def main():
data = yaml_ops.read_yaml("lag_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
system_info_dict = system.get_system_info(**session_dict)
platform_name = system_info_dict['platform_name']
# Create VLANs and L2 LAG; assign VLANs as trunk VLANs on LAG
for l2_lag_data in data['l2_lags']:
# Create VLANs
for vlan_id in l2_lag_data['trunk_vlans']:
vlan.create_vlan(vlan_id, "vlan%s" % vlan_id, **session_dict)
# Create L2 LAG, add L2 ports to the LAG, and assign VLANs as trunk VLANs on the LAG
lag.create_l2_lag_interface(
l2_lag_data.get('name'),
l2_lag_data.get('interfaces'),
vlan_ids_list=l2_lag_data.get('trunk_vlans'),
lacp_mode=l2_lag_data.get('lacp_mode'),
mc_lag=l2_lag_data.get('mc_lag'),
**session_dict)
# Create L3 LAGs
for l3_lag_data in data['l3_lags']:
# Create L3 LAG and add L2 ports to the LAG
lag.create_l3_lag_interface(l3_lag_data.get('name'),
l3_lag_data.get('interfaces'),
l3_lag_data.get('ipv4'),
lacp_mode=l3_lag_data.get('lacp_mode'),
desc=l3_lag_data.get('description'),
**session_dict)
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def main():
data = yaml_ops.read_yaml("loop_protect_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
system_info_dict = system.get_system_info(
params={"selector": "configuration"}, **session_dict)
# Clear Loop-protect settings on Interface
loop_protect.clear_port_loop_protect(data['interfacename'],
**session_dict)
# Initialize L2 Interface
interface.initialize_interface(data['interfacename'], **session_dict)
# Delete L2 LAGs:
for l2_lag_data in data['lags']:
# Delete VLANs
for vlan_id in l2_lag_data['trunk_vlans']:
vlan.delete_vlan(vlan_id, **session_dict)
# Clear Loop-protect settings on LAG
loop_protect.clear_port_loop_protect(l2_lag_data.get('name'),
**session_dict)
# Delete LAG
lag.delete_lag_interface(l2_lag_data['name'],
l2_lag_data.get('interfaces'),
**session_dict)
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def main():
data = yaml_ops.read_yaml("vrf_vlan_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url)
system_info_dict = system.get_system_info(params={"selector": "configuration"}, **session_dict)
pprint.pprint(system_info_dict)
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def _create_vsx(role,
isl_port,
keepalive_peer,
keepalive_src,
keepalive_vrf,
vsx_mac,
keepalive_port=7678,
**kwargs):
"""
Perform a POST call to create VSX commands
:param role: Alphanumeric role that the system will be in the VSX pair. The options are "primary" or "secondary"
:param isl_port: Alphanumeric name of the interface that will function as the inter-switch link
:param keepalive_peer: Alphanumeric IP address of the VSX Peer that will be reached as the keepalive connection.
:param keepalive_src: Alphanumeric IP address on the switch that will function as the keepalive connection source.
:param keepalive_vrf: Alphanumeric name of the VRF that the keepalive connection will reside on.
:param vsx_mac: Alphanumeric MAC address that will function as the VSX System MAC.
:param kwargs:
keyword s: requests.session object with loaded cookie jar
keyword url: URL in main() function
:return: Nothing
"""
current_vsx = system.get_system_info(**kwargs)
if 'vsx' in current_vsx:
print(
"FAIL: Creating VSX Role '%s' on vrf %s. There is already an existing VSX setup."
