12-05-2018 08:07 AM
Hello Everyone,
I have recently setup privilege level permissions on my network cisco switches. The problem is that we have about 15 devices now. So, if we need to edit any permissions for privilege level, we need to go through all those switches and update it manually. It is time consuming and may be in future if the number of network devices increases, it will be worse.
I want to know do we have any centrally manageable mechanism with which we can update all the switches for the privilege level permission at once?
I have a radius server which authenticates our network switches with our AD.
Thank You.
12-05-2018 08:34 AM
Hi there,
The answer is yes. Are you using freeRADIUS? You can push the privilege-lvel attribute from either AD or freeRADIUS depending on your configuration:
cheers,
Seb.
12-05-2018 10:58 AM
Hello Seb,
Thank you for the reply. I am using NPS radius server for authentication.
I went through the article you suggested but really did not find the answer i was looking for.
Actually, my concern is we have configured a privilege level for certain commands in our network switches, same as in our article that shows some commands configured for level 7 users.
Now, if you want that level 7 users to have access to all the show commands, you would do;
privilege exec all level 7 show
This command has to be executed in all the switches one by one for privilege level 7; manually. .Is there a way where i can update command in one place and get updated in all the switches?
Thank You.
12-05-2018 11:55 PM
ah, I see what you are after.... I which case use a script.
I wrote the following one for someones question on this forum:
#!/usr/bin/env python3
import getpass
import csv
import netmiko
import paramiko
from argparse import ArgumentParser
def main():
parser = ArgumentParser(description='Arguments for running oneLiner.py')
parser.add_argument('-c', '--csv', required=True, action='store', help='Location of CSV file')
args = parser.parse_args()
ssh_username = input("SSH username: ")
ssh_password = getpass.getpass('SSH Password: ')
with open(args.csv, "r") as file:
reader = csv.DictReader(file)
for device_row in reader:
try:
ssh_session = netmiko.ConnectHandler(device_type='cisco_ios', ip=device_row['device_ip'],
username=ssh_username, password=ssh_password)
print("+++++ {0} +++++".format(device_row['device_ip']))
ssh_session.send_command("terminal length 0")
print(ssh_session.send_command("privilege exec all level 7 show"))
ssh_session.send_command("terminal length 30")
ssh_session.disconnect()
except (netmiko.ssh_exception.NetMikoTimeoutException,
netmiko.ssh_exception.NetMikoAuthenticationException,
paramiko.ssh_exception.SSHException) as s_error:
print(s_error)
if __name__ == "__main__":
main()
https://github.com/sebrupik/srupik-apic-em-tools/blob/master/frozenPony/src/oneLinerSimple.py
You need to pass it a CSV file in the following format:
device_ip 1.1.1.1 1.1.1.2 1.1.1.3
From the local directory run it with:
# python3 oneLiner.py -c your_ips.csv
It would be easy to extend it to send a block on config commands if you needed to, or to add another column to the CSV file which contained the command you wanted to run on that particular device.
cheeers,
Seb.
12-06-2018 09:47 AM
Thank you for the information. I believe i forgot to tell that all my servers are Windows based. I believe the script that you suggested is a Linux script.
12-06-2018 01:00 PM
It is a python3 script, which is portable across a multitude of platforms, including windows:
https://www.python.org/downloads/windows/
...once you have the runtime installed you will be able to run the script from the command prompt.
If you want to take your python scripting further I recommend you use a good IDE. I would suggest pycharm:
https://www.jetbrains.com/pycharm/download/#section=windows
Cheers,
Seb.
12-06-2018 01:56 PM
Thank you for the information.. I will try it and update if it worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide