def Modify_Conf(): parse = CiscoConfParse('cat.txt') #特定のI/FのVLAN番号を変更する #例:10、12番ポートのVLAN番号を変更する for i in range(25): if (i == 10): for intf in parse.find_objects(r'^interface GigabitEthernet0/' + str(i)): if (intf.has_child_with(r' switchport access vlan')): intf.delete_children_matching(r' switchport access vlan') parse.insert_after(r'^interface GigabitEthernet0/' + str(i), insertstr=' switchport access vlan 999', exactmatch=False, ignore_ws=False, atomic=False) parse.commit() elif (i == 12): for intf in parse.find_objects(r'^interface GigabitEthernet0/' + str(i)): if (intf.has_child_with(r' switchport access vlan')): intf.delete_children_matching(r' switchport access vlan') parse.insert_after(r'^interface GigabitEthernet0/' + str(i), insertstr=' switchport access vlan 999', exactmatch=False, ignore_ws=False, atomic=False) parse.commit() #新規ファイルに書き込み parse.save_as('cat2.txt')
def parse_config(host, addr): # search mgmt interface in .txt files # interface GigabitEthernet3 is MGMT interface txt_cfg = lab_folder + host + ".txt" mgmt_interface = "GigabitEthernet3" ip_param = "ip address " + addr + " 255.255.255.0" parse = CiscoConfParse(txt_cfg, factory=True) interface = parse.find_interface_objects(mgmt_interface) # add interface gig3 if interface == []: print("creating mgmt interface") parse.insert_before('line con 0', 'interface GigabitEthernet3') parse.commit() for obj in parse.find_interface_objects(mgmt_interface): obj.append_to_family('!') obj.append_to_family(' no shutdown') obj.append_to_family(' ' + ip_param) obj.append_to_family(' description MGMT') parse.commit() parse.save_as(txt_cfg) else: print("Interface already configured") pass
def Audit(): ## Parse the config parse = CiscoConfParse('conf.txt') for i in range(25): ## Add a new switchport at the bottom of the config... parse.append_line('interface FastEthernet0/' + str(i)) parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit() # commit() **must** be called before searching again ## Search and standardize the interfaces... standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## I'm illustrating regular expression usage in has_line_with() if not parse.has_line_with(r'^service\stimestamp'): ## prepend_line() adds a line at the top of the configuration parse.prepend_line( 'service timestamps debug datetime msec localtime show-timezone') parse.prepend_line( 'service timestamps log datetime msec localtime show-timezone') ## Write the new configuration parse.save_as('conf3.txt')
def convert_vrf(ios_conf_file, new_conf_file, vrf_name): xr_conf = CiscoConfParse(new_conf_file) vrf_attrib = IosVrfConfigParser.ios_get_vrf_attrib( ios_conf_file, vrf_name) if vrf_attrib['VRF_NAME']: print "create vrf config" xr_conf.append_line("vrf " + vrf_attrib['VRF_NAME']) xr_conf.append_line(" address-family ipv4 unicast") if vrf_attrib['EX_MAP']: print "create EXPORT Route-policy" for ex_map in vrf_attrib['EX_MAP']: xr_conf.append_line(" export route-policy " + ex_map) if vrf_attrib['IM_MAP']: print "create IMPORT Route-policy" for im_map in vrf_attrib['IM_MAP']: xr_conf.append_line(" export route-policy " + im_map) if vrf_attrib['RT_EXPORT']: print "create Export Route-Target " for rt_export in vrf_attrib['RT_EXPORT']: xr_conf.append_line(" export route-target " + rt_export) if vrf_attrib['RT_IMPORT']: print "create Import Route-Target " for rt_import in vrf_attrib['RT_IMPORT']: xr_conf.append_line(" export route-target " + rt_import) xr_conf.commit() xr_conf.save_as(new_conf_file)
## Add missing commands if is_switchport_access and (not has_stormcontrol): intf.append_to_family(' storm-control action trap') intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## remove dot1q trunk misconfiguration elif is_switchport_trunk: intf.delete_children_matching('port-security') ## Parse the config parse = CiscoConfParse('switch.conf') ## Add a new switchport at the bottom of the config... parse.append_line('interface GigabitEthernet1/0') parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit () ## Search and standardize the interfaces standardize_interfaces(parse) parse.commit() ## Add a line to the top of the config if not already there. if not parse.has_line_with(r'^service\stimestamp'): parse.prepend_line('service timestamps debug datetime msec localtime show-timezone') parse.prepend_line('service timestamps log datetime msec localtime show-timezone') ## Wrtite the config file now... parse.save_as('switch.conf.new')
SWversion = parse.re_match_iter_typed(r'^version\s(\S+)', default='no version') #print('SW Version: ' + SWversion) # Iterate over all the interface objects for intf_obj in parse.find_objects('^interface'): has_switchport_access = intf_obj.has_child_with( r'switchport mode access') has_shutdown = intf_obj.has_child_with(r'shutdown') has_netdescript = intf_obj.has_child_with( r'description.