Chapter 22. Email
Email on a switch? Hell yes! Arista switches allow emails to be sent from the EOS command line, from Bash, from scripts, and from all sorts of interesting places. After you see this in action, you’ll wonder how you ever lived without it. Ever have to copy the output of a show tech from flash:, to a TFTP server, and then to your laptop? You’ll never need to go through that nonsense again with email configured on your Arista switch. Ever copy and paste from the screen, only to discover that your scroll-back buffer wasn’t big enough? With email on an Arista switch, just email the output directly to your (or anyone’s) inbox. But enough hype, let’s dig in and see how it’s done.
Arista switches contain an email configuration mode that is accessed with the email command:
Arista#conf Arista(config)#email
When you’re there, type a question mark (?) and see what’s available:
Arista(config-email)#? auth Email account authentication from-user Send email from this user server Email relay tls Require TLS ---------------------------------------- comment Up to 240 characters, comment for this mode default Set a command to its defaults exit Exit from Email configuration mode help Description of the interactive help system no Negate a command or set its defaults show Show running system information !! Append to comment
In its simplest form, mail on an Arista switch requires configuration of a from address and an email server to send through. This is done by using the from-user and server commands. Here, I’ll configure the from-user to be [email protected], and the server to be 192.168.1.200. If DNS is configured, I could also use a fully qualified domain name such as mail.gad.net:
Arista(config-email)#from-user [email protected] Arista(config-email)#server 192.168.1.200
While within the email configuration mode, the command show active displays what’s currently configured for email. With the addition of Virtual Routing and Forwarding (VRF) support, the server command now shows the default VRF, unless otherwise configured:
Arista(config-email)#show active email from-user [email protected] server vrf default 192.168.1.200
For more advanced scenarios, email in EOS supports username and password authentication using the cleverly named username and password commands:
Arista(config-email)#auth username gad Arista(config-email)#auth password ILikePie
If a password is entered in plain text, as I’ve done here, the switch will convert it to an encrypted string. Show active displays this encrypted string, as will the configuration:
Arista(config-email)#sho active email from-user [email protected] server vrf default 192.168.1.200 auth username gad auth password 7 MHTq67ztWA9dQOfAwOWOqQ==
Warning
Passwords encrypted within configurations using MD5 are not very secure, and MD5 is what’s used in the email configuration section even on EOS 4.21.1F where sha512 is used for local EOS user passwords. Remember that given this configuration, the username and password will be sent over the network in clear text, as well.
If your mail server supports Transport Layer Security (TLS), you can enable that with the tls command:
Arista(config-email)#tls
My lab is not set up for TLS, so it won’t show up in later command outputs. TLS will solve the problem of passwords being sent in clear text, so it’s a recommended solution to use wherever possible.
With my email set up, I’ll now flex my new power by sending the output of a command to my inbox. I can do this with any show command by using the pipe (vertical bar) character followed by the word email. Note that this option does not show up if you search for it:
Arista#sho run | ? LINE Filter command by common Linux tools such as grep/awk/sed/wc append Append redirected output to URL begin Begin with the line that matches exclude Exclude lines that match include Include lines that match json Produce JSON output for this command no-more Disable pagination for this command nz Include only non-zero counters redirect Redirect output to URL section Include sections that match tee Copy output to URL
Rest assured, though, that it works. By now it shouldn’t surprise you that email is actually a command in Bash that’s referenced from EOS. To see the possible options, drop to Bash and issue the email –-help command:
Arista#bash
Arista Networks EOS shell
[admin@Arista ~]$ email --help
Usage: email -- send email through the configured SMTP server
Options:
-h, --help show this help message and exit
-a ATTACHMENT, --attachment=ATTACHMENT
send the named file as an attachment
-b, --binary force encoding attachments as binary
-d, --debug debug interaction with SMTP server
-i, --interactive force interactive mode even if stdin is not a TTY
-r REF, --ref=REF specify case ref
-s SUBJECT, --subject=SUBJECT
specify subject
--sysname=SYSNAME specify Sysdb sysname
Let’s get back to EOS and try some of those. First, I pipe the output of the show run command to my email with a subject of Show Run. I specify a subject for the email by using the –s flag and then list the email address of the intended recipient:
Arista(config-email)#sho run | email -s "Show Run" [email protected] Arista(config-email)#
No output is displayed because it’s all been redirected to the email program. A quick jump over to my email client, and there’s the email! Note that the output is stored as an attachment and is not sent in the body of the email:
Date: Fri, 8 Sep 2017 18:40:20 From: [email protected] To: [email protected] Subject: [SPAM] Show Run Parts/Attachments: 1 Shown 2 lines Text 2 3.8 KB Application ---------------------------------------- see attachment [ Part 2, Application/OCTET-STREAM 3.8 KB. ] [ Cannot display this part. Press "V" then "S" to save in a file. ]
This time, I send the output of the command show interface e24 to my email, but without specifying a subject. Without a subject specified, a generic subject is inserted on my behalf:
Arista(config-email)#sho int e1 | email [email protected]
Here is the resulting email, with the subject line in bold, and, yes, check your spam folders if you don’t see it in your inbox! This was triggered as spam by my system because the email server does not have reverse DNS configured.
Date: Fri, 8 Sep 2017 18:42:07 From: [email protected] To: [email protected] Subject: [SPAM] Support email sent from the switch Parts/Attachments: 1 Shown 2 lines Text 2 46 KB Application ---------------------------------------- see attachment [ Part 2, Application/OCTET-STREAM 46 KB. ] [ Cannot display this part. Press "V" then "S" to save in a file. ]
The email feature used to send the command output in the body of the message (see Arista Warrior, first edition), but now the default is to send it as an attachment. Here is the file contained in the last email that was sent:
Ethernet1 is up, line protocol is up (connected)
Hardware is Ethernet, address is 001c.7390.93d0 (bia 001c.7390.93d0)
Description: [ ESXi ]
Ethernet MTU 9214 bytes , BW 1000000 kbit
Full-duplex, 1Gb/s, auto negotiation: on, uni-link: n/a
Up 24 days, 23 hours, 50 minutes, 53 seconds
Loopback Mode : None
3 link status changes since last clear
Last clearing of "show interface" counters never
5 minutes input rate 0 bps (0.0% with framing overhead), 0 packets/sec
5 minutes output rate 636 bps (0.0% with framing overhead), 1 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 multicast
0 runts, 0 giants
0 input errors, 0 CRC, 0 alignment, 0 symbol, 0 input discards
0 PAUSE input
1898042 packets output, 194708151 bytes
Sent 747067 broadcasts, 1150975 multicast
0 output errors, 0 collisions
0 late collision, 0 deferred, 0 output discards
0 PAUSE output
Flummoxed by email failures after you’ve configured your switch for this feature? You can specify the –d option with email, after which you will be rewarded with pages of debug information reflecting every detailed interaction performed by the email process. Let’s take a look:
Arista#sho int e24 | email -d [email protected] connect: ('192.168.1.200', 25) connect: (25, '192.168.1.200') reply: '220 mail.example.com ESMTP Postfix (Ubuntu) ' reply: retcode (220); Msg: mail.example.com ESMTP Postfix (Ubuntu) connect: mail.example.com ESMTP Postfix (Ubuntu) send: 'ehlo [127.0.0.1] ' reply: '250-mail.example.com ' reply: '250-PIPELINING ' reply: '250-SIZE 30000000 ' reply: '250-VRFY ' reply: '250-ETRN ' reply: '250-STARTTLS ' reply: '250-ENHANCEDSTATUSCODES ' reply: '250-8BITMIME ' reply: '250 DSN ' reply: retcode (250); Msg: mail.example.com PIPELINING SIZE 30000000 VRFY ETRN STARTTLS ENHANCEDSTATUSCODES 8BITMIME [---output truncated--]
In this case, everything went through fine, but be warned that this can create a lot of output depending on what’s going on. This output would be invaluable during a failure. Here, I’ve misconfigured the server’s IP address in my email configuration in order to generate a failed connection:
Arista#sho int e24 | email -d -s "Show Int e24" [email protected] connect: ('1.1.1.1', 25) connect: ('1.1.1.1', 25) % Failed to send email: [Errno 101] Network is unreachable
Because email is actually a Bash command, you can use it for redirecting output in Bash, too. Here, I’ve redirected the output of ls -al to my email address:
[admin@Arista ~]$ ls -al | email -s "ls -al" [email protected]
Conclusion
If you’re like me, you’ll find yourself using this feature a lot more than you ever thought you would. But then, I’ve been told there aren’t a lot of people quite like me. The worst thing is that after you get used to all these cool Arista features, it can be absolutely maddening to use any other vendor’s switch.