Previous section   Next section

Recipe 3.19 Automating the Login Sequence

3.19.1 Problem

You want to automate the process of logging into a router, so you don't have to type usernames, passwords, and common commands.

3.19.2 Solution

The following script automates the process of logging into the router using a scripting language called Expect. Expect can be used to automate interactive sessions (see Appendix A for more details). This script takes a router name or IP address as a command-line argument. It then performs an automated login sequence before returning the session back to you for a normal interactive session.

Here's an example of the output:

Freebsd% tel Router1
spawn telnet Router1
Trying 172.25.1.5...
Connected to Router1.
Escape character is '^]'.
   
User Access Verification
   
Username: ijbrown
Password: 
   
Router1>
Router1 - vty login ok
enable
Password: 
Router1#
Router1 - enable login ok
   
Router1#term mon
Router1#

Example 3-3 contains the Expect code.

Example 3-3. tel
#!/usr/local/bin/expect
#
#           tel -- a script to perform automated login onto a Cisco  
#                  router using either a hostname or IP address. 
#
#
# Set behaviour
set userid ijbrown
set vtypasswd oreilly 
set enablepwd cookbook
#
#
set timeout 10
set rtr [lindex $argv 0] 
spawn telnet $rtr
expect { 
         {Username}   { send "$userid\r"
                        expect {
                                  {*Password*} { send "$vtypasswd\r" }
                               }
                      }
         {telnet>}    { send_user "$rtr - telnet failed\n"
                       exit
                      }
         {Password}   { send "$vtypasswd\r" }
       }
      
expect {
         {Password}   { send_user "\n$rtr - vty login failed\n"
                        exit
                      }
         {Username}   { send_user "\n$rtr - vty login failed\n"
                        exit
                      }
         {>}          { send_user "\n$rtr - vty login ok\n" }
       }
         
 send "enable\r"
 expect "Password"
 send "$enablepwd\r" 
#
 expect {
          {*#}        { send_user "\n$rtr - enable login ok\n" }
 
          {*>}        { send_user "\n$rtr - enable login failed\n"
                        exit
                      }
          {Password}  { send_user "\n$rtr - enable login failed\n"
                        exit
                      }
        }
# 
send "\r"
expect "*#*"
send "term mon\r"
# 
interact

3.19.3 Discussion

This script is intended to save you time when you have to repeatedly log into routers. The tel script connects to the VTY and sends the login sequence before returning the session back to you. The script can login to routers that use local usernames, AAA authentication, or the default VTY/enable passwords. You can also use it to submit router commands before returning control to the end user. Since the script can respond immediately to the various router prompts, the entire login sequence is much faster than what a human can type.

This script also notifies the user when it experiences problems in the login sequence and it displays the entire sequence so that you can follow its progress on the screen. If the script experiences a problem, it will usually terminate with an appropriate error message, if possible. It also includes a global timeout variable to ensure that problems do not hang the user session. The default global timeout is 10 seconds.

This script requires Expect to be on the server and located in the /usr/local/bin directory. You will also need to set a few variables. First, the userid variable must be set to your router username, which is either the locally administered username or your AAA username. If your router does not prompt for usernames, the script ignores this variable. Second, the variable vtypasswd must be set to the password associated with your username. If your router is not configured to use usernames, use the VTY password. Third, the variable enablepwd must be set to the router's enable password.

You should store this script in your home directory with read, write, and execute privileges restricted to yourself. This ensures that unauthorized users cannot view your ID and password (which are stored in clear-text) or use the script to log into a device using your credentials:

 Freebsd% chmod 700 tel

Many corporate security organizations frown on storing unencrypted passwords in flat files. Check your security guidelines before using this script.

The final step in the script login sequence is to submit useful commands before returning the session back to the user. This time-saving step automatically submits commands that you use regularly. By default, the script will send the terminal monitor command before terminating; however, you can easily add other commands. You can also modify the script to send a standard set of commands and then exit from the router without needing to turn over control.

The tel script has proven to be an invaluable tool during the writing of this book. We have used it literally thousands of times to save countless keystrokes in the process. Think of it as a preventative measure to avoid carpal tunnel syndrome.

3.19.4 See Also

Recipe 3.1; Recipe 3.3; Chapter 4


  Previous section   Next section
Top