Solved

Using SNMP to authenticate to Cisco switch and run a script to make configuration changes

Posted on 2012-03-27
5
445 Views
Last Modified: 2012-03-29
What i am trying to do it use a form of SNMP to just authenticate and connect into a cisco switch.
 
I run a script from my linux box and log in right now with SSH (username and password)
to make any configuration changes as of now.

I would like to connect using the RW community string and make any configuration changes that way.
I do know you can copy the configuration and make your changes and copy it back to the switch. but having 500+ switches and all different models, I just like to make this as simple as possible if I can.

Below is a copy of my sample code i am working on.
any help would be greatly appreciated
#!/usr/bin/perl

use Expect;
use Net::Ping;

# Insert commands desired here.
@commands =
(
'my edits would go here to write to the configuration', <-- example edits here
'end', <-- example edits here
'wr', <-- example edits here
' ', <-- example edits here
);

$subnet ="192.168",

##### ONLY EDIT THE THIRD OCTET HERE - DELETE, ADD OR CHANGE ******
my @thirdoct = (1, 2, 6, 7, 8, 9);

while(scalar(@thirdoct) > 0)
{
my $x = shift(@thirdoct);

@addresses = ("$x",);

###### PINGS IP ADDRESS AND WILL ONLY SSH INTO LIVE HOSTS ######
my $p = Net::Ping->new("icmp");

for my $o (1 .. 254)
{
    $pi="$subnet.$x.". $o;
        if ($p->ping($pi)) {
    print "$pi is alive.\n";

$SNMPGET_CMD = "snmpset -c <community> -v 1 $pi .1.3.6.1.4.1.9.9.25.1.1.1.2.4"; <-- example

foreach (@addresses)
        {
                $hostname = shift;
                $sshcommand = shift;
                $hostname = "$pi";
                $sshcommand = $SNMPGET_CMD;
                print("$sshcommand\n");
                switchupdate();

        }


sub switchupdate {

        my $switch = Expect->spawn($sshcommand) or die "Cannot spawn $sshcommand: $!\n";


);

        $switch->expect(30,
                [ qr/#/i,
                sub {
                        my $cmd = shift;
                        foreach (@commands)
                                {
                                        $cmd->send("$_\n");
                                }
                }],
        );


        $switch->soft_close();
}

        } else {
###### IF IP ADDRESS IS NOT PINGABLE IT TELL YOU AND MOVES ON TO THE NEXT ADDRESS ######
    print "$pi is not reachable.\n";
        }
}
}

Open in new window

0
Comment
Question by:icewiper
5 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 37778207
You can not run scripts using snap, you could depending on what you need use a read write community to update the device using snmp set packet.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 350 total points
ID: 37778278
Remember any SNMP version less than ver3 is PLAIN-TEXT, the community strings are not encrypted in anyway, so you could be giving away the ReadWrite "password". SSH is a much better way, the command line can easily be changed to suit the model being used. There are a number of RANCID and other expect type script that can help in this way: http://www.shrubbery.net/rancid/ You've clearly got perl experience, so 'expect' scripts like those in RANCID should be easy.
-rich
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 150 total points
ID: 37778564
I second richrumble's suggestion of RANCID.

We use it and it make life so much easier to make mass changes to routers/switches/anything it supports.

It also will check as often as you want for configuration changes, when there is a change, pull in a new copy of the config and you can use to to check for differences between changes.
0
 

Author Closing Comment

by:icewiper
ID: 37780318
I agree with you guys on the rational behind SNMP.
I was looking to make a script become less of a hassle when writing changes to our switches.
In short, i should look into more alternative solutions.

I have been working with Expect, but would like to look into another process for running my scripts.

again, thanks for your ideas
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37781538
Using RANCID may make your life easier.  I setup scripts to run the RANCID scripts,  Example:

Scritpt #1 (I call it loop-update.sh) contains:

while read router
do
/usr/sbin/clogin -u $1 -v $2 -e $@ -x $3 $router  \\>\\> Z-$router.log
done < routerlist

File routerlist contains the IP addresses of each device I want to perform the function on.
You execute the script by issuing the command:

    ./loop-update.sh myuserid mypassword commands

Where commands is a file that contains the commands I want to enter.  After all is said and done, you will have a file for each router in the file routerlist named Z-xxxxxx.log where xxxxxxx is the IP address.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
groupNoAdj 7 97
cisco switch POE watt limitation 5 78
Zip Folders Using Chilkat Routines 1 41
Expanding Subnet Mask 20 111
The purpose of this article is to demonstrate how we can use conditional statements using Python.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question