{ "cells": [ { "cell_type": "code", "execution_count": 1, "metadata": { "nbsphinx": "hidden" }, "outputs": [], "source": [ "import pandas as pd\n", "from pybatfish.client.session import Session\n", "from pybatfish.datamodel import *\n", "\n", "pd.set_option(\"display.width\", 300) \n", "pd.set_option(\"display.max_columns\", 30) \n", "pd.set_option(\"display.max_rows\", 1000) \n", "pd.set_option(\"display.max_colwidth\", None)\n", "\n", "# Configure all pybatfish loggers to use WARN level\n", "import logging\n", "logging.getLogger('pybatfish').setLevel(logging.WARN)" ] }, { "cell_type": "code", "execution_count": 2, "metadata": { "nbsphinx": "hidden" }, "outputs": [], "source": [ "bf = Session(host=\"localhost\")\n", "\n" ] }, { "cell_type": "markdown", "id": "01087c68", "metadata": {}, "source": [ "#### Access-lists and firewall rules" ] }, { "cell_type": "markdown", "id": "0d58267b", "metadata": {}, "source": [ "This category of questions allows you to analyze the behavior of access\n", "control lists and firewall rules. It also allows you to comprehensively\n", "validate (aka verification) that some traffic is or is not allowed.\n" ] }, { "cell_type": "markdown", "id": "19c77e59", "metadata": {}, "source": [ "* [Filter Line Reachability](#Filter-Line-Reachability)\n", "* [Search Filters](#Search-Filters)\n", "* [Test Filters](#Test-Filters)\n", "* [Find Matching Filter Lines](#Find-Matching-Filter-Lines)\n", "* [Check SNMP Community Clients](#Check-SNMP-Community-Clients)" ] }, { "cell_type": "code", "execution_count": 3, "id": "13427288", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 3, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 4, "id": "b5e31d9d", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 4, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('generate_questions')" ] }, { "cell_type": "markdown", "id": "9f33e677", "metadata": {}, "source": [ "##### Filter Line Reachability" ] }, { "cell_type": "markdown", "id": "0ccc12b4", "metadata": {}, "source": [ "Returns unreachable lines in filters (ACLs and firewall rules)." ] }, { "cell_type": "markdown", "id": "250dc870", "metadata": {}, "source": [ "Finds all lines in the specified filters that will not match any packet, either because of being shadowed by prior lines or because of its match condition being empty." ] }, { "cell_type": "markdown", "id": "b79fa0e1", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "id": "178ca5a4", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Examine filters on nodes matching this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "filters | Specifier for filters to test. | [FilterSpec](../specifiers.md#filter-specifier) | True | \n", "ignoreComposites | Whether to ignore filters that are composed of multiple filters defined in the configs. | bool | True | False" ] }, { "cell_type": "markdown", "id": "6b4b8e8c", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 5, "id": "1afb524b", "metadata": {}, "outputs": [], "source": [ "result = bf.q.filterLineReachability().answer().frame()" ] }, { "cell_type": "markdown", "id": "5c3edbd1", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "id": "0a58813b", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Sources | Filter sources | List of str\n", "Unreachable_Line | Filter line that cannot be matched (i.e., unreachable) | str\n", "Unreachable_Line_Action | Action performed by the unreachable line (e.g., PERMIT or DENY) | str\n", "Blocking_Lines | Lines that, when combined, cover the unreachable line | List of str\n", "Different_Action | Whether unreachable line has an action different from the blocking line(s) | bool\n", "Reason | The reason a line is unreachable | str\n", "Additional_Info | Additional information | str" ] }, { "cell_type": "markdown", "id": "00a98d74", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 6, "id": "365e1dd9", "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
SourcesUnreachable_LineUnreachable_Line_ActionBlocking_LinesDifferent_ActionReasonAdditional_Info
0['as2dept1: RESTRICT_HOST_TRAFFIC_OUT']deny ip 1.128.0.0 0.0.255.255 2.128.0.0 0.0.255.255DENY['permit ip any 2.128.0.0 0.0.255.255']TrueBLOCKING_LINESNone
1['as2dept1: RESTRICT_HOST_TRAFFIC_IN']permit icmp any anyPERMIT['deny ip any any']TrueBLOCKING_LINESNone
\n", "
