cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2033
Views
0
Helpful
7
Replies

Expect Script to Detect Different Platforms

normanzhang
Level 1
Level 1

Does anyone know how I can get expect to detect different platforms? I like to run different commands for different platforms.

 

If IOS

  username admin privilege 15 secret xxx

If Nexus

  username admin password xxx role network-adminstrator

If ASA

  username admin password xxx privilege 15

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

You could either build an array that maps these statically, or use a command that is supported on all platforms and parse the output to determine which platform you are on.  For example, execute "show version" and look for strings that are unique to each platform.  Expect lets you do quite a bit in an expect block:

 

expect {

  -re "PATTERN FOR IOS" {set platform ios}

  -re "PATTERN FOR NXOS" {set platform nxos}

...

}

Thanks for the hints.

 

I am able to detect the platform with "show ver | i Cisco". However, with Nexus command doesn't seem to parse.

 

send "username admin password $new_passwd role network-admin\n"

 

PRISWDISTA(config)# username admin password  role network-admin
                                                  ^
% Invalid command at '^' marker.

 

Do you know why it's failing? I checked the command locally and it's good.

Looks to me like the $new_password variable is empty, so the command is invalid as it's missing the actual password value.

I have this at the top, and it's recognized on IOS devices.

 

set new_passwd [lindex $argv 3]

 

I'm suspecting there could be something specify with Nexus parsing variables?

Nexus isn't parsing the variables.  Expect is.  I don't see your whole script, but if it works for IOS, and you're passing the same arguments, then it will work for NX-OS.

I use the bash script to called the expect script. Do you see anything wrong with script?

 

#!/bin/bash
echo -n "Enter the SSH password for $(whoami) "
read -s -e password
echo -ne '\n'
echo -n "Enter current ADMIN password "
read -s -e old_passwd
echo -ne '\n'
echo -n "Enter new ADMIN password "
read -s -e new_passwd
echo -ne '\n'

for device in `cat device-list.txt`; do
 ./cisco_passwd.exp $device $password $old_passd $new_passwd ;
done

 

#!/usr/bin/expect -f

set hostname [lindex $argv 0]
set username $env(USER)
set password [lindex $argv 1]
set old_passwd [lindex $argv 2]
set new_passwd [lindex $argv 3]

log_file -a ~/cisco_passwd_results.log

send_user "\n"
send_user ">>>>>  Working on $hostname @ [exec date] <<<<<\n"
send_user "\n"

spawn ssh -o StrictHostKeyChecking=no $username\@$hostname

expect {
  timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
  eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
  "*#" {}
  "*assword:" {
    send "$password\n"
  }
}

 

expect {
  default { send_user "\nEnable Mode Failed - Check Password\n"; exit 1 }
  "*#" {}
  "*>" {
    send "enable\n"
    expect "*assword"
    send "$old_passwd\n"
    expect "*#"
  }
}

send "show version | include Cisco\n"
expect {
  default {
    send_user "\nFailed to determine OS or get back correct prompt while changing pass.\n";
    exit 1
  }
  -re "Cisco Nexus" {
    send "conf t\n"
    expect "(config)#"
    send "username admin password $new_passwd role network-admin\n"
  }  
  -re "Cisco IOS" {
    send "conf t\n"
    expect "(config)#"
    send "no username admin\n"
    expect "(config)#"
    send "username admin privilege 15 secret password $new_passwd\n"
    expect "(config)#"
    send "no enable password\n"
    expect "(config)#"
    send "no enable secret\n"
    expect "(config)#"
    send "enable secret 15 $new_passwd\n"
  }
  -re "Cisco Adaptive Security Appliance" {
    send "conf t\n"
    expect "(config)#"
    send "no username admin\n"
    expect "(config)#"
    send "username admin password $new_passwd privilege 15\n"
  }
}

expect "(config)#"
send "end\n"
expect "#"
send "wr\n"
expect "#"
send "exit\n"
expect ":~\$"
exit

I don't see anything obviously wrong.  The password should be filled in.  You might try filling this in statically as a test to see if NX-OS is perhaps rejecting the command for another reason.

Review Cisco Networking for a $25 gift card