Solved: Re: Configure multi-line banner in IOS-XE Guestshell Python

yoongseong · ‎08-09-2018

Hello, how can we configure a multi-line banner in ZTP Python script running in IOS-XE Guestshell? I am using Python cli module and configuring a single line banner has no problem.

Example of multi-line banner configuration that doesn't work:

from cli import configurep

configuration = '''
banner motd ZAuthorized Access only
This system is the property of So-and-So-Enterprise.
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
You must have explicit permission to access this
device. All activities performed on this device
are logged. Any violations of access policy will result
in disciplinary action.
Z
'''
configurep(configuration)

Thanks in advanced.

Joe Clarke · ‎08-13-2018

Sure enough, the middle line trips things up since XE is not replying with anything on stdout.

You can get two lines in there (if you need two), and each line can be rather long. The result should be the multi-line banner you want.

event manager applet install-banner
 event none
 action 1.0 cli command "enable"
 action 2.0 cli command "config t"
 action 3.0 cli command "banner motd xAuthorized Access only\015\012This system is the property of So-and-So-Enterprise\015\012UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x"
 action 5.0 cli command "end"

This will nvgen strangely. The octal characters will be replaced by their printable versions. That's okay, though, since likely you will remove this applet once it runs.

If everything you want won't fit on one line (due to XE line length limitations), then add a second line using the pattern technique.

View solution in original post

Joe Clarke · ‎08-09-2018

The configure method treats separate lines as multiple commands. While you can use '\r' to separate lines, that results in buggy banners. What might work better is to install an EEM applet as part of bootstrap that creates the banner for you. For example:

event manager applet install-banner auth bypass

event timer cron cron-entry "@reboot"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "banner motd ZAuthorized Access only" pattern ".*"

action 3.1 cli command "Another line here" pattern ".*"

action 4.0 cli command "Don't do anything illegal.Z"

action 5.0 cli command "no event manager applet install-banner"

action 6.0 cli command "end"

Or you can create this as a "none" event applet and run it manually from within Python.

yoongseong · ‎08-09-2018

Thanks for sharing the solution using EEM applet.

I have tried using \r to separate the lines but that doesn't work.

From Guestshell Python

>>> banner = '''
... banner motd ,Authorized Access only\rThis system is the property of So-and-So-Enterprise.\rUNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.\r,
... '''
>>> cli.configurep(banner)
Line 1 SUCCESS:
Line 2 SUCCESS: banner motd ,Authorized Access only This system is the property of So-and-So-Enterprise. UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED. ,

In IOS-XE

Router#show banner motd
Authorized Access onlyThis system is the property of So-and-So-Enterprise.UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
Router#

Joe Clarke · ‎08-10-2018

Like I said, '\r' results in buggy banners. The only way I found to reliably render multi-line banners is to use the EEM trick. You can either add it so it runs after the device next reloads, or you can install it into the running config with a "none" event, and then invoke it from your Python script.

yoongseong · ‎08-13-2018

I have tried to follow the EEM applet example given but doesn't work. It seems that the applet is timed out, probably due to to incorrect pattern matching? Configuring the single line banner using the same applet has no problem.

Router#show event manager pol reg
No.  Class     Type    Event Type          Trap  Time Registered           Name
1    applet    user    none                Off   Mon Aug 13 09:25:48 2018  install-banner
 policyname {install-banner} sync {yes}
 maxrun 20.000
 action 1.0 cli command "enable"
 action 2.0 cli command "config t"
 action 3.0 cli command "banner motd xAuthorized Access only" pattern ".*"
 action 3.1 cli command "This system is the property of So-and-So-Enterprise" pattern ".*"
 action 4.0 cli command "UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x"
 action 5.0 cli command "end"

Router#event manager run install-banner
Router#show banner motd
Router#

Joe Clarke · ‎08-13-2018

Sure enough, the middle line trips things up since XE is not replying with anything on stdout.

You can get two lines in there (if you need two), and each line can be rather long. The result should be the multi-line banner you want.

event manager applet install-banner
 event none
 action 1.0 cli command "enable"
 action 2.0 cli command "config t"
 action 3.0 cli command "banner motd xAuthorized Access only\015\012This system is the property of So-and-So-Enterprise\015\012UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x"
 action 5.0 cli command "end"

This will nvgen strangely. The octal characters will be replaced by their printable versions. That's okay, though, since likely you will remove this applet once it runs.

If everything you want won't fit on one line (due to XE line length limitations), then add a second line using the pattern technique.

yoongseong · ‎08-13-2018

Thanks Joe for providing the solution. The codes work perfectly in IOS-XE but it will give error in GuestShell Python environment due to the line feed character.

>>> cli.configurep(conf)
ConfigError: There was a problem with 2 commands while configuring the device.
Line 1 SUCCESS:
Line 2 SUCCESS: event manager applet install-banner
Line 3 SUCCESS:  event none
Line 4 SUCCESS:  action 1.0 cli command "enable"
Line 5 SUCCESS:  action 2.0 cli command "config t"
Line 6 SUCCESS:  action 3.0 cli command "banner motd xAuthorized Access only
**CLI Line # 6: Warning: Assumed end-quote for quoted string
Line 7 FAILURE: This system is the property of So-and-So-Enterprise  (PARSE_ERROR_NOMATCH)erprise
**CLI Line # 7:  ^
**CLI Line # 7: % Invalid input detected at '^' marker.

Line 8 FAILURE: UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x" (PARSE_ERROR_NOMATCH)
Line 9 SUCCESS:  action 5.0 cli command "end"

By removing the line feed character, the problem is resolved.

>>> conf = '''
... event manager applet install-banner
...  event none
...  action 1.0 cli command "enable"
...  action 2.0 cli command "config t"
...  action 3.0 cli command "banner motd xAuthorized Access only\015This system is the property of So-and-So-Enterprise\015UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x"
...  action 5.0 cli command "end"
... '''
>>> import cli
>>> cli.configurep(conf)
Line 1 SUCCESS:
Line 2 SUCCESS: event manager applet install-banner
Line 3 SUCCESS:  event none
Line 4 SUCCESS:  action 1.0 cli command "enable"
Line 5 SUCCESS:  action 2.0 cli command "config t"
Line 6 SUCCESS:  action 3.0 cli command "banner motd xAuthorized Access only This system is the property of So-and-So-Enterprise UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.x"
Line 7 SUCCESS:  action 5.0 cli command "end"
>>> cli.executep('show banner motd')
>>> cli.executep('event manager run install-banner')
>>> cli.executep('show banner motd')
Authorized Access only
This system is the property of So-and-So-Enterprise
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
>>>

Joe Clarke · ‎08-13-2018

You could also try escaping the octal in Python with \\. But if it's working for you now, best to leave it where it is.

nathy1984 · ‎05-28-2020

Hello

I try to configure the banner with EEM.

But if the banner massage is longer, it does not work. For example:

action 3.0 cli command "banner motd xAny access to this device is only permitted to allowed persons.\015Any access to this device is only permitted to allowed persons.\015Any access to this device is only permitted to allowed persons.\015Any access to this device is only permitted to allowed persons.x"

Any idea to solve this problem?

Best regards,

CiscoTechAus · ‎07-01-2020

I also have the same issue, If the banner exceeds a given length it does not work.. Is there another solution for this?

ftomek · ‎04-06-2022

This solution with \012 or \015 or \010 characters works only to first reload.

During entering script characters \012 and simillar are intrepreted, doesn't matter that they are insiade quotation and changed into real new line. Than everything after \012 is in new line in running config and startup config.

During reload these lines are treated as faulty and removed, so banner will have only one line

action 3.0 cli command "banner motd % Ala ma kota \012 a kot ma Ale%"

in sh run and sh startup

action 3.0 cli command "banner motd % Ala ma kota

a kot ma Ale%" - line removed after reload

The solution is using variable with \012 in it.

action 2.1 set NEWL "\0"
action 2.2 set NEWL1 "12"
action 2.3 set NEWL $NEWL$NEWL1
action 3.0 cli command "banner motd % Ala ma kota $NEWL a kot ma Ale%"

jasonm002 · ‎07-14-2023

The following works for me on a 9200CX on 17.9.1, looks like the banner requires a line feed at the beginning and end of the string (inside of the delimiter characters) in the config

config = '''some config statements

banner login ^\\012Configured by zero-touch provisioning (ZTP).\\012Example multi line banner\\012\\012^

some other config statements

'''