" ], "text/plain": [ " Sources Unreachable_Line Unreachable_Line_Action Blocking_Lines Different_Action Reason Additional_Info\n", "0 ['as2dept1: RESTRICT_HOST_TRAFFIC_OUT'] deny ip 1.128.0.0 0.0.255.255 2.128.0.0 0.0.255.255 DENY ['permit ip any 2.128.0.0 0.0.255.255'] True BLOCKING_LINES None\n", "1 ['as2dept1: RESTRICT_HOST_TRAFFIC_IN'] permit icmp any any PERMIT ['deny ip any any'] True BLOCKING_LINES None" ] }, "execution_count": 6, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "id": "c4434b9c", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 7, "id": "9d41af77", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Sources ['as2dept1: RESTRICT_HOST_TRAFFIC_OUT']\n", "Unreachable_Line deny ip 1.128.0.0 0.0.255.255 2.128.0.0 0.0.255.255\n", "Unreachable_Line_Action DENY\n", "Blocking_Lines ['permit ip any 2.128.0.0 0.0.255.255']\n", "Different_Action True\n", "Reason BLOCKING_LINES\n", "Additional_Info None\n", "Name: 0, dtype: object" ] }, "execution_count": 7, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] }, { "cell_type": "code", "execution_count": 8, "id": "6b17d16a", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 8, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 9, "id": "5dda3b3c", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'filters'" ] }, "execution_count": 9, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('filters')" ] }, { "cell_type": "markdown", "id": "f1ce4d42", "metadata": {}, "source": [ "##### Search Filters" ] }, { "cell_type": "markdown", "id": "54293b1e", "metadata": {}, "source": [ "Finds flows for which a filter takes a particular behavior." ] }, { "cell_type": "markdown", "id": "36272988", "metadata": {}, "source": [ "This question searches for flows for which a filter (access control list) has a particular behavior. The behaviors can be: that the filter permits the flow (`permit`), that it denies the flow (`deny`), or that the flow is matched by a particular line (`matchLine `). Filters are selected using node and filter specifiers, which might match multiple filters. In this case, a (possibly different) flow will be found for each filter." ] }, { "cell_type": "markdown", "id": "90e30aaa", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "id": "db0aebd2", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Only evaluate filters present on nodes matching this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "filters | Only evaluate filters that match this specifier. | [FilterSpec](../specifiers.md#filter-specifier) | True | \n", "headers | Packet header constraints on the flows being searched. | [HeaderConstraints](../datamodel.rst#pybatfish.datamodel.flow.HeaderConstraints) | True | \n", "action | The behavior that you want evaluated. Specify exactly one of `permit`, `deny`, or `matchLine `. | str | True | \n", "startLocation | Only consider specified locations as possible sources. | [LocationSpec](../specifiers.md#location-specifier) | True | \n", "invertSearch | Search for packet headers outside the specified headerspace, rather than inside the space. | bool | True | " ] }, { "cell_type": "markdown", "id": "dbe1cc8b", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 10, "id": "eb50e9f2", "metadata": {}, "outputs": [], "source": [ "result = bf.q.searchFilters(headers=HeaderConstraints(srcIps='10.10.10.0/24', dstIps='218.8.104.58', applications = ['dns']), action='deny', filters='acl_in').answer().frame()" ] }, { "cell_type": "markdown", "id": "6dbdd1b8", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "id": "1e8d99b3", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Node | Node | str\n", "Filter_Name | Filter name | str\n", "Flow | Evaluated flow | [Flow](../datamodel.rst#pybatfish.datamodel.flow.Flow)\n", "Action | Outcome | str\n", "Line_Content | Line content | str\n", "Trace | ACL trace | List of [TraceTree](../datamodel.rst#pybatfish.datamodel.acl.TraceTree)" ] }, { "cell_type": "markdown", "id": "2a55389e", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 11, "id": "e689cdaa", "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
NodeFilter_NameFlowActionLine_ContentTrace
0rtr-with-aclacl_instart=rtr-with-acl [10.10.10.42:49152->218.8.104.58:53 UDP]DENY460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain- Matched line 460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain
\n", "
" ], "text/plain": [ " Node Filter_Name Flow Action Line_Content Trace\n", "0 rtr-with-acl acl_in start=rtr-with-acl [10.10.10.42:49152->218.8.104.58:53 UDP] DENY 460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain - Matched line 460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain" ] }, "execution_count": 11, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "id": "484fcf61", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 12, "id": "34ec9af4", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Node rtr-with-acl\n", "Filter_Name acl_in\n", "Flow start=rtr-with-acl [10.10.10.42:49152->218.8.104.58:53 UDP]\n", "Action DENY\n", "Line_Content 460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain\n", "Trace - Matched line 460 deny udp 10.10.10.42/32 218.8.104.58/32 eq domain\n", "Name: 0, dtype: object" ] }, "execution_count": 12, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] }, { "cell_type": "code", "execution_count": 13, "id": "db94917a", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 14, "id": "10910744", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'filters'" ] }, "execution_count": 14, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('filters')" ] }, { "cell_type": "markdown", "id": "d4f813da", "metadata": {}, "source": [ "##### Test