09-08-2017 06:40 PM - edited 03-05-2019 09:06 AM
Hello everyone,
Need some help with python script. I never used python before. I need to deploy tacacs config for con0 and aux line to all routers and switches.
I have Python 2.7.13 installed on my windows 7
1. I have a router I want to test it by deploying script to it via telnet. How do you suggest i do that while having this router connected to a production network? My thought is to not have any routing enabled and only configure a loop back on the router with an IP address that is routable via the production network. Best practices?
2. I have attached what i have so far scripted very rough draft. I have no idea how to deploy it with python via telnet and what the script is lacking. would i put the IP address of the router where it says "(HOST)". Can anyone give me some pointers?
Thank you!
Solved! Go to Solution.
09-13-2017 04:15 PM
09-13-2017 06:22 PM
It's ok any help is appreciated.
I gave the latest script a shot and it didnt even launch. saved it as a py file extension and then it just flashed for a second then disappeared.
09-13-2017 06:59 PM
09-13-2017 08:57 PM
Yes, definitely one IP to test on one router. Once I get it working I will then do a list.
Just clicking on on the script from desktop.
What does that command do? Is that setting the debug level on router?
09-13-2017 09:42 PM
09-13-2017 11:19 PM
I have python 2.7.13
I didn't know you can run py script via cli on cisco..?
09-14-2017 03:23 AM
Sorry i meant via your laptop cli. As you'll activate debug you need to keep your window open to copy then and paste here the result.
09-15-2017 11:57 AM
Hi Guys, nice topic.
Sorry, I don't wanna hijack the discussion but there's a similar demand I've been working on. In my case it's a switch assessment, but the idea is more or less the same (and also using telnet)...(and this subject is also new to me)...
Francesco,
I ran the script you shared (thanks for that!). The only lib I had to install was pexpect. Btw, I'm running CentOS in a VM on my laptop.. there are a lot less issues related to lib compatibility...
For my test I replaced all command lines sent to the devices to just:
output = tn.write("show version\r\n")
print(output)
However, it looks like it didn't run successfully. Following the logs:
[root@localhost flavio]# python test3.py
Username: admin
Password:
list or ip: list
Path and filename: /home/flavio/Devices.txt
Telnet(10.0.0.1,23): recv '\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f'
Telnet(10.0.0.1,23): IAC WILL 1
Telnet(10.0.0.1,23): IAC WILL 3
Telnet(10.0.0.1,23): IAC DO 24
Telnet(10.0.0.1,23): IAC DO 31
Telnet(10.0.0.1,23): recv '\r\nUser Access Verification\r\n\r\nUsername: '
Telnet(10.0.0.1,23): send 'admin\r\n'
PASS
Telnet(10.0.0.1,23): recv '\xff\xfc\x01\xff\xfc\x03\xff\xfe\x18\xff\xfe\x1f'
Telnet(10.0.0.1,23): IAC WONT 1
Telnet(10.0.0.1,23): IAC WONT 3
Telnet(10.0.0.1,23): IAC DONT 24
Telnet(10.0.0.1,23): IAC DONT 31
Telnet(10.0.0.1,23): recv 'admin'
Telnet(10.0.0.1,23): recv '\r\nPassword: '
Telnet(10.0.0.1,23): send 'C1sc0123\r\n'
Telnet(10.0.0.1,23): send 'show version\r\n'
None
I was able to get it working using netlib, with the attached script..It does a "show version" and stores the output in a txt file with the switch ip as the file name... The problem is that for most switches it works fine, but for some other it doesn't bring any output(if I access the switch manually, it returns the information fine), that's why I'm also trying telnetlib.... also authentication fails when I try to access tacacs managed devices, but I workaround this issue by sending authentication as commands (in another script)...
Thanks.
09-15-2017 12:19 PM - edited 09-15-2017 01:47 PM
Hm... it worked when I replaced the "show version" by:
tn.write("conf t\r\n")
time.sleep(2)
tn.write("hostname R1\n")
time.sleep(2)
tn.write("end\n")
time.sleep(2)
tn.write("wr mem\n")
Logs attached.
To apply the commands it's working fine. Any help on how to extract configuration?
Thanks
09-15-2017 02:53 PM
09-16-2017 11:00 AM - edited 09-16-2017 11:52 AM
It works, thank you very much Francesco! You helped a lot!
I made some adjustments to reflect my needs, follows the script attached for reference.
The next step I need to do is somehow parse the txt files created with each switch config and then determine if on each switch port, a given feature is enable(for instance portsecurity, dhcp snooping, etc)... Do you think Pexpect can help on this matter or do you know any other library that could help? The idea is to import a list of IPs and extract (in csv, txt, or any other readable format) a summary report... sth like:
switch1:
interface fa0/1: feature 1:OK, feature 2: Disabled
interface fa0/2: feature 1:OK, feature 2: Disabled
....
switch2:
interface fa0/1: feature 1:OK, feature 2: OK
interface fa0/2: feature 1:OK, feature 2: OK
....
...and so on and so fourth.
ps: Just a side note..if I'm not wrong, on the main function, in the ip option, it was passing "iprtr", while the function cmd_ip expects just "ip".
Thanks.
09-16-2017 12:19 PM
hm..I found ciscoconfparse library. I believe this is exactly what I need.
09-16-2017 12:37 PM
Hi
Happy that helped you.
If that helped, please select as validated answer and helpful.
The link from github was 1 of the methode I was gonna to answer you.
The other method would be to do the same thing and compare everything. But more complex than using a library already existing.
09-19-2017 03:22 PM
Hi!
Sorry I have been out on business and was unable to get back to you.
So during one of my testing is that it did configure in global config mode the aaa
but it did not configure it for line con0 or aux
I am thinking the prompt changed from global config to line config and that may have something to do with it but I havent tested since.
I will get back to you this week.
09-19-2017 03:50 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide