Solved

automate telnet login and excute cisco command procedures (batch)

Posted on 2004-08-26
14
39,536 Views
Last Modified: 2012-08-13
    I have asked this question before and noone replied. So here it goes again. I have like 25-30 switchs on my network; 2950s to be exact. I need to log into each switch and copy each config over to a central repository for disaster recovery or a way to log into each switch and run some commands like mac-address-table for all ports on a particular switch. The point is i need to automate the login and excute cisco command procedures (batch the procedure). Telnet through DOS doesn't enable you to feed a password to it as far is i know. There is a program called "expect" that i guess has that capability but im short on tutorials and resources to configure the program. Has anyone done this and how?
0
Comment
Question by:Fubyou
  • 6
  • 2
  • 2
  • +4
14 Comments
 
LVL 11

Expert Comment

by:PennGwyn
Comment Utility
We use Kermit as a scriptable console for this.

0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
You can use the advanced version of Hyperterm. It's called HyperAccess and it allows you to build scripts to automate tasks like that.

http://www.hilgraeve.com/hyperaccess/win32/index.html

-Don
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
You know, I use Perl to do this sort of thing. You can install Perl on Windows. there is a module called Net::Telnet::Cisco that is written to understand Cisco prompts. I once wrote a script to tftp a bunch of configs to my machine so I could work with them, without having to take the time to do it by hand.

Of course, now I use Ciscoworks for that. But Perl is the perfect tool for your needs. Here's a script I wrote to do that. There were some quirks here, like we didn't need the enable password- they had a local user with privilege 15 (a really stupid idea). But the module above supports the enable password so that's not a problem, I've used it for other things since.

# USE -F OPTION TO READ LIST OF ROUTERS *OR*
# USE THESE INDIVIDUAL OPTIONS TO PULL AN INDIVIDUAL CONFIG:
# -h [hostname or IP]
# -p [password -optional- script will create standard station password]
# -u [username-probably "root"]
#
$username="[put a username here]"; # login name if needed
$infile="routerlist.txt"; # list of routers to read from
#
use Net::Telnet::Cisco;
use Getopt::Long;
GetOptions(
      "host=s"     =>      \$host,
      "password=s" =>      \$pass,
      "username=s" =>      \$username,
      "file"       => \$usefile,
);
if ($usefile) {
      open (LIST,"$infile") or die "Couldn't open file $infile";
      @list=<LIST>;
      foreach (@list) {
                  ($host)=split(/\s+/,$_);
                  &TELNET;
                  }
} else {
      &TELNET;
}
# End of script
      
sub TELNET {
      ($station) = $host =~/(^\w+)/;
      ($initial) = $host =~/(^\w)/;
      $pass = join '',$initial,"123",$station;
      $t = Net::Telnet::Cisco->new(
            Timeout => 10,
            Host    => $host
                  );
      $t->errmode("return");
      print "Trying $host\n";
      $t->login($username,$pass);
                  my @out=$t->cmd("copy start tftp");
                  my @out=$t->cmd("xxx.xxx.7.90");
                  my $out=$t->cmd("$station-router-confg");
                  print "downloading config...\n";
                  my $out=$t->cmd("");
                  $t->close;
}

And here a sample from "routerlist.txt"
a20-2509-router
a30-2509-router
a40-2509-router
a50-2509-router
a60-2509-router
a70-2509-router
a75-2610-router
a80-2509-router
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
So if you have a single password for all your switches and you always want to work off a list, you can just specify them like so. If you don't have a username, just don't put it in $t->login. If you have multiple passwords, put them on the same line as the router name (or IP) and use the split function to grab it.

$pass="password";
$enable="enable";
$username="[put a username here]"; # login name if needed
$infile="routerlist.txt"; # list of routers to read from
#
use Net::Telnet::Cisco;
open (LIST,"$infile") or die "Couldn't open file $infile";
     @list=<LIST>;
     foreach (@list) {
               ($host)=split(/\s+/,$_);
               &TELNET;
               }
}
     
sub TELNET {
     $t = Net::Telnet::Cisco->new(
          Timeout => 10,
          Host    => $host
               );
     $t->errmode("return");
     print "Trying $host\n";
     $t->login($username,$pass);
               my @out=$t->enable($enable);
               my @out=$t->cmd("copy start tftp");
               my @out=$t->cmd("xxx.xxx.7.90");
               my $out=$t->cmd("$station-router-confg");
               print "downloading config...\n";
               my $out=$t->cmd("");
               $t->close;
}
0
 

Author Comment

by:Fubyou
Comment Utility
mikebernhardt

Cisco Works for Windows 6.1 has the ability to automate this?? How exactlly is that.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Ciscoworks should be configured to automatcially tftp all of your device startup and running configs at regular intervals and upon changes, and archive them. You can view them any time. The Campus Manager can be used to look at MAC addresses, IPs, etc. on your switches.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
The RME module does all of your config management and downloading. I don't believe it's any different on Windows or Solaris.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility

CiscoWorks for Windows does not have the capability to automate that function. It is in the RME portion of CiscoWorks 2000.

You can try an application like Kiwi CATtools...
http://www.kiwisyslog.com/cattools2.htm

I like 1.x version better than the 2.x version, but that's just personal preference..


0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Well that sucks...

With perl as described above, you can get anything you want out of a router or switch. Of course, you have to learn a little perl... but if you have any scripting experience it's well worth it.  FYI, the above script pulled down 40-some-odd configs in like 5 minutes.
0
 

Author Comment

by:Fubyou
Comment Utility
Give me a couple days to award points im going to test the perl code you left. I pretty sure that perl is the right answer. I've done alot of cool programs in perl its a very powerful scripting language.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
Comment Utility
the main thing I had trouble with was making sure that the script was giving the correct responses to the router/switch during the telnet session. the device asks questions and you have to answer them correctly. But the questions may very slightly by device and IOS version. You might do a manual session, run copy start tftp and pay attention to the questions asked to make sure the script is going to respond correctly.
0
 

Expert Comment

by:sibleyc
Comment Utility
I've used the telnet scripting tool to get the configsfrom lots of switches and routers saved on a regular basis as you can automate it by adding it to your scheduled tasks. You can get it here
http://www.freewareweb.com/cgi-bin/archive.cgi?download=1&ID=645
Simple to use and set up but if you have any problems let me know.
0
 
LVL 1

Expert Comment

by:TroyGA
Comment Utility
Trying out the scripting took Sibleyc and having a few probs with it.  Seems that whenever it send the text to the screen it is duplicating the text, like local echo is turned on or something.  Have you seen this happen before?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Mikebernhardt,
Can you look here? We can use your expertise to create a telnet script for a PIX:
http://www.experts-exchange.com/Security/Firewalls/Q_21495231.html#14470973
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now