cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
654
Views
0
Helpful
3
Replies

cisco cli headache

pawelkostera
Level 1
Level 1

Hi,

Would anybody have any experience or a good idea, how to tackle this problem ? :

- Have +300 cisco switches, each with has its own local vlans; each port configured for portsecurity/sticky/max 1

-  need to change the portsecurity to max 2, but only on some vlans ( or  to be more specific on vlans which belongs to one specific vrf);

I would really appreciate any good suggestion on how to automate this process;

Best Regards

Pawel

3 Replies 3

Andras Dosztal
Level 3
Level 3

Assuming you don't have central management like CiscoWorks, I'd recommend executing shell/Expect scripts from a Linux box, in these steps:

  1. Create a directory, enter into it.
  2. Create text files with the devices' names (i.e. switch01.txt)
  3. Create the Expect script below, add executable rights
  4. Create the shell script below, add executable rights
  5. Run the shell script like this: ./myscript CLI_USER CLI_PASS
  6. Ta-dah

This is not a fancy way, but it worked for me before. Please check all scripts as I only wrote them now without testing. Also note that there's no error checking, you have to check all data manually before executing the script.

Expect script:

#!/usr/bin/expect

set timeout 60

set host [lindex $argv 0]

set fname [lindex $argv 1]

set user [lindex $argv 2]

set password [lindex $argv 3]

spawn telnet "$host"

expect "Username:"

send "$user\n"

expect "Password: "

send "$password\n"

expect "#"

send "conf t\n"

expect "#"

set fp [open "$fname" r]

set file_data [read $fp]

set data [split $file_data "\n"]

foreach line $data {

        send "interface $line\n"

        expect "#"

        send "port security max-mac-count 2\n"

        expect "#"

}

send "end\n"

expect "#"

send "wri\n"

expect "#"

send "q\n"

expect eof

Shell script:

#!/bin/sh

for DEVICE_FILE in `ls *.txt`

do

     HOST=`echo $DEVICE | cut -d "." -f 1

     ./myexpectscript $HOST $DEVICE_FILE $1 $2

done

Andras Dosztal
Level 3
Level 3

One more thing. The script above assumes you have level 15 priveledge. If not, you need to add the enable command and its password to the Expect script.

Hi,

Thanks for quick replay, but the reale challenge I'm having here is to identify which ports should be reconfigured;

So, only ports which belong to a specific vlan should  be changed (there is over 300 vlans which should be changed out of a few  thousands other vlans);

Wath would be the best aprouch to make list of all of this switch/ports mapping?

Pawel

Review Cisco Networking for a $25 gift card