Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
5
Helpful
5
Replies

How to verify QOS configuration errors on multiple routers easily

Go to solution
ankurjain05
Level 1
Level 1

‎06-14-2016 04:35 PM

hello wonderful people,

I have got a task to complete in few days.

There are around 140 routers in customer environment.

I need to validate it's QOS configuration if it's as per the customer standards.

There are many routers with wrong configuration.

I don't want to login to each router and look 100's of line consisting of policy-maps/class-maps/IP precendence/access-lists.

Is there a way using excel/notepad features by which I can find it out?

I'm not familiar with the automation/shell/python :(

Cheers,

AJ

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-14-2016 06:03 PM

Hi

Unfortunatly I was saying scripting.

Do you have Cisco Prime (CPI)? On CPI 3.0, there is a new feature working well called Compliance.

You can define a template configuration and check on all devices which one is aligned with the right and which one not.

If you don't have CPI, you can deploy an evaluation license valid for 60 days but 100 devices only.

If you don't want to do scripting, you will need to use CPI evaluation and run the compliance report in 2 times because you have more than 100 devices.

I've done a script that reads a host file (containing 1 IP per line) and executing some commands.

Below a sample, but you need to test it before, adapt the show command you want to retrieve and it will save it on a txt file that have the IP address as name.

puts [open "flash:audit.tcl" w+] {
set username [lindex $argv {0}]
set password [lindex $argv {1}]
set commands {
"sh run | sec class-map"
"sh run | sec policy-map"

"sh run | sec access-list"

"show ip int bri "
"sh run | i qos"

}
set device_list [read [open flash:hosts.txt]]


foreach device $device_list {
set file_name "flash:$device-log.txt"
puts [ exec "telnet $device" ]
typeahead "$username\r"
typeahead "$password\r"
puts [ exec "term len 0" ]
set file1 [open $file_name w+]
close $file1
set file1 [open $file_name "w"]
foreach cmd $commands {
set results "### OUTPUT COMMAND FOR $cmd ### \r"
append contents $results
set results " \r"
append contents $results
set results [exec "$cmd"]
append contents $results
set results " \r"
append contents $results
set results " \r"
append contents $results
puts $file1 $contents
set contents " "
}
close $file1
}
}

This script was made 2 years ago and if I remember I used it with tclsh windows command file, because the customer hadn't any linux machine.

Normally I'm doing scripting by using expect tcl within a linux machine.

As you aien't familiar with scripting I would recommend to invest a little bit time on CPI to get it done faster; and you would be able to leverage it for other stuff.

Hope this help.

PS: Please don't forget to rate and mark as correct answer if this solved your issue.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-14-2016 05:49 PM

If you are not familiar with any scripting languages - then no.  You are going to be doing it the long way, and logging into each device.

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-14-2016 06:03 PM

Hi

Unfortunatly I was saying scripting.

Do you have Cisco Prime (CPI)? On CPI 3.0, there is a new feature working well called Compliance.

You can define a template configuration and check on all devices which one is aligned with the right and which one not.

If you don't have CPI, you can deploy an evaluation license valid for 60 days but 100 devices only.

If you don't want to do scripting, you will need to use CPI evaluation and run the compliance report in 2 times because you have more than 100 devices.

I've done a script that reads a host file (containing 1 IP per line) and executing some commands.

Below a sample, but you need to test it before, adapt the show command you want to retrieve and it will save it on a txt file that have the IP address as name.

puts [open "flash:audit.tcl" w+] {
set username [lindex $argv {0}]
set password [lindex $argv {1}]
set commands {
"sh run | sec class-map"
"sh run | sec policy-map"

"sh run | sec access-list"

"show ip int bri "
"sh run | i qos"

}
set device_list [read [open flash:hosts.txt]]


foreach device $device_list {
set file_name "flash:$device-log.txt"
puts [ exec "telnet $device" ]
typeahead "$username\r"
typeahead "$password\r"
puts [ exec "term len 0" ]
set file1 [open $file_name w+]
close $file1
set file1 [open $file_name "w"]
foreach cmd $commands {
set results "### OUTPUT COMMAND FOR $cmd ### \r"
append contents $results
set results " \r"
append contents $results
set results [exec "$cmd"]
append contents $results
set results " \r"
append contents $results
set results " \r"
append contents $results
puts $file1 $contents
set contents " "
}
close $file1
}
}

This script was made 2 years ago and if I remember I used it with tclsh windows command file, because the customer hadn't any linux machine.

Normally I'm doing scripting by using expect tcl within a linux machine.

As you aien't familiar with scripting I would recommend to invest a little bit time on CPI to get it done faster; and you would be able to leverage it for other stuff.

Hope this help.

PS: Please don't forget to rate and mark as correct answer if this solved your issue.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
ankurjain05
Level 1
Level 1
In response to Francesco Molino

‎06-14-2016 06:21 PM

Thank you for the ideas.

Atleast I have some way to look forward to.

I'll try to do the CPI solution.

However, does that need any configuration on the devices as I cannot make any changes on customer routers. Although I might be able to do SNMP ReadOnly there.

Also, there are many versions available to download, which one would be suitable to install on a laptop or it needs a server machine ?

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to ankurjain05

‎06-14-2016 06:30 PM

You need to discover devices by using user/password and snmp access (read is enough if you don't want to modify anything).

it's a high cpu/memory consumption. I will recommend version 3.1.

compliance is available since version 3.0

you have some docs on cisco website on how to use it. There was a demo version on dcloud.cisco.com to test it.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to ankurjain05

‎06-14-2016 06:36 PM

I forgot to say that you need the professionnal ova in order to have compliance


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card