Filters" ] }, { "cell_type": "markdown", "id": "2ddcba0b", "metadata": {}, "source": [ "Returns how a flow is processed by a filter (ACLs, firewall rules)." ] }, { "cell_type": "markdown", "id": "057e68da", "metadata": {}, "source": [ "Shows how the specified flow is processed through the specified filters, returning its permit/deny status as well as the line(s) it matched." ] }, { "cell_type": "markdown", "id": "6b744835", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "id": "15df0ae8", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Only examine filters on nodes matching this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "filters | Only consider filters that match this specifier. | [FilterSpec](../specifiers.md#filter-specifier) | True | \n", "headers | Packet header constraints. | [HeaderConstraints](../datamodel.rst#pybatfish.datamodel.flow.HeaderConstraints) | False | \n", "startLocation | Location to start tracing from. | [LocationSpec](../specifiers.md#location-specifier) | True | " ] }, { "cell_type": "markdown", "id": "28749751", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 15, "id": "9a617358", "metadata": {}, "outputs": [], "source": [ "result = bf.q.testFilters(headers=HeaderConstraints(srcIps='10.10.10.1', dstIps='218.8.104.58', applications = ['dns']), nodes='rtr-with-acl', filters='acl_in').answer().frame()" ] }, { "cell_type": "markdown", "id": "53a1c888", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "id": "938c9fa1", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Node | Node | str\n", "Filter_Name | Filter name | str\n", "Flow | Evaluated flow | [Flow](../datamodel.rst#pybatfish.datamodel.flow.Flow)\n", "Action | Outcome | str\n", "Line_Content | Line content | str\n", "Trace | ACL trace | List of [TraceTree](../datamodel.rst#pybatfish.datamodel.acl.TraceTree)" ] }, { "cell_type": "markdown", "id": "64334179", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 16, "id": "46befd06", "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
NodeFilter_NameFlowActionLine_ContentTrace
0rtr-with-aclacl_instart=rtr-with-acl [10.10.10.1:49152->218.8.104.58:53 UDP]PERMIT660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain- Matched line 660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain
\n", "
" ], "text/plain": [ " Node Filter_Name Flow Action Line_Content Trace\n", "0 rtr-with-acl acl_in start=rtr-with-acl [10.10.10.1:49152->218.8.104.58:53 UDP] PERMIT 660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain - Matched line 660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain" ] }, "execution_count": 16, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "id": "7dfe379b", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 17, "id": "32b2f654", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Node rtr-with-acl\n", "Filter_Name acl_in\n", "Flow start=rtr-with-acl [10.10.10.1:49152->218.8.104.58:53 UDP]\n", "Action PERMIT\n", "Line_Content 660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain\n", "Trace - Matched line 660 permit udp 10.10.10.0/24 218.8.104.58/32 eq domain\n", "Name: 0, dtype: object" ] }, "execution_count": 17, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] }, { "cell_type": "code", "execution_count": 18, "id": "df581957", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 18, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 19, "id": "5d500612", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 19, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('generate_questions')" ] }, { "cell_type": "markdown", "id": "3d77bf7a", "metadata": {}, "source": [ "##### Find Matching Filter Lines" ] }, { "cell_type": "markdown", "id": "89ec4150", "metadata": {}, "source": [ "Returns lines in filters (ACLs and firewall rules) that match any packet within the specified header constraints." ] }, { "cell_type": "markdown", "id": "cdf79928", "metadata": {}, "source": [ "Finds all lines in the specified filters that match any packet within the specified header constraints." ] }, { "cell_type": "markdown", "id": "68dee739", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "id": "1460424a", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Examine filters on nodes matching this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "filters | Specifier for filters to check. | [FilterSpec](../specifiers.md#filter-specifier) | True | \n", "headers | Packet header constraints for which to find matching filter lines. | [HeaderConstraints](../datamodel.rst#pybatfish.datamodel.flow.HeaderConstraints) | True | \n", "action | Show filter lines with this action. By default returns lines with either action. | str | True | \n", "ignoreComposites | Whether to ignore filters that are composed of multiple filters defined in the configs. | bool | True | False" ] }, { "cell_type": "markdown", "id": "688a6944", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 20, "id": "22105b27", "metadata": {}, "outputs": [], "source": [ "result = bf.q.findMatchingFilterLines(headers=HeaderConstraints(applications='DNS')).answer().frame()" ] }, { "cell_type": "markdown", "id": "b278ed03", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "id": "886e21e5", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Node | Node | str\n", "Filter | Filter name | str\n", "Line | Line text | str\n", "Line_Index | Index of line | int\n", "Action | Action performed by the line (e.g., PERMIT or DENY) | str" ] }, { "cell_type": "markdown", "id": "7da9c32c", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 21, "id": "3736b09e", "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
