Algunos scripts en TCL Shell para Cisco

TCL Shell en Cisco IOS XE

The TCL Shell for Cisco IOS has been around since Release 12.3(2)T, so it's been around for quite some time now. Still, it remains a very useful scripting utility in certain scenarios. I do a lot of network migrations or upgrades, so I often need to do multiple tests to make sure that everything that worked before that migration still works after it.

Here you can find the references:

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/ntw-servs/b-network-services/m_nm-script-tcl-xe.html

Ping to different destinations:

One of the simplest scripts you can make, and which is very useful when you have to verify that you reach several destinations, is the following:

tclsh

foreach VAR {
A.A.A.A
B.B.B.B
C.C.C.C
} {ping $VAR}

I think it is a self-descriptive script, for each of the variables that we will introduce after the loop, ping will be executed.

Below I show what output we would see in our switch:

For very easy scripts like the previous one, you can execute the Cisco commands directly, but sometimes you just need to know if the destination is reachable or not, without knowing the RTT and getting a shorter output with just a text (useful when the number of destinations is high). In that case, you cannot run the Cisco commands directly, you have to tell the TCL shell to execute them: You might find useful a script that tells you in text format which pings have failed, as in the following example:

tclsh
foreach VAR {
A.A.A.A
B.B.B.B
C.C.C.C
} { if { [regexp "(!!!)" [exec "ping $VAR  timeout 1" ]] } {puts "$VAR Reachable"} else { puts "$VAR **** failed ***" } }

And this is the outpunt you would find:

Ping sweep on a IP range

It may also be useful to do a sweep through a range of IPs. In this case, I want to ping from 10.2.10.1 to 10.2.10.5 and verify which of those IPs are currently in use:

tclsh
for {set D 1} {$D <= 10} {incr D} {
set var A.B.C.
append var $D
ping $var rep 3 time 1}

Using more than one variable:

What if you need to have more than a variable? For instance, you are behind a firewall and you want to verify which subnets are allowed to reach to certain destinations (we are assuming you are only trying to test icmp, no other protocols). 

In this case, you need to do nested loops, and you cannot execute Cisco IOS or IOS XE commands directly. You need to to execute the Cisco command preceded with "exe". One example could be as follows:

tclsh
set origenes {"Eth0/0" "Vlan 5" }
set destinos {"10.3.10.2" "9.9.9.9"}
foreach origen $origenes {
  foreach destino $destinos {
    set comando "ping $destino source $origen repeat 3"
    set resultado [exec $comando]
    puts "Resultado del ping desde $origen a $destino:\n$resultado\n"}}

I hope this helps