Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Using SNMP to authenticate to Cisco switch and run a script to make configuration changes

Posted on 2012-03-27
5
Medium Priority
?
468 Views
Last Modified: 2012-03-29
What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
 
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.

I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.

Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl

use Expect;
use Net::Ping;

# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);

$subnet ="192.168",

##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);

while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);

@addresses = ("$x",);

###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");

for my $o (1 .. 254)
{
    $pi="$subnet.$x.". $o;
        if ($p->ping($pi)) {
    print "$pi is alive.\n";

$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example

foreach (@addresses)
        {
                $hostname = shift;
                $sshcommand = shift;
                $hostname = "$pi";
                $sshcommand = $SNMPGET_CMD;
                print("$sshcommand\n");
                switchupdate();

        }


sub switchupdate {

        my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";


);

        $switch->expect(30,
                [ qr/#/i,
                sub {
                        my $cmd = shift;
                        foreach (@commands)
                                {
                                        $cmd->send("$_\n");
                                }
                }],
        );


        $switch->soft_close();
}

        } else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
    print "$pi is not reachable.\n";
        }
}
}

Open in new window

0
Comment
Question by:icewiper
5 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 37778207
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1050 total points
ID: 37778278
Remember any SNMP version less than ver3 is PLAIN-TEXT, the community strings are not encrypted in anyway, so you could be giving away the ReadWrite "password". SSH is a much better way, the command line can easily be changed to suit the model being used. There are a number of RANCID and other expect type script that can help in this way: http://www.shrubbery.net/rancid/ You've clearly got perl experience, so 'expect' scripts like those in RANCID should be easy.
-rich
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 450 total points
ID: 37778564
I second richrumble's suggestion of RANCID.

We use it and it make life so much easier to make mass changes to routers/switches/anything it supports.

It also will check as often as you want for configuration changes, when there is a change, pull in a new copy of the config and you can use to to check for differences between changes.
0
 

Author Closing Comment

by:icewiper
ID: 37780318
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.

I have been working with Expect, but would like to look into another process for running my scripts.

again, thanks for your ideas
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37781538
Using RANCID may make your life easier.  I setup scripts to run the RANCID scripts,  Example:

Scritpt #1 (I call it loop-update.sh) contains:

while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router  \\>\\> Z-$router.log
done < routerlist

File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:

    ./loop-update.sh myuserid mypassword commands

Where commands is a file that contains the commands I want to enter.  After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question