*(router|switch|uplink|circuit).*') if (has_switchport_access or has_shutdown) and not has_netdescript: interfaces.append(intf_obj.text) intf_obj.append_to_family( ' description **This Port Has Been NAC Enabled**') outFile.write(intf_obj.text) outFile.write( '\n description **This Port Has Been NAC Enabled**\n') #else: #print(intf_obj.text + ' did not meet critera and won\'t be modified') #Print interfaces which meet the child critera - for debugging print(*interfaces, sep=', ') #Close the new configuration file that only contains NAC additions outFile.close() #Write new file that contains complete config, including old and new lines parse.save_as(changes + '/' + filename + '.new')
primary_config.append_line(" standby 1 ip %s secondary" % ipv4_address.ip) primary_config.append_line(" standby 1 priority 255") primary_config.append_line(" standby 1 authentication md5 key-string vl%s" % vlan_id) primary_config.append_line("!") secondary_config.append_line("interface %s" % vlan_interface_string) secondary_config.append_line(" description *** VLAN SVI %s" % vlan_id) secondary_config.append_line(" ip address %s %s" % (secondary_ip, ipv4_addr.netmask)) for ipv4_address in add_ip_addresses: # determine secondary IP address if IPv4Address(ipv4_address.ip + 2) in ipv4_address.network.hosts(): secondary_ip = ipv4_address + 2 else: secondary_ip = ipv4_address - 2 secondary_config.append_line(" ip address %s %s secondary" % (secondary_ip.ip, ipv4_address.netmask)) secondary_config.append_line(" standby version 2") secondary_config.append_line(" standby 1 ip %s" % virtual_ip) for ipv4_address in add_ip_addresses: secondary_config.append_line(" standby 1 ip %s secondary" % ipv4_address.ip) secondary_config.append_line(" standby 1 priority 254") secondary_config.append_line(" standby 1 authentication md5 key-string vl%s" % vlan_id) secondary_config.append_line("!") # write results print("Write results...") primary_config.save_as(os.path.join(output_directory, primary_configuration_file)) secondary_config.save_as(os.path.join(output_directory, secondary_configuration_file))
intf.append_to_family( ' authentication event server dead action authorize voice') intf.append_to_family(' authentication host-mode multi-auth') intf.append_to_family(' switchport mode access') intf.append_to_family(' authentication open') intf.append_to_family(' authentication order dot1x mab') intf.append_to_family(' authentication priority mab dot1x') intf.append_to_family(' authentication port-control auto') intf.append_to_family(' authentication periodic') intf.append_to_family(' authentication timer reauthenticate server') intf.append_to_family(' mab') intf.append_to_family(' dot1x pae authenticator') intf.append_to_family(' dot1x timeout tx-period 3') ## Write the new configuration and save it as a file in a path of your choosing. parse.save_as(filename) driver = get_network_driver('ios') iosvl2 = driver(IP, username, password, optional_args={'global_delay_factor': 2}) iosvl2.open() print("Accessing" + device) iosvl2.load_merge_candidate(filename=filename) #if the config in the txt document is not present in the switch the config file will be added to the switch and then saved. #ip scp server enable needs to be added to the switch for this to work diffs = iosvl2.compare_config()
has_stormcontrol = intf.has_child_with(r' storm-control broadcast') is_switchport_access = intf.has_child_with(r'switchport mode access') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') ## Add missing features if is_switchport_access and (not has_stormcontrol): intf.append_to_family(' storm-control action trap') intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## Remove dot1q trunk misconfiguration... elif is_switchport_trunk: intf.delete_children_matching('port-security') intf.delete_children_matching('nonegotiate') #cust request 1 ## Parse the configs parse = CiscoConfParse('ios_audit.conf') # this is our input file ## Search and standardize the interfaces... standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## regular expression usage in has_line_with() to find if the config has a matching line if not parse.has_line_with(r'^service\stimestamp'): ## prepend_line() adds a line at the top of the configuration parse.prepend_line('service timestamps debug datetime msec localtime show-timezone') parse.prepend_line('service timestamps log datetime msec localtime show-timezone') parse.prepend_line('this config was hacked by Robert') ## Write the new configuration #customization request: make it output to .conf.new2 parse.save_as('ios_audit.conf.new2')
intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## remove dot1q trunk misconfiguration elif is_switchport_trunk: intf.delete_children_matching('port-security') ## Parse the config parse = CiscoConfParse('switch.conf') ## Add a new switchport at the bottom of the config... parse.append_line('interface GigabitEthernet1/0') parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit() ## Search and standardize the interfaces standardize_interfaces(parse) parse.commit() ## Add a line to the top of the config if not already there. if not parse.has_line_with(r'^service\stimestamp'): parse.prepend_line( 'service timestamps debug datetime msec localtime show-timezone') parse.prepend_line( 'service timestamps log datetime msec localtime show-timezone') ## Wrtite the config file now... parse.save_as('switch.conf.new')
parse.delete_lines(r'loop-detection') parse.delete_lines(r'errdisable recovery cause loop-detect') parse.delete_lines(r'errdisable recovery cause all') ## Cleans up vlan configuraiton. vlans = [ ('11', wifi_vlans), ('22', voice_vlan), ('24', facilitys_vlan), ('42', data_vlan), ('56', wifi_vlans) ] tagged_ports = lambda vlan: parse.replace_children( r'vlan\s+{0}'.format(vlan[0]), r'!', 'tagged ' + ' '.join([port_name(port) for port in sorted(vlan[1])]) ) port_name = lambda port: ' '.join([port.text[10:11], port.text[19:]]) parse.replace_all_children(r'vlan.*', r'[un]?tagged.*', '!') for x in vlans: tagged_ports(x) # parse.replace_all_children(r'vlan.*', r'REPLACE', '') ## Parse the config parse = CiscoConfParse('brocade_conf.cfg') ## Search and standardize the configuration standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## Write the new configuration parse.save_as('brocade_conf.cfg.new')
for intf in parse.find_objects(r'^interface.+?thernet'): vlan_id = intf.re_match_iter_typed(r'switchport access vlan (\S+)', default='') #If the interface is a switchport access without the dot1x it will be selected to have the below configuration added. is_switchport_access = intf.has_child_with(r'switchport access vlan') is_switchport_mode_trunk = intf.has_child_with(r'switchport mode trunk') #This is the config that will be applied to each of the selected interfaces with the variable vlan_id from the loop command from above. if is_switchport_access and (not is_switchport_mode_trunk): intf.append_to_family( ' device-tracking attach-policy ISE-DEVICE-TRACK-POL') intf.append_to_family( ' authentication event server dead action authorize vlan ' + vlan_id) intf.append_to_family( ' authentication event server dead action authorize voice') intf.append_to_family(' authentication host-mode multi-auth') intf.append_to_family(' switchport mode access') intf.append_to_family(' authentication open') intf.append_to_family(' authentication order dot1x mab') intf.append_to_family(' authentication priority dot1x mab') intf.append_to_family(' authentication port-control auto') intf.append_to_family(' authentication periodic') intf.append_to_family(' authentication timer reauthenticate server') intf.append_to_family(' mab') intf.append_to_family(' dot1x pae authenticator') intf.append_to_family(' dot1x timeout tx-period 3') ## Write the new configuration and save it as a file in a path of your choosing. parse.save_as('h:/Scripts/Cisco_Python/newswitchconfig.txt')
