I have to check the access-lists in over 200 devices then compare the new and old access-lists. I used Cisco Mass Configurator to get me the access-lists so I don't have to log in to each devices. I want to split the result (from Cisco Mass Configurator) so it will only show me the access-lists of each device without other sentences. Below is just an example of the result. The actual result is way longer than this.
Getting NetBox devices and writing summary files ... Time: 17.27 secs
Rendering config for devices ... Time: 0.01 secs
Generating testbed using NetBox data ... Time: 0.00 secs
!!!-------------------- WARNING --------------------!!! You are about to configure the following:
========================================= do more abcconfig.old | s ip access-list extended TEST do more abcconfig.old | s ip access-list extended TRY
========================================= Please check output/device_configurations.txt for the rendered configuration for each device. Do you really want to automatically configure the 4 devices listed in the output/device_list.txt file? Automatic saving: disabled Configuration of unsaved config: enabled Continue? [y/n]
Device: 1/4 | abcatlinr1
2022-12-12 13:00:53,762: %UNICON-INFO: +++ Unicon plugin iosxe (unicon.plugins.iosxe) +++ Warning: Permanently added '50.50.50.50' (RSA) to the list of known hosts.
2022-12-12 13:00:53,950: %UNICON-INFO: +++ connection to spawn: ssh -l qwerty 50.50.50.50 -p 22, id: 123456789101112 +++
2022-12-12 13:00:53,952: %UNICON-INFO: connection to abcatlinr1
################### Authorised access only #################
#---------This system is the property of abc----------#
#-Disconnect IMMEDIATELY if you are not an authorised user-#
#-----Contact soc@abc.com +12-345-489101 for help-----#
############################################################ Password: abcatlinr1#
2022-12-12 13:00:54,505: %UNICON-INFO: +++ initializing handle +++
2022-12-12 13:00:54,578: %UNICON-INFO: +++ abcatlinr1 with via 'cli': executing command 'term length 0' +++ term length 0 abcatlinr1#
2022-12-12 13:00:55,118: %UNICON-INFO: +++ abcatlinr1 with via 'cli': executing command 'term width 0' +++ term width 0 abcatlinr1#
2022-12-12 13:00:55,560: %UNICON-INFO: +++ abcatlinr1 with via 'cli': configure +++ config term Enter configuration commands, one per line. End with CNTL/Z.
abcatlinr1(config)#do more abcconfig.old | s ip access-list extended TEST
ip access-list extended TEST
10 permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
20 permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
30 permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
40 permit ip object-group BBB-MON object-group AAA-MON
50 permit ip 10.10.10.0 0.0.0.31 172.16.1.0 0.0.0.255
440 deny ip any any
abcatlinr1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
10 permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
15 permit object-group WARP-ports object-group LOCAL-LAN object-group WARP-extern
26 permit tcp host 172.16.2.0 any eq 443
30 permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
40 permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
100 deny ip any any
Device: 2/4 | abcbezanr1
2022-12-12 13:00:56,218: %UNICON-INFO: +++ Unicon plugin ios (unicon.plugins.ios) +++ Warning: Permanently added '50.50.50.60' (RSA) to the list of known hosts.
2022-12-12 13:00:57,743: %UNICON-INFO: +++ connection to spawn: ssh -l qwerty 50.50.50.60 -p 22, id: 345678910111213 +++
2022-12-12 13:00:57,743: %UNICON-INFO: connection to abcbezanr1
################### Authorised access only #################
#---------This system is the property of abc----------#
#-Disconnect IMMEDIATELY if you are not an authorised user-#
#-----Contact soc@abc.com +12-345-489101 for help-----#
############################################################ Password: abcbezanr1#
2022-12-12 13:00:58,463: %UNICON-INFO: +++ initializing handle +++
2022-12-12 13:00:58,532: %UNICON-INFO: +++ abcbezanr1 with via 'cli': executing command 'term length 0' +++ term length 0 abcbezanr1#
2022-12-12 13:00:59,032: %UNICON-INFO: +++ abcbezanr1 with via 'cli': executing command 'term width 0' +++ term width 0 abcbezanr1#
2022-12-12 13:00:59,527: %UNICON-INFO: +++ abcbezanr1 with via 'cli': configure +++ config term Enter configuration commands, one per line. End with CNTL/Z.
abcbezanr1(config)#do more abcconfig.old | s ip access-list extended TEST
abcbezanr1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
permit ip object-group BBB-MON object-group AAA-MON
permit tcp 172.16.30.0 0.0.0.255 host 10.10.1.110 eq 443
deny ip any any log
Device: 3/4 | abcbrguar1
2022-12-12 13:01:00,400: %UNICON-INFO: +++ Unicon plugin ios (unicon.plugins.ios) +++ Warning: Permanently added '50.50.50.70' (RSA) to the list of known hosts.