% (role, keepalive_vrf))
else:
if role not in ['primary', 'secondary']:
raise Exception(
"ERROR: VSX role should be 'primary' or 'secondary'")
# Checks if the ISL Port is a physical interface or a Lag. If an interface, replace the slashes
if isl_port[0].isdigit():
isl_port = common_ops._replace_special_characters(isl_port)
isl_port_uri = "/rest/v10.04/system/interfaces/" + isl_port
vsx_data = {
"config_sync_disable": False,
"config_sync_features": [],
"device_role": role,
"isl_port": {
isl_port: isl_port_uri
},
"isl_timers": {
"hello_interval": 1,
"hold_time": 0,
"peer_detect_interval": 300,
"timeout": 20
},
"keepalive_peer_ip": keepalive_peer,
"keepalive_src_ip": keepalive_src,
"keepalive_timers": {
"dead_interval": 3,
"hello_interval": 1
},
"keepalive_udp_port": keepalive_port,
"keepalive_vrf": {
keepalive_vrf: "/rest/v10.04/system/vrfs/" + keepalive_vrf,
},
"linkup_delay_timer": 180,
"split_recovery_disable": False,
"system_mac": vsx_mac
}
target_url = kwargs["url"] + "system/vsx"
post_data = json.dumps(vsx_data, sort_keys=True, indent=4)
response = kwargs["s"].post(target_url,
data=post_data,
verify=False,
timeout=2)
if not common_ops._response_ok(response, "POST"):
print(
"FAIL: Creating VSX Role '%s' on vrf %s failed with status code %d"
% (role, keepalive_vrf, response.status_code))
else:
print("SUCCESS: Creating VSX Role '%s' succeeded on vrf %s" %
(role, keepalive_vrf))
def main():
data = yaml_ops.read_yaml("qos_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
system_info_dict = system.get_system_info(**session_dict)
platform_name = system_info_dict['platform_name']
# Create empty queue profile
qos.create_queue_profile(data['queueprofilename'], **session_dict)
# Add entries to queue profile
for i in range(0, 5):
qos.create_queue_profile_entry(data['queueprofilename'], i, [i],
**session_dict)
for i in range(5, 7):
qos.create_queue_profile_entry(data['queueprofilename'], i,
[i + 1], **session_dict)
qos.create_queue_profile_entry(data['queueprofilename'],
7, [5],
desc="VOICE",
**session_dict)
# Create empty schedule profile
qos.create_schedule_profile(data['scheduleprofilename'],
**session_dict)
# Add entries to schedule profile
# Scheduling algorithms: 8400 uses WFQ; other platforms use DWRR
if "8400" in platform_name:
algorithm = "wfq"
else:
algorithm = "dwrr"
for i in range(0, 7):
qos.create_schedule_profile_entry(data['scheduleprofilename'],
i,
algorithm,
weight=i + 1,
**session_dict)
qos.create_schedule_profile_entry(data['scheduleprofilename'], 7,
"strict", **session_dict)
# Apply profiles globally
qos.apply_profiles_globally(data['queueprofilename'],
data['scheduleprofilename'],
**session_dict)
# Set trust globally
qos.set_trust_globally('dscp', **session_dict)
# Remap DSCP code points' priorities
qos.remap_dscp_entry(40,
color='green',
local_priority=6,
desc='CS5',
**session_dict)
for i in range(41, 46):
qos.remap_dscp_entry(i,
color='green',
local_priority=6,
**session_dict)
qos.remap_dscp_entry(47,
color='green',
local_priority=6,
**session_dict)
# Create empty traffic class
qos.create_traffic_class(data['trafficclass']['name'],
data['trafficclass']['type'], **session_dict)
# Create traffic class entry
qos.create_traffic_class_entry(data['trafficclass']['name'],
data['trafficclass']['type'], "match",
10, **session_dict)
# Version-up the traffic class to complete the change
qos.update_traffic_class(data['trafficclass']['name'],
data['trafficclass']['type'], **session_dict)
# Create empty classifier policy
qos.create_policy(data['policy']['name'], **session_dict)
# Add entry to classifier policy
qos.create_policy_entry(data['policy']['name'],
data['trafficclass']['name'],
data['trafficclass']['type'], 10,
**session_dict)
# Set action on the policy entry
qos.create_policy_entry_action(data['policy']['name'],
10,
dscp=0,
pcp=0,
**session_dict)
# Version-up the policy to complete the change
qos.update_policy(data['policy']['name'], **session_dict)
# Create LAGs and set trust mode on the LAG interfaces
for lag_data in data['lags']:
lag.create_l2_lag_interface(lag_data['name'],
lag_data['interfaces'], **session_dict)
qos.set_trust_interface(lag_data['name'], lag_data['qostrust'],
**session_dict)
# Create L2 interface
interface.add_l2_interface(data['portrateinterface'], **session_dict)
if platform_name.startswith("6"):
unknown_unicast_limit = None
unknown_unicast_units = None
else:
unknown_unicast_limit = 30
unknown_unicast_units = 'pps'
# Set rate limits on the L2 interface
qos.update_port_rate_limits(
data['portrateinterface'],
broadcast_limit=50,
broadcast_units='pps',
multicast_limit=40,
multicast_units='pps',
unknown_unicast_limit=unknown_unicast_limit,