def convert_cfg_file(config, device_type, out_path, conversion_matrix): """Convert cfg file to other cfg file""" import os import re from ciscoconfparse import CiscoConfParse # Check if device type exist in conversion matrix if device_type in conversion_matrix: # Determine new filename new_filename = os.path.join(out_path, os.path.basename(config)) if os.path.isfile(new_filename): # Remove CFG if it exist os.remove(new_filename) # Parse cisco configuration with Ciscoconfparse parse = CiscoConfParse(config) # DELETE for item in conversion_matrix[device_type]["delete"]: if item[1] == None: # Check required fields continue elif item[0] != None: # Parent cmd is mentionned parent_object = parse.find_objects(item[0]) for parent in parent_object: # Delete child object in parent object parent.delete_children_matching(item[1]) else: # parent cmd is not mentionned cli_objects = parse.find_objects(item[1]) for cli_object in cli_objects: # Delete object and all child objects if exist cli_object.delete() # ADD for item in conversion_matrix[device_type]["add"]: if item[2] == None: # Check required fields continue elif item[0] != None: # parent cmd is mentionned parent_object = parse.find_objects(item[0]) parent_object_done = list( ) # This is to avoid duplicate added entries for parent in parent_object: parent_re = re.compile(parent.text) if parent.has_children == True: # Add space to child if they are child if parent.text not in parent_object_done: # Avoid duplicates entries nb_space = len(parent.text) - len( parent.text.lstrip()) + 1 parse.insert_after(parent_re, insertstr=" " * nb_space + item[2]) parent_object_done.append(parent.text) else: # Entry is at the root of cfg, no space added parse.insert_after(parent_re, insertstr=item[2]) else: # parent cmd is not mentionned parse.append_line(item[2]) # Write line at the end of the file # REPLACE for item in conversion_matrix[device_type]["replace"]: if item[1] == None or item[2] == None: # Check required fields continue if item[0] != None: # parent cmd is mentionned initial_cmd = re.compile(item[1]) parse.replace_children(item[0], initial_cmd, item[2]) else: # parent cmd is not mentionned initial_cmd = re.compile(item[1]) parse.replace_lines(initial_cmd, item[2]) # Write output to out_file parse.save_as(new_filename) else: new_filename = "Skipped (model unknown)" return new_filename
arp_ipv4_addr = IPv4Address(ipv4) # assign static arp entry to the VLAN SVI interface for vlan_svi in vlan_svis: svi_ipv4_network = IPv4Network(vlan_svi['ipv4_addr'] + "/" + vlan_svi['ipv4_netmask'], strict=False) if arp_ipv4_addr in svi_ipv4_network.hosts(): # extend the model if the correct IP network is found if "static_arps" not in vlan_svi.keys(): vlan_svi['static_arps'] = list() record = {'ipv4_host': ipv4, 'mac': mac} vlan_svi['static_arps'].append(record) # a static ARP is only defined on a single interface break print("Write results to file...") cisco_nxos_template = CiscoConfParse(['!']) for vlan_svi in vlan_svis: cisco_nxos_template.append_line("interface Vlan%s" % vlan_svi['vlan_id']) for static_arp in vlan_svi['static_arps']: cisco_nxos_template.append_line( " ip arp %s %s" % (static_arp['ipv4_host'], static_arp['mac'])) cisco_nxos_template.append_line('!') cisco_nxos_template.save_as( os.path.join(output_dir, "cisco_nxos_config.txt"))
## Remove dot1q trunk misconfiguration... elif is_switchport_trunk: intf.delete_children_matching('port-security') ## Parse the config parse = CiscoConfParse('short.conf') ## Add a new switchport at the bottom of the config... parse.append_line('interface FastEthernet0/4') parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit() # commit() **must** be called before searching again ## Search and standardize the interfaces... standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## I'm illustrating regular expression usage in has_line_with() if not parse.has_line_with(r'^service\stimestamp'): ## prepend_line() adds a line at the top of the configuration parse.prepend_line( 'service timestamps debug datetime msec localtime show-timezone') parse.prepend_line( 'service timestamps log datetime msec localtime show-timezone') ## Write the new configuration parse.save_as('short.conf.new')
def transform(filename): #1st Part with open(os.path.join(app.config['UPLOAD_FOLDER'],filename), "rU") as infile: p = CiscoConfParse(infile) objs = list() objs.extend(p.find_objects(r'^policy-map')) objs.extend(p.find_objects(r'ip\saccess-list')) objs.extend(p.find_objects(r'^class-map')) objs.extend(p.find_objects(r'^crypto