asked on

Automate the modification of exec banners on multiple cisco routers.

Hi Experts,

Have a question regarding how best to automate the change of exec banner contents on multiple cisco routers via SSH login.

The exec-banner contains a lot of different information, but only a small portion needs to be modified.

Is there a way to implement a script in the CLI to only change certain characters(words/numbers) inside the banner while leaving all other information untouched?

Thanks in advance!

asavener

You want to customize the banner on each device, or you want to put the same banner on multiple devices?

Predrag Jovic

The way to do it depends on what you want to achieve.
If you want to implement simple things (like hostname) you can use token and play a little with it...

Information Displayed in the Banner

$(hostname) - Displays the host name for the router.
$(domain) - Displays the domain name for the router.
$(line) - Displays the vty or tty (asynchronous) line number.
$(line-desc) - Displays the description attached to the line.

example

switch# config t

switch(config)# banner motd #
Welcome to switch $(hostname).
Your tty line is $(line).
#

SIM50

I use python and pexpect library (linux only) to push out config changes to multiple switches/routers. If you are not very familiar with Linux, like I am, use Ubuntu.

Once you script it, I wouldn't worry about changing parts; replace the whole thing.

Checkout the link below for an example.
http://www.electricmonk.nl/log/2014/07/26/scripting-a-cisco-switch-with-python-and-expect/

SIM50

The actual script is below.

#!/usr/bin/python2.7

import pexpect

#global variables
switches = []
username = ""
password = ""
#enable_pw = ""

def MODIFYBANNER(switch_ip):
      child = pexpect.spawn('ssh %s@%s' % (username, switch_ip))
      child.expect('password:')
      child.sendline(password)
      #child.expect('>')
      #child.sendline('enable')
      #child.expect('Password:')
      #child.sendline(enable_pw)
      child.expect('#')
      child.sendline('conf t')
      child.expect('$config$#')
      child.sendline('banner login #')
      child.sendline('This system is for the use of authorized users only. Individuals')
      child.sendline('using this computer system are subject... the rest of this.#')
      child.expect('#')
      child.sendline('wr')
      child.expect('[OK]')
      child.expect('#')
      child.sendline('quit')
      print "Config change is complete on " + switch_ip

def main ():
      for switch_ip in switches:
            MODIFYBANNER(switch_ip)

if __name__ == '__main__':
      main()

synsynackack

ASKER

Hi Experts,

Thanks for all the prompt replies.

Just to further explain the situation, there are multiple routers in production all with preconfigured exec-banners.

The exec-banners look something like this:

banner exec ^C
#######################################################################
# #
# NETWORK DEVICE #
# #
# BASE VERSION: 5.2 #
# CONNECTION TYPE: DSL #
# TYPE: SITE #
# SITE MODS: NA #
# CONFIG VER: 10.5 #
# HW VER: 1.1 #
# #
#######################################################################^C

Is it possible to only change the numbers following 'CONFIG VER' in this case 10.5? while leaving everything else intact?

This would probably be easy to facilite by pasting a modified exec-banner to each router,
but the issue is each router has different CONNECTION TYPEs, HW VERSIONs and other properties in the banner.

Therefore, it would be way too time consuming to log into each router and do sh run | beg banner, copy, modify, paste....

Is there a way to automate this process Experts?

Hope this makes the situation abit more clear! Thanks!

synsynackack

ASKER

Is it possible to do with TCL scripting?

ASKER CERTIFIED SOLUTION

SIM50

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial