Using SNMP to authenticate to Cisco switch and run a script to make configuration changes

What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
 
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.

I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.

Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl

use Expect;
use Net::Ping;

# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);

$subnet ="192.168",

##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);

while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);

@addresses = ("$x",);

###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");

for my $o (1 .. 254)
{
    $pi="$subnet.$x.". $o;
        if ($p->ping($pi)) {
    print "$pi is alive.\n";

$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example

foreach (@addresses)
        {
                $hostname = shift;
                $sshcommand = shift;
                $hostname = "$pi";
                $sshcommand = $SNMPGET_CMD;
                print("$sshcommand\n");
                switchupdate();

        }


sub switchupdate {

        my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";


);

        $switch->expect(30,
                [ qr/#/i,
                sub {
                        my $cmd = shift;
                        foreach (@commands)
                                {
                                        $cmd->send("$_\n");
                                }
                }],
        );


        $switch->soft_close();
}

        } else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
    print "$pi is not reachable.\n";
        }
}
}

Open in new window

icewiperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
0
Rich RumbleSecurity SamuraiCommented:
Remember any SNMP version less than ver3 is PLAIN-TEXT, the community strings are not encrypted in anyway, so you could be giving away the ReadWrite "password". SSH is a much better way, the command line can easily be changed to suit the model being used. There are a number of RANCID and other expect type script that can help in this way: http://www.shrubbery.net/rancid/ You've clearly got perl experience, so 'expect' scripts like those in RANCID should be easy.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
giltjrCommented:
I second richrumble's suggestion of RANCID.

We use it and it make life so much easier to make mass changes to routers/switches/anything it supports.

It also will check as often as you want for configuration changes, when there is a change, pull in a new copy of the config and you can use to to check for differences between changes.
0
icewiperAuthor Commented:
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.

I have been working with Expect, but would like to look into another process for running my scripts.

again, thanks for your ideas
0
giltjrCommented:
Using RANCID may make your life easier.  I setup scripts to run the RANCID scripts,  Example:

Scritpt #1 (I call it loop-update.sh) contains:

while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router  \\>\\> Z-$router.log
done < routerlist

File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:

    ./loop-update.sh myuserid mypassword commands

Where commands is a file that contains the commands I want to enter.  After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming Languages-Other

From novice to tech pro — start learning today.