You want to make a configuration change to a large number of routers.
The Expect script in Example 1-2 makes the same configuration changes to a list of routers using Telnet. When it finishes running, the script produces a status report that identifies which devices, if any, failed to update properly. No arguments are required or expected.
#!/usr/local/bin/expect
#
# rtrcfg.exp -- a script to perform mass configuration changes to
# a list of routers using Telnet and Expect
#
#
# Set Behavior
set tftp "172.25.1.1"
set workingdir /home/cisco/rtr
#
puts stdout "Enter user name:"
gets stdin userid
system stty -echo
puts stdout "Enter login password:"
gets stdin vtypasswd
puts stdout "\nEnter enable password:"
gets stdin enablepwd
system stty echo
system "cp $workingdir/NEWCONFIG /tftpboot/NEWCONFIG"
set RTR [open "$workingdir/RTR_LIST" r]
set LOG [open "$workingdir/RESULT" w]
while {[gets $RTR router] != -1} {
if {[ string range $router 0 0 ] != "#"} {
set timeout 10
spawn telnet; expect "telnet>"; send "open $router\n"
expect {
{Username} { send "$userid\r"
expect {
{*Password*} { send "$vtypasswd\r" }
}
}
{Password} { send "$vtypasswd\r" }
timeout { puts $LOG "$router - telnet failed"
close; wait; continue
}
}
expect {
{Password} { puts $LOG "$router - vty login failed"
close; wait; continue
}
{Username} { puts $LOG "$router - vty login failed"
close; wait; continue
}
{>} { puts $LOG "$router - vty login ok" }
timeout { puts $LOG "$router - vty login failed"
close; wait; continue
}
}
send "enable\r"
expect "Password"
send "$enablepwd\r"
#
expect {
{*#} { puts $LOG "$router - enable login ok" }
{*>} { puts $LOG "$router - enable login failed"
close; wait; continue
}
timeout { puts $LOG "$router - enable login failed"
close; wait; continue
}
}
# CMDs
set timeout 30
send "copy tftp://$tftp/NEWCONFIG running-config\r"
expect "running-config"
send "\r"
expect {
{OK} { puts $LOG "$router - TFTP successful"}
timeout { puts $LOG "$router - TFTP failed"
close; wait; continue }
}
send "copy running-config startup-config\r\r\r"
expect {
{OK} { puts $LOG "$router - config saved"}
timeout { puts $LOG "$router - config failed"
close; wait; continue }
}
#CMDs
send "exit\r"; close; wait
}
}
close $RTR; close $LOG
system "rm /tftpboot/NEWCONFIG"
This script uses the Expect language to emulate how a human router engineer might perform a series of configuration updates via TFTP. The script logs into each router in a list and uses TFTP to download a set of configuration changes into the router's running configuration. It then saves the new configuration file to NVRAM and moves on to the next router in the list. Automating a routine but time-consuming procedure with a script like this saves time and decreases the chances of fatigue-induced errors.
The script is designed to work with either normal router passwords or the AAA-enabled username and password combinations described in Chapter 3. The script begins by asking you to supply a username. If one or more of your routers aren't configured to use AAA or local authentication, the script simply ignores this username and inserts the password.
After asking for a username, the script prompts you to enter your VTY or AAA password. Then the script asks for the enable password and begins to perform the required configuration changes.
|
You must change two variables in this script for it to work in your network. The first variable is called tftp. You must set this value to your TFTP server's IP address. The second variable you need to change is workingdir, which must contain the name of the directory that holds the list of routers, the file of configuration changes, and where the script will put its report.
The script is written in the Expect language and requires Expect to be loaded on your server and available in the /usr/local/bin directory. For more information on the Expect language, see Appendix A or Exploring Expect (O'Reilly).
The script expects to find two files in the working directory. The first, RTR_LIST, contains a list of router names, with one name on each line. The second file, NEWCONFIG, contains all of the required configuration changes. We also recommend that you put the configuration command end on the last line of the NEWCONFIG file to avoid the error messages that we mentioned in Recipe 1.1.
Here is a typical example of the sort of things you might put in the configuration file:
Freebsd% cat NEWCONFIG enable secret cisco end
Using this file, the script will log into all of the routers and change the enable secret password. You could put any number of commands in this configuration file, but because the exact same set of configuration commands will be downloaded into every router, you should never change anything that is unique to a particular router (such as an IP address) this way. This method is perfect for changing passwords, SNMP community strings, access lists, and other things that can be the same on all routers.
The script will copy the NEWCONFIG file into the /tftpboot directory so it can use TFTP to transfer it to each router. It is a good idea to ensure that your server's TFTP is working correctly before launching the script.
When the script finishes, it creates a status file called RESULT in the working directory. This status file contains detailed status reports of what happened on each router. The easiest way to see a list of the routers that the script failed to change is to use the Unix grep command to search for the keyword "fail":
Freebsd% grep fail RESULT toronto - enable login failed boston - telnet failed test - enable login failed frame - enable login failed
Recipe 1.1; Appendix A; Exploring Expect, by Don Libes (O'Reilly)
|
|
|
| Top |