unknown_unicast_units=unknown_unicast_units,
**session_dict)
# Create L2 interface
interface.add_l2_interface(data['portpolicyinterface'], **session_dict)
# Apply policy to L2 interface
qos.update_port_policy(data['portpolicyinterface'],
data['policy']['name'], **session_dict)
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def main():
data = yaml_ops.read_yaml("acl_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
if not data['version']:
data['version'] = "v10.04"
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
session_dict['platform_name'] = system.get_system_info(
**session_dict).get('platform_name')
# Clear Egress ACLs from L3 interface
acl.clear_interface_acl(data['L3egressinterface'],
acl_type="aclv4_out",
**session_dict)
# Clear Ingress ACLs from L2 interface
acl.clear_interface_acl(data['ipv4L2ingressinterface'],
acl_type="aclv4_in",
**session_dict)
acl.clear_interface_acl(data['ipv6L2ingressinterface'],
acl_type="aclv6_in",
**session_dict)
# Clear Ingress ACLs from LAG interface
acl.clear_interface_acl(data['LAGname'],
acl_type="aclv4_in",
**session_dict)
# Detach ACL from VLAN
vlan.detach_vlan_acl(data['aclVLANid'], "ipv4", **session_dict)
# Remove and initialize L2 and L3 interfaces
interface.initialize_interface(data['L3egressinterface'],
**session_dict)
interface.initialize_interface(data['ipv4L2ingressinterface'],
**session_dict)
interface.initialize_interface(data['ipv6L2ingressinterface'],
**session_dict)
interface.initialize_interface(data['interfaceVLAN'], **session_dict)
# Remove LAG and initialize associated L2 interfaces
lag.delete_lag_interface(data['LAGname'], data['LAGinterfaces'],
**session_dict)
for LAGinterface in data['LAGinterfaces']:
interface.initialize_interface(LAGinterface, **session_dict)
# Delete VLAN
vlan.delete_vlan(data['aclVLANid'], **session_dict)
# For each ACL that was configured
for pair_dict in [{
"name": data['ipv4aclname'],
"type": "ipv4"
}, {
"name": data['ipv6aclname'],
"type": "ipv6"
}, {
"name": data['macaclname'],
"type": "mac"
}]:
# Delete ACL entries
for i in range(10, 60, 10):
acl.delete_acl_entry(pair_dict["name"], pair_dict["type"], i,
**session_dict)
# Delete the ACL
acl.delete_acl(pair_dict["name"], pair_dict["type"],
**session_dict)
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def main():
data = yaml_ops.read_yaml("access_security_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
system_info_dict = system.get_system_info(**session_dict)
platform_name = system_info_dict['platform_name']
# Only execute workflow if the platform is in the 6xxx series
if platform_name.startswith("6"):
# Unconfigure RADIUS server host
access_security.delete_radius_host_config(
data['radius_server_host']['vrf'],
data['radius_server_host']['hostname'],
passkey=data['radius_server_host']['passkey'],
**session_dict)
# Disable 802.1x globally
access_security.enable_disable_dot1x_globally(enable=False,
**session_dict)
# Remove 802.1x from the L2 interface
access_security.remove_auth_method_interface(
data['802.1x']['port'], "802.1x", **session_dict)
# Initialize L2 interface
interface.initialize_interface(data['802.1x']['port'],
**session_dict)
# Disable MAC authentication globally
access_security.enable_disable_mac_auth_globally(enable=False,
**session_dict)
# Remove MAC authentication from the L2 interface
access_security.remove_auth_method_interface(
data['mac_auth']['port'], "mac-auth", **session_dict)
# Initialize L2 interface
interface.initialize_interface(data['mac_auth']['port'],
**session_dict)
# Disable port security globally
access_security.enable_disable_port_security_globally(
enable=False, **session_dict)
# Clear reserved VLAN value for tunneled clients
access_security.clear_ubt_client_vlan(**session_dict)
# Delete reserved VLAN for tunneled clients
vlan.delete_vlan(data['vlan']['id'], **session_dict)
# Delete user-based-tunneling (UBT) zone
access_security.remove_ubt_zone(data['zone']['vrf_name'],
**session_dict)
# Remove port access role
access_security.remove_port_access_role(data['role']['name'],
**session_dict)
# Remove MAC authentication from the client port
access_security.remove_auth_method_interface(
data['client_port']['port'], "mac-auth", **session_dict)
# Clear limit of maximum allowable authorized clients on the client port
access_security.clear_port_access_clients_limit(
data['client_port']['port'], **session_dict)
# Initialize L2 interface
interface.initialize_interface(data['client_port']['port'],
**session_dict)
# Remove source IP address for UBT
access_security.remove_source_ip_ubt(
data['ubt_source_ip']['vrf_name'], **session_dict)
else:
print("This workflow only applies to access platforms!")
