Re: Switch Config Audit Script for 802.1x

Joshuabowers · ‎08-16-2018

I been trying to create a Python script to audit Cisco 4500 interfaces that do not have 802.1x enabled.

So far I have the script able to look at a single 4500 Running Config and pull any interface that is missing interface command "authentication *". There are about 5 dot1x interface commands that start with authentication. The problem is that interface vlan 1, interface g1/1/1 -4 and the10gig uplinks will show up in this report (1.png). I tried to use Nodot1x.remove("interface Ten*") to remove any of these interfaces and so far I keep getting errors. I'm I suppose to use the list.remove() method or Im doing this wrong?

Working Code is 2.png

Seb Rupik · ‎03-28-2019

Hi there,

I realise this post is old and you may have found the solution by now...but anyway.

What you need to use is list comprehension, to parse your NoDot1x list and strip out the elements you don't want. I assume that for every switch you know the interfaces you do not want to include in your list? So we can create a list to capture those:

not_interested = ["Vlan1", "Gi1/1/1", "Ten1/0/1", "Ten1/0/2", "Ten1/0/3"]
NoDot1x = ["Ten1/0/1", "Ten1/0/2", "Ten1/0/3", "Vlan1", "Gi1/0/1", "Gi1/0/2"]

new_list = [e for e in NoDot1x if e not in not_interested]

print(new_list)

This will give the output:

['Gi1/0/1', 'Gi1/0/2']

So far so good. But say you don't know explict list of interfaces you are not interested in, just the type. So no Vlan SVIs, and no stack network modules (Gi1/1/1-4), then we can chuck some regex into the mix:

import re

def parse_int(source):
    REGEX = "Vlan\d{1,4}$|Gi\d{1,2}/1/1{1,2}$|Ten\d{1,2}/\d{1,2}/\d{1,2}$"
    m = re.match(REGEX, source)
    return m

NoDot1x = ["Ten1/0/1", "Ten1/0/2", "Ten1/0/3", "Vlan1", "Gi1/0/1", "Gi1/0/2"]

new_list2 = [e for e in NoDot1x if not parse_int(e)]

print(new_list2)

....which again gives us:

['Gi1/0/1', 'Gi1/0/2']

Hope this proves useful!

cheers,

Seb.