Pages

Oct 17, 2013

Automating Cisco configuration tasks with perl and SNMP, or, I work smarter because I'm lazy

My job as a network engineer is one which lends itself to automating repetitive tasks. I was also, for some period of time, reporting to a manager whose approach to IT expenditure was to ignore our pleas to spend money to avert a spectacular disaster until that disaster occurred, either because he didn't understand the problems we told him would occur, or because after it blew up it was an easier sell to the business. Due to the poor funding of everything, engineer toolsets were the last thing that got any money, and due to that paucity I have achieved some success in implementing complex control systems with some very simple tools using Linux shell and perl scripts. After successive generations of improvement, I wanted to share these with the engineer community.

One of the earliest toolsets I built utilized SNMP to back up the configuration of our Cisco routers and switches. From there it was a simple step to use this save running configurations to backup configurations, and to push out configuration changes. Note that these tools assume you have:
  • A Linux server with
    • a writable TFTP directory
    • SNMP tools using a default SNMP string
    • Perl installed
    • The necessary Cisco MIBs installed, though you could go look up the numeric equivalent OIDs and substitute them. 

Just copy these into a directory in your path and make them executable.


Our first is handy if you forgot to "wr mem" (or "copy run start" when they deprecate that) before exiting the console. It is also useful after the push command below once you've confirmed the new config has no issues and wish to make it persist across reboots.Just "freeze" it.


#!/usr/bin/perl
####################
#Script "freeze" tells the device to write running config to startup config# Hacked together by Sean Hoffman : real Perl programmers have permission to wince
#

use Shell;

#Generate a random number to slap on the tail of the OID
$time = time();
srand $time;
my $rand = int rand 1000;

## If hostname/IP is not given as an argument, complain.
if ($#ARGV < 0) {
    print "Please enter a hostname or IP!\n";
#Otherwise, proceed.
} else {
    print "Using $rand as random number, ";
    $ip = $ARGV[0];
    print "sending \'freeze\' SNMP strings to $ip ...\n";

    snmpset($ip, "CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.$rand i 4 CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.$rand i 3 CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.$rand i 4") or warn"On $ip could not set SNMP copy running config to startup config : $!";

}
 I use this one in a cron job to back up our configurations.
#!/usr/bin/perl
####################
# Script "snag" to ask device to write running config to TFTP server
# Hacked together by Sean Hoffman : real Perl programmers have permission to wince
#

use Shell;

#Generate a random number to slap on the tail of the OID
$time = time();
srand $time;
my $rand = int rand 1000;

my $my_hostname = hostname();

my $hostinfo = host($my_hostname);

($h, $has, $address, $my_ip) = split(' ',$hostinfo,4);
chomp $my_ip;

$date= date("+%Y-%b%d-%H%M");
chomp $date;

## If hostname/IP is not given as an argument, complain.
if ($#ARGV < 0) {
        print "Please enter a hostname or IP!\n";
#Otherwise, proceed.
} else {

    print "Using $rand as random number, ";

        $ip = $ARGV[0];
    print "sending \'snag\' SNMP strings to $ip ...\n";

    snmpset($ip, "CISCO-CONFIG-COPY-MIB::ccCopyProtocol.$rand i 1 CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.$rand i 4 CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.$rand i 1 CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.$rand a $my_ip CISCO-CONFIG-COPY-MIB::ccCopyFileName.$rand s $ip-$date CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.$rand i 4") or warn "On $ip could not set SNMP values for TFTP copy : $!";

}
Finally, this one allows us to push out a file containing IOS configuration to a device by asking it to download a file using TFTP and apply it to the running configuration.  Equivalent to "copy tftp://servername/filename running-config" except you can run it on hundreds of devices in minutes. (Testing this in a test environment, need it be said, is recommended.)
#!/usr/bin/perl
####################
#Script "push" to tell device to modify its running config using a file via TFTP
# Hacked together by Sean Hoffman : real Perl programmers have permission to wince
#

use Shell;

#Generate a random number to slap on the tail of the OID
$time = time();
srand $time;
my $rand = int rand 1000;

my $my_hostname = hostname();

my $hostinfo = host($my_hostname);

($h, $has, $address, $my_ip) = split(' ',$hostinfo,4);
chomp $my_ip;


$date= date("+%m%d%y-%H%M");
chomp $date;

## If hostname/IP is not given as an argument, complain.
if ($#ARGV < 1) {
        print "Usage push \[filename\] \[host\]:\n";

#Otherwise, proceed.
} else {
   
    print "Using $rand as random number, ";
        $file = $ARGV[0];
    $ip = $ARGV[1];
    chomp $host;

    print "applying $file to $ip ...\n";


    snmpset($ip, "CISCO-CONFIG-COPY-MIB::ccCopyProtocol.$rand i 1 CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.$rand i 1 CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.$rand i 4 CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.$rand a $my_ip CISCO-CONFIG-COPY-MIB::ccCopyFileName.$rand s $file CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.$rand i 4") or warn "On $ip could set not push config with SNMP : $!";

    print "\tIf you do not see errors above please perform testing!\n";
}
 I welcome your comments. If you find this useful, feel free to drop me five bucks with Paypal.

 

No comments:

Post a Comment