Cisco::Regex - Utility to verify basic syntax of Cisco IOS standard and extended IPv4 access-lists.
use Cisco::Regex; my $r = Cisco::Regex->new; my $std_regex = $r->regex('standard'); my $ext_regex = $r->regex('extended'); my $isok = $r->standard($line); my $isok = $r->extended($line); my $isok = $r->auto($line);
Cisco::Regex was made to lint access-lists before sending them to a Cisco IOS device. Only syntax checking is performed; no logical check is even attempted.
Cisco::Regex
my $r = Cisco::Regex->new( debug => 0, addr => $addr_regex, protocol => $protocol_regex, network => $network_regex, port => $port_regex, ports => $ports_regex, )
debug
control ancillary/informational messages being printed.
ADVANCED OPTIONS
addr
replace the built in 'addr' regex with the supplied regex.
protocol
replace the built in 'protocol' regex with the supplied regex.
network
replace the built in 'network' regex with the supplied regex.
port
replace the built in 'port' regex with the supplied regex.
ports
replace the built in 'ports' regex with the supplied regex.
regex
will return a regular expression for matching yourself. Valid arguments are:
returns what an ip address should look like
returns what a protocol should look like
returns what a network statement should look like
returns what port properties should look like
standard
for access-list 1-99 & 1300-1999 syntax matching
extended
for access-list 100-199 & 2000-2699 syntax matching
check the provided line against the 'standard' regex.
check the provided line against the 'extended' regex.
auto
checks if the line matches either a standard or an extended access-list
use strict; use Cisco::Regex; my @std_lines = ('access-list 15 permit 10.0.0.0 0.255.255.255', 'access-list 15 permit 10.0.0.0 0.255.255.255 any', ); for my $line (@std_lines){ my $isok = $r->standard($line); if( $isok ){ print "OK: $line\n"; }else{ print "BAD: $line\n"; } } my @ext_lines = ('access-list 115 permit udp 10.0.0.0 0.255.255.255 eq 5060 any log', 'access-list 115 permit 10.0.0.0 0.255.255.255 any', ); for my $line (@ext_lines){ my $isok = $r->extended($line); if( $isok ){ print "OK: $line\n"; }else{ print "BAD: $line\n"; } } my $acl = 'access-list 2100 permit tcp any 10.0.0.0 0.0.0.255 eq 22'; my $ext_regex = $r->regex('extended'); if( $acl =~ m/$ext_regex/ ){ print "acl looks okay\n"; }
access-list 115 permit ip any any eq http (ip vs tcp)
access-list 115 permit tcp any any eq syslog (tcp vs udp)
access-list 115 permit 10.0.0.0 255.255.255.0 any (vs 0.0.0.255)
Jeremy Kister : http://jeremy.kister.net./
To install Cisco::Regex, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Cisco::Regex
CPAN shell
perl -MCPAN -e shell install Cisco::Regex
For more information on module installation, please visit the detailed CPAN module installation guide.