2022-12-12 13:01:01,810: %UNICON-INFO: +++ connection to spawn: ssh -l qwerty 50.50.50.70 -p 22, id: 567891011121314 +++
2022-12-12 13:01:01,811: %UNICON-INFO: connection to abcbrguar1
################### Authorised access only #################
#---------This system is the property of abc----------#
#-Disconnect IMMEDIATELY if you are not an authorised user-#
#-----Contact soc@abc.com +12-345-489101 for help-----#
############################################################ Password:
abcbrguar1#
2022-12-12 13:01:05,087: %UNICON-INFO: +++ initializing handle +++
2022-12-12 13:01:05,161: %UNICON-INFO: +++ abcbrguar1 with via 'cli': executing command 'term length 0' +++ term length 0 abcbrguar1#
2022-12-12 13:01:06,270: %UNICON-INFO: +++ abcbrguar1 with via 'cli': executing command 'term width 0' +++ term width 0 abcbrguar1#
2022-12-12 13:01:07,256: %UNICON-INFO: +++ abcbrguar1 with via 'cli': configure +++ config term Enter configuration commands, one per line. End with CNTL/Z.
abcbrguar1(config)#do more abcconfig.old | s ip access-list extended TEST
abcbrguar1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit ip object-group BBB-MON object-group AAA-MON
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-USWA-SERVER
permit ip 172.16.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
deny ip any any log
Device: 4/4 | abcbrguar2
2022-12-12 13:01:10,435: %UNICON-INFO: +++ Unicon plugin ios (unicon.plugins.ios) +++ Warning: Permanently added '50.50.50.80' (RSA) to the list of known hosts.
2022-12-12 13:01:11,891: %UNICON-INFO: +++ connection to spawn: ssh -l qwerty 50.50.50.80 -p 22, id: 789101112131415 +++
2022-12-12 13:01:11,892: %UNICON-INFO: connection to abcbrguar2
################### Authorised access only #################
#---------This system is the property of abc----------#
#-Disconnect IMMEDIATELY if you are not an authorised user-#
#-----Contact soc@abc.com +12-345-489101 for help-----#
############################################################ Password:
abcbrguar2#
2022-12-12 13:01:15,086: %UNICON-INFO: +++ initializing handle +++
2022-12-12 13:01:15,156: %UNICON-INFO: +++ abcbrguar2 with via 'cli': executing command 'term length 0' +++ term length 0 abcbrguar2#
2022-12-12 13:01:16,146: %UNICON-INFO: +++ abcbrguar2 with via 'cli': executing command 'term width 0' +++ term width 0 abcbrguar2#
2022-12-12 13:01:17,138: %UNICON-INFO: +++ abcbrguar2 with via 'cli': configure +++ config term Enter configuration commands, one per line. End with CNTL/Z.
abcbrguar2(config)#do more abcconfig.old | s ip access-list extended TEST
abcbrguar2(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit ip object-group BBB-MON object-group AAA-MON
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-USWA-SERVER
permit eigrp host 172.16.1.2 host 224.0.0.10
permit ip 172.16.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
deny ip any any log
This is the result I want to get:
qwerty@servername:~/access-list$ cat xx000
abcatlinr1(config)#do more abcconfig.old | s ip access-list extended TEST
ip access-list extended TEST
10 permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
20 permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
30 permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
40 permit ip object-group BBB-MON object-group AAA-MON
50 permit ip 10.10.10.0 0.0.0.31 172.16.1.0 0.0.0.255
440 deny ip any any
abcatlinr1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
10 permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
15 permit object-group WARP-ports object-group LOCAL-LAN object-group WARP-extern
26 permit tcp host 172.16.2.0 any eq 443
30 permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
40 permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
100 deny ip any any
qwerty@servername:~/access-list$ cat xx001
abcbezanr1(config)#do more abcconfig.old | s ip access-list extended TEST
abcbezanr1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
permit ip object-group BBB-MON object-group AAA-MON
permit tcp 172.16.30.0 0.0.0.255 host 10.10.1.110 eq 443
deny ip any any log
qwerty@servername:~/access-list$ cat xx002
abcbrguar1(config)#do more abcconfig.old | s ip access-list extended TEST
abcbrguar1(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-SERVER log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit ip object-group BBB-MON object-group AAA-MON
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-USWA-SERVER
permit ip 172.16.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
deny ip any any log
qwerty@servername:~/access-list$ cat xx003
abcbrguar2(config)#do more abcconfig.old | s ip access-list extended TEST
abcbrguar2(config)#do more abcconfig.old | s ip access-list extended TRY
ip access-list extended TRY
permit object-group Zscaler-ports object-group LOCAL-LAN object-group Zscaler-extern
permit object-group MSTeams-udp object-group LOCAL-LAN object-group MSTeams-ranges-udp log
permit object-group MSTeams-tcp object-group LOCAL-LAN object-group MSTeams-ranges-tcp log
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-VOICE-SERVER
permit object-group AAA-VOICE-CLIENT-PORTS object-group LOCAL-LAN object-group AAA-VOICE-CLIENT
permit ip object-group BBB-MON object-group AAA-MON
permit object-group AAA-SERVER-PORTS object-group LOCAL-LAN object-group AAA-USWA-SERVER
permit eigrp host 172.16.1.2 host 224.0.0.10
permit ip 172.16.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
deny ip any any log
I'm doing it using MTPuTTY, saved the file as access-list.txt.
I notice that config term and Password is a pattern, so I tried to do the following:
csplit access-list.txt '\config term\'
csplit access-list.txt '\config\'
csplit access-list.txt '\config term.*\'
csplit access-list.txt '\.*config term.*\'
csplit access-list.txt '\Password:\'
csplit access-list.txt '\.*Password:.*\'
but got an error csplit: \config term\: invalid pattern
When I checked the hexadecimal using hexdump -C access-list.txt I got the hexadecimal result, so there's no error on text itself.
Could anyone please help me with this? Thank you! :)