pki')) objs.extend(p.find_objects(r'^track')) objs.extend(p.find_objects(r'^ip sla')) objs.extend(p.find_objects(r'^zone-pair')) objs.extend(p.find_objects(r'^archive')) objs.extend(p.find_objects(r'^banner ')) objs.extend(p.find_objects(r'^line ')) objs.extend(p.find_objects(r'^username')) objs.extend(p.find_objects(r'^logging ')) objs.extend(p.find_objects(r'^end')) objs.extend(p.find_objects(r'^access-list')) for obj in objs: obj.delete() for interface in p.find_objects_w_child('^interface', 'spanning-tree portfast'): interface.delete(interface) for interface in p.find_objects_w_child('^interface', 'switchport port-security'): interface.delete(interface) p.commit() p.save_as (os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt')) #2nd Part with open (os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt'), "rU") as file_parsed_2nd: with open(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'), "w") as outfile: security_lines = ['last','Last','version','service timestamps','service password','tcp-keepalives','marker','flow-','enable secret', 'csdb', 'ip accouting','timezone','aaa','ssh','snmp','service-policy','tacacs','privilege', 'alias','ntp','scheduler allocate','exec-timeout', 'service pad','syslog', 'small-servers','enable password','zone-member','zone security','ip http','mls','igmp', 'radius-server', 'forward-protocol','cdp','nagle','resource policy','gratuitous-arps','resource policy''control-plane', '-time','errdisable','#','Building configuration','Current configuration','memory-size iomem','no ip source-route', 'no ip bootp server','no ip domain lookup','no ipv6 cef','no logging console','multilink bundle-name authenticated', 'ip accounting','standby'] emptyline = ['\n', '\r\n'] for line in file_parsed_2nd: if not line in emptyline and not any(security_line in line for security_line in security_lines): outfile.write(line) # 3rd Part outfile.write('enable secret cisco\n') outfile.write('line vty 0 4\n') outfile.write(' password cisco\n') outfile.write(' no access-class 23 in\n') outfile.write('end\n') outfile.write('!\n') return send_file(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'))
for intf in parse.find_objects(r'^interface.+?thernet'): vlan_id = intf.re_match_iter_typed(r'switchport access vlan (\S+)', default='') #If the interface is a switchport access without the dot1x it will be selected to have the below configuration added. is_switchport_access = intf.has_child_with( r'switchport access vlan') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') #This is the config that will be applied to each of the selected interfaces with the variable vlan_id from the loop command from above. if is_switchport_access and (not is_switchport_trunk): intf.append_to_family( ' authentication event server dead action authorize vlan ' + vlan_id) intf.append_to_family( ' authentication event server dead action authorize voice') intf.append_to_family(' authentication host-mode multi-auth') intf.append_to_family(' switchport mode access') intf.append_to_family(' authentication open') intf.append_to_family(' authentication order dot1x mab') intf.append_to_family(' authentication priority mab dot1x') intf.append_to_family(' authentication port-control auto') intf.append_to_family(' authentication periodic') intf.append_to_family( ' authentication timer reauthenticate server') intf.append_to_family(' mab') intf.append_to_family(' dot1x pae authenticator') intf.append_to_family(' dot1x timeout tx-period 3') ## Write the new configuration and save it as a file in a path of your choosing. parse.save_as('H:\Scripts\Cisco_Python\sw_' + device + '.txt')