NodeFilterLineLine_IndexAction
0as1border1101permit ip host 1.0.1.0 host 255.255.255.00PERMIT
1as1border1101permit ip host 1.0.2.0 host 255.255.255.01PERMIT
2as1border1102permit ip host 2.0.0.0 host 255.0.0.00PERMIT
3as1border1102permit ip host 2.128.0.0 host 255.255.0.01PERMIT
4as1border1103permit ip host 3.0.1.0 host 255.255.255.00PERMIT
\n", "
" ], "text/plain": [ " Node Filter Line Line_Index Action\n", "0 as1border1 101 permit ip host 1.0.1.0 host 255.255.255.0 0 PERMIT\n", "1 as1border1 101 permit ip host 1.0.2.0 host 255.255.255.0 1 PERMIT\n", "2 as1border1 102 permit ip host 2.0.0.0 host 255.0.0.0 0 PERMIT\n", "3 as1border1 102 permit ip host 2.128.0.0 host 255.255.0.0 1 PERMIT\n", "4 as1border1 103 permit ip host 3.0.1.0 host 255.255.255.0 0 PERMIT" ] }, "execution_count": 21, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "id": "3f362d3a", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 22, "id": "a3b5d2e2", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Node as1border1\n", "Filter 101\n", "Line permit ip host 1.0.1.0 host 255.255.255.0\n", "Line_Index 0\n", "Action PERMIT\n", "Name: 0, dtype: object" ] }, "execution_count": 22, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] }, { "cell_type": "code", "execution_count": 23, "id": "22c0927f", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 23, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 24, "id": "3fb97e07", "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'snmp'" ] }, "execution_count": 24, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('snmp')" ] }, { "cell_type": "markdown", "id": "156f5bd9", "metadata": {}, "source": [ "##### Check SNMP Community Clients" ] }, { "cell_type": "markdown", "id": "e192c554", "metadata": {}, "source": [ "Checks if an SNMP community permits specified client IPs." ] }, { "cell_type": "markdown", "id": "498a2aa7", "metadata": {}, "source": [ "This question checks if the specified SNMP community permits the specified client IPs on specified devices. It reports if any device does not have the community or the set of permitted client IPs by the community does not match those specified in the question. If the community exists and permits exactly the specified client IPs, the device is not included in the output. The question currently only supports Arista, Cisco-NXOS, and Juniper devices. For all others, it will report an UNSUPPORTED_DEVICE status in the output." ] }, { "cell_type": "markdown", "id": "6e839d12", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "id": "5d418068", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "community | The SNMP community to consider. | str | False | \n", "clients | Client IPs expected to be permitted. | [IpSpec](../specifiers.md#ip-specifier) | True | \n", "nodes | Only evaluate nodes matching this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | " ] }, { "cell_type": "markdown", "id": "9188d3cd", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 25, "id": "590c1ce6", "metadata": {}, "outputs": [], "source": [ "result = bf.q.snmpCommunityClients(community='COMM', clients='1.2.3.4/32').answer().frame()" ] }, { "cell_type": "markdown", "id": "3b60576d", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "id": "178b5a84", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Node | Hostname. | str\n", "Community | The community name. | str\n", "Reason | Result of the test. | str" ] }, { "cell_type": "markdown", "id": "89af8037", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 26, "id": "51c27f7b", "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
NodeCommunityReason
0aristaCOMMUNEXPECTED_CLIENTS
1iosCOMMUNSUPPORTED_DEVICE
\n", "
" ], "text/plain": [ " Node Community Reason\n", "0 arista COMM UNEXPECTED_CLIENTS\n", "1 ios COMM UNSUPPORTED_DEVICE" ] }, "execution_count": 26, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "id": "599b22bf", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 27, "id": "968a79cd", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Node arista\n", "Community COMM\n", "Reason UNEXPECTED_CLIENTS\n", "Name: 0, dtype: object" ] }, "execution_count": 27, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] } ], "metadata": { "celltoolbar": "Edit Metadata", "hide_input": false, "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.7.16" } }, "nbformat": 4, "nbformat_minor": 2 }