icewiper
asked on
Using SNMP to authenticate to Cisco switch and run a script to make configuration changes
What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.
I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.
Below is a copy of my sample code i am working on.
any help would be greatly appreciated
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.
I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.
Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl
use Expect;
use Net::Ping;
# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);
$subnet ="192.168",
##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);
while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);
@addresses = ("$x",);
###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");
for my $o (1 .. 254)
{
$pi="$subnet.$x.". $o;
if ($p->ping($pi)) {
print "$pi is alive.\n";
$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example
foreach (@addresses)
{
$hostname = shift;
$sshcommand = shift;
$hostname = "$pi";
$sshcommand = $SNMPGET_CMD;
print("$sshcommand\n");
switchupdate();
}
sub switchupdate {
my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";
);
$switch->expect(30,
[ qr/#/i,
sub {
my $cmd = shift;
foreach (@commands)
{
$cmd->send("$_\n");
}
}],
);
$switch->soft_close();
}
} else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
print "$pi is not reachable.\n";
}
}
}
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.
I have been working with Expect, but would like to look into another process for running my scripts.
again, thanks for your ideas
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.
I have been working with Expect, but would like to look into another process for running my scripts.
again, thanks for your ideas
Using RANCID may make your life easier. I setup scripts to run the RANCID scripts, Example:
Scritpt #1 (I call it loop-update.sh) contains:
while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router \\>\\> Z-$router.log
done < routerlist
File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:
./loop-update.sh myuserid mypassword commands
Where commands is a file that contains the commands I want to enter. After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
Scritpt #1 (I call it loop-update.sh) contains:
while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router \\>\\> Z-$router.log
done < routerlist
File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:
./loop-update.sh myuserid mypassword commands
Where commands is a file that contains the commands I want to enter. After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.