def transform(filename): #1st Part with open(os.path.join(app.config['UPLOAD_FOLDER'], filename), "rU") as infile: p = CiscoConfParse(infile) objs = list() objs.extend(p.find_objects(r'^policy-map')) objs.extend(p.find_objects(r'ip\saccess-list')) objs.extend(p.find_objects(r'^class-map')) objs.extend(p.find_objects(r'^crypto pki')) objs.extend(p.find_objects(r'^track')) objs.extend(p.find_objects(r'^ip sla')) objs.extend(p.find_objects(r'^zone-pair')) objs.extend(p.find_objects(r'^archive')) objs.extend(p.find_objects(r'^banner ')) objs.extend(p.find_objects(r'^line ')) objs.extend(p.find_objects(r'^username')) objs.extend(p.find_objects(r'^logging ')) objs.extend(p.find_objects(r'^end')) objs.extend(p.find_objects(r'^access-list')) for obj in objs: obj.delete() for interface in p.find_objects_w_child('^interface', 'spanning-tree portfast'): interface.delete(interface) for interface in p.find_objects_w_child('^interface', 'switchport port-security'): interface.delete(interface) p.commit() p.save_as( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt')) #2nd Part with open(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt'), "rU") as file_parsed_2nd: with open( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'), "w") as outfile: security_lines = [ 'last', 'Last', 'version', 'service timestamps', 'service password', 'tcp-keepalives', 'marker', 'flow-', 'enable secret', 'csdb', 'ip accouting', 'timezone', 'aaa', 'ssh', 'snmp', 'service-policy', 'tacacs', 'privilege', 'alias', 'ntp', 'scheduler allocate', 'exec-timeout', 'service pad', 'syslog', 'small-servers', 'enable password', 'zone-member', 'zone security', 'ip http', 'mls', 'igmp', 'radius-server', 'forward-protocol', 'cdp', 'nagle', 'resource policy', 'gratuitous-arps', 'resource policy' 'control-plane', '-time', 'errdisable', '#', 'Building configuration', 'Current configuration', 'memory-size iomem', 'no ip source-route', 'no ip bootp server', 'no ip domain lookup', 'no ipv6 cef', 'no logging console', 'multilink bundle-name authenticated', 'ip accounting', 'standby' ] emptyline = ['\n', '\r\n'] for line in file_parsed_2nd: if not line in emptyline and not any( security_line in line for security_line in security_lines): outfile.write(line) # 3rd Part outfile.write('enable secret cisco\n') outfile.write('line vty 0 4\n') outfile.write(' password cisco\n') outfile.write(' no access-class 23 in\n') outfile.write('end\n') outfile.write('!\n') return send_file( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'))
rg = re.compile(re1, re.IGNORECASE | re.DOTALL) l2agg = rg.search(text) if l2agg: for intf in parse.find_objects(r'^interface.+?thernet'): has_qos_trust = intf.has_child_with(r' mls qos trust dscp') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') is_switchport_infra = intf.has_child_with(r'INFRA:TRUNK*.*') if (is_switchport_trunk and is_switchport_infra) and (not has_qos_trust): cfgdiff.append_line("!") cfgdiff.append_line(intf.text) cfgdiff.append_line("mls qos trust dscp") cfgdiff.save_as(config_file + '_new') print("Config Created with _new extension for L2AGG") else: for intf in parse.find_objects(r'^interface.+?thernet'): has_qos_trust = intf.has_child_with(r' mls qos trust dscp') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') is_switchport_infra = intf.has_child_with(r'INFRA:TRUNK*.*') is_switchport_access = intf.has_child_with(r'switchport mode access') is_switchport_shutdown = intf.has_child_with(r'shutdown') if (is_switchport_trunk and is_switchport_infra) and (not has_qos_trust): cfgdiff.append_line("!") cfgdiff.append_line(intf.text) cfgdiff.append_line("mls qos trust dscp") elif (is_switchport_access and
# now we create an IP address object from the ARP entry arp_ipv4_addr = IPv4Address(ipv4) # assign static arp entry to the VLAN SVI interface for vlan_svi in vlan_svis: svi_ipv4_network = IPv4Network(vlan_svi['ipv4_addr'] + "/" + vlan_svi['ipv4_netmask'], strict=False) if arp_ipv4_addr in svi_ipv4_network.hosts(): # extend the model if the correct IP network is found if "static_arps" not in vlan_svi.keys(): vlan_svi['static_arps'] = list() record = { 'ipv4_host': ipv4, 'mac': mac } vlan_svi['static_arps'].append(record) # a static ARP is only defined on a single interface break print("Write results to file...") cisco_nxos_template = CiscoConfParse(['!']) for vlan_svi in vlan_svis: cisco_nxos_template.append_line("interface Vlan%s" % vlan_svi['vlan_id']) for static_arp in vlan_svi['static_arps']: cisco_nxos_template.append_line(" ip arp %s %s" % (static_arp['ipv4_host'], static_arp['mac'])) cisco_nxos_template.append_line('!') cisco_nxos_template.save_as(os.path.join(output_dir, "cisco_nxos_config.txt"))
# Script to find what interfaces have an "ip helper-address" # Uses ciscoconfparse library, make sure its installed #Importing the necessary modules. import os from ciscoconfparse import CiscoConfParse