Current frustration...

deanwebb · March 08, 2017, 02:29:22 PM

Quote from: wintermute000 on March 08, 2017, 01:47:38 PM
Yes you can.... LOL

Every time we've tried to script it, we failed. Heck, even ASDM can't do it on an ASA, had to go to the CLI to get the job done.

What is your secret, man? WE MUST KNOW!!!

SofaKing · March 08, 2017, 02:32:37 PM

Performance reviews - I hate writing these up. Usually multiple objectives are the same as the previous but you have to write a small book for each objective so it becomes very redundant.

wintermute000 · March 08, 2017, 02:41:46 PM

python using raw commands. Definitely python as you can manually invoke pause. Of course you'd need at least telnet

dlots · March 08, 2017, 02:50:12 PM

If you are trying to do telnet you might look at telnetlib

I did a super crapy program to telnet into devices and try and find some info.

Code Select


                        user = each[0]
			password = each[1]
			print (user)
			tn = telnetlib.Telnet(ip)
#wait for Username: prompt
			tn.read_until(b"Username:")
#send username
			tn.write(user.encode('ascii') + b"\n")
			if password:
				print (password)
#wait for password prompt
				tn.read_until(b"Password: ")
#send password
				tn.write(password.encode('ascii') + b"\n")

wintermute000 · March 08, 2017, 05:10:37 PM

Quote from: deanwebb on March 08, 2017, 02:29:22 PM
Quote from: wintermute000 on March 08, 2017, 01:47:38 PM
Yes you can.... LOL

Every time we've tried to script it, we failed. Heck, even ASDM can't do it on an ASA, had to go to the CLI to get the job done.

What is your secret, man? WE MUST KNOW!!!

cheat mode ON as using netmiko module, but if I had time I could work it out with a manual library as I've done plenty of expect style pain before netmiko was a thing

Code Select

from netmiko import ConnectHandler

WAN1 = {
    'device_type': 'cisco_ios_telnet',
    'ip':   '172.17.1.151',
    'username': 'cisco',
    'password': 'cisco',
    'secret': 'cisco',     # optional, defaults to ''
    'verbose': True,       # optional, defaults to False
}

WAN2 = {
    'device_type': 'cisco_ios_telnet',
    'ip':   '172.17.1.152',
    'username': 'cisco',
    'password': 'cisco',
    'secret': 'cisco',     # optional, defaults to ''
    'verbose': True,       # optional, defaults to False
}


router_list = [WAN1,WAN2]

config_commands = ['crypto key generate rsa modulus 2048']

for router in router_list:
    net_connect = ConnectHandler(**router)
    net_connect.enable()
    output = net_connect.send_config_set(config_commands)
    print(output)
    net_connect.exit_enable_mode()

Code Select



ssh://ansible@192.168.145.129:22/usr/bin/python -u /home/ansible/generate-ssh-key/generate-ssh-key.py
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN1(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN1.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...end
WAN1#
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN2(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN2.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)


WAN2(config)#end
WAN2#

If this was serious you could easily whip up something to convert a CSV into a list of dictionary for the variables e.g. 1 per row

icecream-guy · March 09, 2017, 06:10:09 AM

Quote from: SofaKing on March 08, 2017, 02:32:37 PM
Performance reviews - I hate writing these up. Usually multiple objectives are the same as the previous but you have to write a small book for each objective so it becomes very redundant.

LOL I haven't had a performance review in like 5 years.
no perfomance review = no planned career growth..no meager raises. no self recommendations on how I can improve myself, no jabs at my performance, etc.
is it worth it?

deanwebb · March 09, 2017, 08:45:35 AM

I have to enter my objectives for 2017 today. That means copying and pasting the objectives our upper management said we should have. I'm not a manager, yet I have "Retain employees and reduce turnover" as a goal. I guess if I stay here through the next review cycle, I'll be 100% in that area.

Otanx · March 09, 2017, 09:25:00 AM

To add to Wintermute's suggestions you can also create SSH keys using SNMP. On Cisco it is OID - 1.3.6.1.4.1.9.9.339.1.1.2.1 so as long as you have a SNMP user setup you can script this without relying on SSH working before generating the key.

Cisco SNMP Object Navigator for that OID:
http://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.339.1.1.2.1#oidContent

-Otanx

wintermute000 · March 09, 2017, 02:47:29 PM

My script didn't need ssh working. It uses telnet
The ssh in the output is me running the python remotely LOL

wintermute000 · March 09, 2017, 08:43:50 PM

version 2. put your devices in a csv with the following headers. and yes, it uses telnet (observe device_type: cisco_ios_telnet)

Code Select


host,device_type,ip,username,password,secret
WAN1,cisco_ios_telnet,172.17.1.151,cisco,cisco,cisco
WAN2,cisco_ios_telnet,172.17.1.152,cisco,cisco,cisco

Code Select




from netmiko import ConnectHandler
import csv


config_commands = ['crypto key generate rsa modulus 2048']

with open('devices.csv','rb') as csvfile:
    devices = csv.DictReader(csvfile)
    for router in devices:
        print("***Executing script on device:")
        print(router)
        print("***Script Output:")
        net_connect = ConnectHandler(**router)
        net_connect.enable()
        output = net_connect.send_config_set(config_commands)
        print(output)
        print("***device end***")
        net_connect.exit_enable_mode()

Code Select


***Executing script on device:
{'username': 'cisco', 'ip': '172.17.1.151', 'secret': 'cisco', 'host': 'WAN1', 'device_type': 'cisco_ios_telnet', 'password': 'cisco'}
***Script Output:
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN1(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN1.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)


WAN1(config)#end
WAN1#
***device end***
***Executing script on device:
{'username': 'cisco', 'ip': '172.17.1.152', 'secret': 'cisco', 'host': 'WAN2', 'device_type': 'cisco_ios_telnet', 'password': 'cisco'}
***Script Output:
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN2(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN2.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)


WAN2(config)#end
WAN2#
***device end***

icecream-guy · March 10, 2017, 06:06:35 AM

think were getting off track here, the netmiko/telnet thing should probably be broken out into a different thread, as it's turning into more of a discussion than a frustration.

dlots · March 13, 2017, 12:15:40 PM

I was asked to write a program to take an export from one server, and make it so we could import it into another server... but both servers were ACS, so at least it was quite easy.

deanwebb · March 14, 2017, 10:57:22 AM

Waiting for the TAC callback on a case I had to reopen...

... and if they tell me the same resolution, this will be me:

SimonV · March 15, 2017, 03:29:03 AM

Too much projects at once, and they all want priority

deanwebb · March 15, 2017, 08:25:51 AM

LICENSING