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)
def main():
data = yaml_ops.read_yaml("access_security_data.yaml")
if not data['switchip']:
data['switchip'] = input("Switch IP Address: ")
if data['bypassproxy']:
os.environ['no_proxy'] = data['switchip']
os.environ['NO_PROXY'] = data['switchip']
base_url = "https://{0}/rest/{1}/".format(data['switchip'],
data['version'])
try:
session_dict = dict(s=session.login(base_url, data['username'],
data['password']),
url=base_url)
system_info_dict = system.get_system_info(**session_dict)
platform_name = system_info_dict['platform_name']
# Only execute workflow if the platform is in the 6xxx series
if platform_name.startswith("6"):
# Configure RADIUS server host
access_security.create_radius_host_config(
data['radius_server_host']['vrf'],
data['radius_server_host']['hostname'],
passkey=data['radius_server_host']['passkey'],
**session_dict)
# Enable 802.1x globally
access_security.enable_disable_dot1x_globally(enable=True,
**session_dict)
# Create L2 interface
interface.add_l2_interface(data['802.1x']['port'], **session_dict)
# Configure 802.1x on the L2 interface
access_security.configure_dot1x_interface(
data['802.1x']['port'],
auth_enable=data['802.1x']['auth_enable'],
cached_reauth_enable=data['802.1x']['cached_reauth_enable'],
cached_reauth_period=data['802.1x']['cached_reauth_period'],
discovery_period=data['802.1x']['discovery_period'],
eapol_timeout=data['802.1x']['eapol_timeout'],
max_requests=data['802.1x']['max_requests'],
max_retries=data['802.1x']['max_retries'],
quiet_period=data['802.1x']['quiet_period'],
reauth_enable=data['802.1x']['reauth_enable'],
reauth_period=data['802.1x']['reauth_period'],
**session_dict)
# Enable MAC authentication globally
access_security.enable_disable_mac_auth_globally(enable=True,
**session_dict)
# Create L2 interface
interface.add_l2_interface(data['mac_auth']['port'],
**session_dict)
# Configure MAC authentication on the L2 interface
access_security.configure_mac_auth_interface(
data['mac_auth']['port'],
auth_enable=data['mac_auth']['auth_enable'],
cached_reauth_enable=data['mac_auth']['cached_reauth_enable'],
cached_reauth_period=data['mac_auth']['cached_reauth_period'],
quiet_period=data['mac_auth']['quiet_period'],
reauth_enable=data['mac_auth']['reauth_enable'],
reauth_period=data['mac_auth']['reauth_period'],
**session_dict)
# Enable port security globally
access_security.enable_disable_port_security_globally(
enable=True, **session_dict)
# Create reserved VLAN for tunneled clients
vlan.create_vlan(data['vlan']['id'], data['vlan']['name'],
**session_dict)
# Set reserved VLAN for tunneled clients
access_security.set_ubt_client_vlan(data['vlan']['id'],
**session_dict)
# Create user-based-tunneling (UBT) zone
access_security.create_ubt_zone(
data['zone']['name'],
data['zone']['vrf_name'],
enable=data['zone']['enable'],
pri_ctrlr_ip_addr=data['zone']['pri_ctrlr_ip_addr'],
sac_heartbeat_interval=data['zone']['sac_heartbeat_interval'],
uac_keepalive_interval=data['zone']['uac_keepalive_interval'],
**session_dict)
# Create port access role
access_security.create_port_access_role(
data['role']['name'],
gateway_zone=data['role']['gateway_zone'],
ubt_gateway_role=data['role']['ubt_gateway_role'],
vlan_mode=data['role']['vlan_mode'],
vlan_tag=data['role']['vlan_tag'],
**session_dict)
# Create L2 interface
interface.add_l2_interface(data['client_port']['port'],
**session_dict)
# Enable MAC authentication on client port
access_security.configure_mac_auth_interface(
data['client_port']['port'],
auth_enable=data['client_port']['auth_enable'],
reauth_enable=data['client_port']['reauth_enable'],
cached_reauth_enable=data['client_port']
['cached_reauth_enable'],
**session_dict)
# Set maximum limit of allowable authorized clients on the client port
access_security.set_port_access_clients_limit(
data['client_port']['port'],
data['client_port']['clients_limit'], **session_dict)
# Set source IP address for UBT
access_security.set_source_ip_ubt(
data['ubt_source_ip']['vrf_name'],
data['ubt_source_ip']['ip_addr'], **session_dict)
else:
print("This workflow only applies to access platforms!")
except Exception as error:
print('Ran into exception: {}. Logging out..'.format(error))
session.logout(**session_dict)