 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 50/57/59 ms
Rack17SW1(config)#
Once you are proficient in this methodology building both the TCL and macro scripts should only take about 2 – 3 minutes in the lab, with another 5 minutes to run them. The resulting time savings versus running manual pings to all segments, and the resulting information on what is reachable and what is not can be the difference between passing and failing the CCIE lab exam.
