Script for large number of cisco switch configuration

Chhabi Thapa · ‎01-11-2018

Hello everyone,
At the moment I have to do the basic configuration of large number of cisco 3850-48 P switches,SW Version 03.07.03E.Is there any solution like scripting so that i can just go there and run the script.I've tested the tcl script but didn't go well.

Please note that this is the initial configuration and i'm doing all the configurataion via console access.

Below are the basic configurations i have to do.

hostname <hostname>
username <username> privilege 15 password <password>
line vty 0 4
transport input all
login local
exit
!
vtp domain <vtp domain>
vtp mode server
vtp password <password>
vtp version 3
!
ip route 0.0.0.0 0.0.0.0 <gateway ip>
!
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree mst configuration
name MST
revision 1
instance 1 vlan 1-4094
exit
!
interface tengig 1/1/1
channel-group <ID> mode on
switchport mode trunk
exit
interface tengig 1/1/2
channel-group <ID> mode on
switchport mode trunk
exit
!
username <SNMP USER> privilege 15 password 0 <password>
!
snmp-server group <GROUP-NAME> v3 auth
snmp-server group <GROUP-NAME> v3 priv
snmp-server host <host ip> version 3 auth <SNMP USER>
snmp-server user <SNMP USER> <GROUP-NAME> v3 auth sha <password> priv a 128 <password>
snmp-server trap-source <interface>
snmp-server source-interface informs <interface>
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps rf
snmp-server enable traps memory
snmp-server enable traps cpu threshold
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps flash insertion removal
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps energywise
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps license
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps local-auth
snmp-server enable traps port-security
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps ipmulticast
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps errdisable
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
!
interface vlan <id>
ip address <ip address> <subnet mask>

Seb Rupik · ‎01-11-2018

Hi there,

Maybe you should take a look at APIC-EM.

https://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/index.html

This allows you to take a switch out of a box, connect it to the network, it will contact the APIC-EM server which will push down config/ images dependent on templates you have configured.

These steps are simplified, but are the core of what the APIC-EM PnP service offers.

cheers,

Seb.

Chhabi Thapa · ‎01-11-2018

HI Seb,

Thanks for the reply.My situation is different.Switches are installed physically at different rooms,i have to go to each and every room and configure the switch via console.So for now i cannot push the configuration to switches remotely.

Seb Rupik · ‎01-11-2018

OK still on the APIC-EM tack, assuming the server is installed, you have a management VLAN configured with the necessary option43 set.

On the upstream switch which your new switch connect to, use the following configuration:

!
pnp startup-vlan <management_vlan>
!

Then take your console lead, and issue the following commands:

config terminal
no pnp profile pnp-zero-touch
no crypto pki certificate pool
config-register 0x2102
end
delete /force vlan.dat
delete /force nvram:*.cer
delete /force stby-nvram:*.cer
write erase 
reload

When your switch reloads, the pnp agent will communicate with the upstream switch which will configure a management VLAN SVI based on the pnp startup-vlan command, your switch will then be able to communicate with APIC-EM.

cheers,

Seb.

Chhabi Thapa · ‎01-11-2018

Thanks Seb.I'll definitely check this one.

Joe Clarke · ‎01-12-2018

I've built a zero-touch provisioning solution based on auto-config and EEM with a web front-end that I've used for deploying CiscoLive networks as well as conference networks for the IETF. It works quite well, and I've recently confirmed it works with 3850s. It also integrates with APIC-EM if you have it (but it runs standalone as well). Features include:

Touchless configuration provisioning
Dynamic configuration via macro expansion and external scripts
Image upgrade
Image and config validation
Ability to integrate with external systems like Spark and Slack with "hooks"
APIC-EM integration
Reachability polling
Push data to Network Registrar and Prime Infrastructure
Web front-end to manage assets

I wrote a blog about it at https://supportforums.cisco.com/t5/network-infrastructure-blogs/automating-cisco-live-2014-in-san-francisco/ba-p/3103598/jump-to/first-unread-message which links to the code.

Chhabi Thapa · ‎01-16-2018

Hi Joe,

Sorry for the late response.BTW thanks for the info,i'll go through this info.I really appreciate your help.