os.chdir("c:\\configs") for filename in os.listdir(os.getcwd()): parse = CiscoConfParse(filename, factory=True, syntax='ios') obj_list = parse.find_objects_dna(r'Hostname') inf_w_help = parse.find_parents_w_child(parentspec=r"^interface", childspec=r"ip helper-address") hostn = obj_list[0].hostname print hostn for interface in inf_w_help: print interface print("Write results to file...") newconfig = CiscoConfParse([]) newconfig.append_line(hostn) for interface in inf_w_help: newconfig.append_line(interface) newconfig.append_line('ip helper-address my.new.ip.add1') newconfig.commit() newconfig.save_as(hostn + '_newconfig.txt')
if (ipv4_addr.ip_object + 1) in ipv4_network.hosts(): primary_ip = ipv4_addr.ip_object + 1 secondary_ip = ipv4_addr.ip_object + 2 else: primary_ip = ipv4_addr.ip_object - 1 secondary_ip = ipv4_addr.ip_object - 2 # now add the configuration to the change scripts primary_config.append_line("interface %s" % vlan_interface_string) primary_config.append_line(" description *** VLAN SVI %s" % vlan_id) primary_config.append_line(" ip address %s %s" % (primary_ip, ipv4_addr.netmask)) primary_config.append_line(" standby version 2") primary_config.append_line(" standby 1 ip %s" % virtual_ip) primary_config.append_line(" standby 1 priority 255") primary_config.append_line(" standby 1 authentication md5 key-string vl%s" % vlan_id) primary_config.append_line("!") secondary_config.append_line("interface %s" % vlan_interface_string) secondary_config.append_line(" description *** VLAN SVI %s" % vlan_id) secondary_config.append_line(" ip address %s %s" % (secondary_ip, ipv4_addr.netmask)) secondary_config.append_line(" standby version 2") secondary_config.append_line(" standby 1 ip %s" % virtual_ip) secondary_config.append_line(" standby 1 priority 254") secondary_config.append_line(" standby 1 authentication md5 key-string vl%s" % vlan_id) secondary_config.append_line("!") # write results print("Write results...") primary_config.save_as(os.path.join(output_directory, primary_configuration_file)) secondary_config.save_as(os.path.join(output_directory, secondary_configuration_file))
original_config.write(out) original_config.close() parse = CiscoConfParse(original_config_filename) # Add required configuration under interface configuration (reading new commands from file) for intf in parse.find_objects(r'^interface.+?thernet'): is_access_vlan_users = intf.has_child_with( r'switchport access vlan ' + str(vlan)) if is_access_vlan_users: for cmd in commands_list: intf.append_to_family(" " + str(cmd)) ## save the new configuration in file new_config_filename = "new_config" + "_" + ip_address_of_device parse.save_as(new_config_filename) ## delete unnecessary lines 'Building configuration' 'size' .. lines = open(new_config_filename).readlines() open(new_config_filename, 'w').writelines(lines[3:-1]) ## open the new configuration file and push it to device with open(new_config_filename) as n: cfg_commands = n.read().splitlines() output = net_connect.send_config_set(cfg_commands) net_connect.disconnect() print(output)
re1='(ag)' rg = re.compile(re1,re.IGNORECASE|re.DOTALL) l2agg = rg.search(text) if l2agg: for intf in parse.find_objects(r'^interface.+?thernet'): has_qos_trust = intf.has_child_with(r' mls qos trust dscp') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') is_switchport_infra = intf.has_child_with(r'INFRA:TRUNK*.*') if (is_switchport_trunk and is_switchport_infra) and (not has_qos_trust): cfgdiff.append_line("!") cfgdiff.append_line(intf.text) cfgdiff.append_line("mls qos trust dscp") cfgdiff.save_as(config_file+'_new') print ("Config Created with _new extension for L2AGG") else: for intf in parse.find_objects(r'^interface.+?thernet'): has_qos_trust = intf.has_child_with(r' mls qos trust dscp') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') is_switchport_infra = intf.has_child_with(r'INFRA:TRUNK*.*') is_switchport_access = intf.has_child_with(r'switchport mode access') is_switchport_shutdown = intf.has_child_with(r'shutdown') if (is_switchport_trunk and is_switchport_infra) and (not has_qos_trust): cfgdiff.append_line("!") cfgdiff.append_line(intf.text) cfgdiff.append_line("mls qos trust dscp") elif (is_switchport_access and (not is_switchport_shutdown)) and (not has_qos_trust): cfgdiff.append_line("!")