Network topology with graphviz – Task 1.

Posted on March 20, 2012

1



Task 1.
List the interface name, the IP address and the DNS suffix for the domain the IP belongs to.

IPSO Firewall ‘clish -c “show interfaces”‘ output (filename: fw_interfaces_firewall1.txt):

Physical Interface        ae1
    Up
    Logical Interface         ae1c0
        Active                    On
        link_avail                Up
        Type                      i802.3ad
        IP Address                        Destination
        10.10.10.1                      10.10.10.0/29

Physical Interface        ae2
    Up
    Logical Interface         ae2c0
        Active                    On
        link_avail                Up
        Type                      i802.3ad
        IP Address                        Destination
    Logical Interface         ae2c1
        VlanId                    3043
        Active                    On
        link_avail                Up
        Type                      i802.3ad
        IP Address                        Destination
        20.20.20.1                     20.20.20.0/28

Physical Interface        ae3
    Up
    Logical Interface         ae3c0
        Active                    On
        link_avail                Up
        Type                      i802.3ad
        IP Address                        Destination
    Logical Interface         ae3c1
        VlanId                    2002
        Active                    On
        link_avail                Up
        Type                      i802.3ad
        IP Address                        Destination
        80.80.80.1                     80.80.80.0/24

Physical Interface        loop0
    Up
    Logical Interface         loop0c0
        Up                        Up
        Type                      loopback
        IP Address                        Destination
        127.0.0.1

DNS entries for the firewall interfaces:

# nslookup 10.10.10.1
Server:         10.10.10.113
Address:        10.10.10.113#53

1.10.10.10.in-addr.arpa      name = firewall1.internal.mycompany.com

# nslookup 20.20.20.1
Server:         10.10.10.113
Address:        10.10.10.113#53

1.20.20.20.in-addr.arpa      name = firewall1.dmz1.mycompany.com

# nslookup 80.80.80.1
Server:         10.10.10.113
Address:        10.10.10.113#53

1.80.80.80.in-addr.arpa      name = firewall1.dmz2.mycompany.com

iplookup.sh script:

To get only the dns entry I have to customize the output of nslookup:

#!/bin/bash

nslookup $1 | awk '{if ($2 == "name") myhostname=$4};END {if (myhostname=="") print "Router"; else print myhostname; myhostname=""};'

Command:

# grep "Logical Interface\|IP Address" -A 1 fw_interfaces_firewall1.txt | awk '{if ($1 == "Logical") ifname=$3; if ($1 == "IP") NR=NR+1; if ($1 ~ /[0-9]/) {ipaddr=$1; "./iplookup.sh " ipaddr | getline dnsname; gsub(/\./," ",dnsname) ; print ifname, ipaddr,dnsname}}' | awk '{print $1,$2,$4}' > fw_ifname_ip_def_dom_firewall1.txt

Output:

ae1c0 10.10.10.1 internal
ae2c1 20.20.20.1 dmz1
ae3c1 80.80.80.1 dmz2
loop0c0 127.0.0.1
Advertisements