12-15-2021 05:59 AM
Good Morning Everyone...
I am in the middle of a large router deployment. There is an updated config that I am having the on-site technician run that includes all of the updated config changes.
I am wanting as little on-site technician support as possible and am trying to have the script do all of the heavy lifting for the update. Here is what I am using so far:
tclsh
puts [open "bootflash:ACTIVATION_LOCATION-01.txt" w+] {
!
COPY AND PASTE CONFIGURATION HERE
!
!
!
end
!
}
tclquit
!
!
!
license right-to-use move throughput
!
config t
!
platform hardware throughput level 1000000
!
do wr me
!
exit
!
copy flash:/ACTIVATION_LOCATION-01.txt start
!
!
I would also like the script to include the following:
crypto key gen rsa usage-keys label LOCATION-01 modulus 4096
!
ip ssh rsa keypair-name LOCATION-01
So when I save the file to flash and set it to start it captures the updated config as desired. The problem I am having is including updating the crypto key gen and ip ssh keypair-name command. If I include it in the configuration I copy and paste into the tcl script, when the router reboots, it ignores the crypto keygen command. I know I can run this after the router reboots, but am trying to include as much of the updated config as possble.
Ideas on how I can include this when we are rolling out the updated configs to the field? Remember, I need the least amount of site tech user involvement possible.
Thoughts / Suggestions?
12-15-2021 08:31 AM
Hello,
the 'crypto key gen' command has an option 'exportable' which is typically used to share a key between computers, I have not tested this, but possibly this add-on command lets you copy the key...
12-19-2021 10:52 AM
write those commands into an EEM policy that will run on bootup.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide