Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Using SNMP to authenticate to Cisco switch and run a script to make configuration changes

Posted on 2012-03-27
5
Medium Priority
?
457 Views
Last Modified: 2012-03-29
What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
 
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.

I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.

Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl

use Expect;
use Net::Ping;

# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);

$subnet ="192.168",

##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);

while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);

@addresses = ("$x",);

###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");

for my $o (1 .. 254)
{
    $pi="$subnet.$x.". $o;
        if ($p->ping($pi)) {
    print "$pi is alive.\n";

$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example

foreach (@addresses)
        {
                $hostname = shift;
                $sshcommand = shift;
                $hostname = "$pi";
                $sshcommand = $SNMPGET_CMD;
                print("$sshcommand\n");
                switchupdate();

        }


sub switchupdate {

        my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";


);

        $switch->expect(30,
                [ qr/#/i,
                sub {
                        my $cmd = shift;
                        foreach (@commands)
                                {
                                        $cmd->send("$_\n");
                                }
                }],
        );


        $switch->soft_close();
}

        } else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
    print "$pi is not reachable.\n";
        }
}
}

Open in new window

0
Comment
Question by:icewiper
5 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 37778207
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1050 total points
ID: 37778278
Remember any SNMP version less than ver3 is PLAIN-TEXT, the community strings are not encrypted in anyway, so you could be giving away the ReadWrite "password". SSH is a much better way, the command line can easily be changed to suit the model being used. There are a number of RANCID and other expect type script that can help in this way: http://www.shrubbery.net/rancid/ You've clearly got perl experience, so 'expect' scripts like those in RANCID should be easy.
-rich
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 450 total points
ID: 37778564
I second richrumble's suggestion of RANCID.

We use it and it make life so much easier to make mass changes to routers/switches/anything it supports.

It also will check as often as you want for configuration changes, when there is a change, pull in a new copy of the config and you can use to to check for differences between changes.
0
 

Author Closing Comment

by:icewiper
ID: 37780318
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.

I have been working with Expect, but would like to look into another process for running my scripts.

again, thanks for your ideas
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37781538
Using RANCID may make your life easier.  I setup scripts to run the RANCID scripts,  Example:

Scritpt #1 (I call it loop-update.sh) contains:

while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router  \\>\\> Z-$router.log
done < routerlist

File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:

    ./loop-update.sh myuserid mypassword commands

Where commands is a file that contains the commands I want to enter.  After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question