Using SNMP to authenticate to Cisco switch and run a script to make configuration changes

What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
 
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.

I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.

Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl

use Expect;
use Net::Ping;

# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);

$subnet ="192.168",

##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);

while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);

@addresses = ("$x",);

###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");

for my $o (1 .. 254)
{
    $pi="$subnet.$x.". $o;
        if ($p->ping($pi)) {
    print "$pi is alive.\n";

$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example

foreach (@addresses)
        {
                $hostname = shift;
                $sshcommand = shift;
                $hostname = "$pi";
                $sshcommand = $SNMPGET_CMD;
                print("$sshcommand\n");
                switchupdate();

        }


sub switchupdate {

        my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";


);

        $switch->expect(30,
                [ qr/#/i,
                sub {
                        my $cmd = shift;
                        foreach (@commands)
                                {
                                        $cmd->send("$_\n");
                                }
                }],
        );


        $switch->soft_close();
}

        } else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
    print "$pi is not reachable.\n";
        }
}
}

Open in new window

icewiperAsked:
Who is Participating?
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Remember any SNMP version less than ver3 is PLAIN-TEXT, the community strings are not encrypted in anyway, so you could be giving away the ReadWrite "password". SSH is a much better way, the command line can easily be changed to suit the model being used. There are a number of RANCID and other expect type script that can help in this way: http://www.shrubbery.net/rancid/ You've clearly got perl experience, so 'expect' scripts like those in RANCID should be easy.
-rich
0
 
arnoldCommented:
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
0
 
giltjrConnect With a Mentor Commented:
I second richrumble's suggestion of RANCID.

We use it and it make life so much easier to make mass changes to routers/switches/anything it supports.

It also will check as often as you want for configuration changes, when there is a change, pull in a new copy of the config and you can use to to check for differences between changes.
0
 
icewiperAuthor Commented:
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.

I have been working with Expect, but would like to look into another process for running my scripts.

again, thanks for your ideas
0
 
giltjrCommented:
Using RANCID may make your life easier.  I setup scripts to run the RANCID scripts,  Example:

Scritpt #1 (I call it loop-update.sh) contains:

while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router  \\>\\> Z-$router.log
done < routerlist

File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:

    ./loop-update.sh myuserid mypassword commands

Where commands is a file that contains the commands I want to enter.  After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.