def main(): data = yaml_ops.read_yaml("vlan_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Delete all DHCP relays for interface dhcp.delete_dhcp_relays(data['vlanportname'], "default", **session_dict) # Delete VLAN and SVI vlan.delete_vlan_and_svi(data['vlanid'], data['vlanportname'], **session_dict) # Initialize L2 interface interface.initialize_interface(data['physicalport'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("ospf_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] if not data['version']: data['version'] = "v10.04" base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Create OSPFv2 ID ospf.create_ospf_id(data['ospfv2vrf'], data['ospfv2id'], **session_dict) # Create an OSPFv2 Area for OSPF ID ospf.create_ospf_area(data['ospfv2vrf'], data['ospfv2id'], data['ospfv2area'], **session_dict) # Create IPv4 L3 interface interface.add_l3_ipv4_interface(data['l3interfacev2'], data['l3interfacev2ipaddress'], **session_dict) interface.enable_disable_interface(data['l3interfacev2'], data['l3interfacestatusv2'], **session_dict) # Attach L3 interface to OSPF ID ospf.create_ospf_interface(data['ospfv2vrf'], data['ospfv2id'], data['ospfv2area'], data['l3interfacev2'], **session_dict) ospf.update_ospf_interface_authentication(data['ospfv2vrf'], data['ospfv2id'], data['l3interfacev2'], data['ospfv2auth'], data['ospfv2digestkey'], data['ospfv2password'], **session_dict) # Create OSPFv3 ID ospf.create_ospfv3_id(data['ospfv3vrf'], data['ospfv3id'], **session_dict) # Create an OSPFv3 Area for OSPF ID ospf.create_ospfv3_area(data['ospfv3vrf'], data['ospfv3id'], data['ospfv3area'], **session_dict) # Create IPv6 L3 interface interface.add_l3_ipv6_interface(data['l3interfacev3'], data['l3interfacev3ipaddress'], **session_dict) interface.enable_disable_interface(data['l3interfacev3'], data['l3interfacestatusv3'], **session_dict) # Attach L3 interface to OSPFv3 ID ospf.create_ospfv3_interface(data['ospfv3vrf'], data['ospfv3id'], data['ospfv3area'], data['l3interfacev3'], **session_dict) ospf.update_ospf_interface_authentication(data['ospfv3vrf'], data['ospfv3id'], data['l3interfacev2'], data['ospfv3auth'], data['ospfv3digestkey'], data['ospfv3password'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("lag_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info(**session_dict) platform_name = system_info_dict['platform_name'] # Create VLANs and L2 LAG; assign VLANs as trunk VLANs on LAG for l2_lag_data in data['l2_lags']: # Create VLANs for vlan_id in l2_lag_data['trunk_vlans']: vlan.create_vlan(vlan_id, "vlan%s" % vlan_id, **session_dict) # Create L2 LAG, add L2 ports to the LAG, and assign VLANs as trunk VLANs on the LAG lag.create_l2_lag_interface( l2_lag_data.get('name'), l2_lag_data.get('interfaces'), vlan_ids_list=l2_lag_data.get('trunk_vlans'), lacp_mode=l2_lag_data.get('lacp_mode'), mc_lag=l2_lag_data.get('mc_lag'), **session_dict) # Create L3 LAGs for l3_lag_data in data['l3_lags']: # Create L3 LAG and add L2 ports to the LAG lag.create_l3_lag_interface(l3_lag_data.get('name'), l3_lag_data.get('interfaces'), l3_lag_data.get('ipv4'), lacp_mode=l3_lag_data.get('lacp_mode'), desc=l3_lag_data.get('description'), **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("vlan_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) vlan.create_vlan_and_svi(data['vlanid'], data['vlanname'], data['vlanportname'], data['vlaninterfacename'], data['vlandescription'], data['vlanip'], vlan_port_desc=data['vlanportdescription'], **session_dict) # Add DHCP helper IPv4 addresses for SVI dhcp.add_dhcp_relays(data['vlanportname'], "default", data['ipv4helperaddresses'], **session_dict) # Add a new entry to the Port table if it doesn't yet exist interface.add_l2_interface(data['physicalport'], **session_dict) # Update the Interface table entry with "user-config": {"admin": "up"} interface.enable_disable_interface(data['physicalport'], **session_dict) # Set the L2 port VLAN mode as 'access' vlan.port_set_vlan_mode(data['physicalport'], "access", **session_dict) # Set the access VLAN on the port vlan.port_set_untagged_vlan(data['physicalport'], data['vlanid'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("loop_protect_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info( params={"selector": "configuration"}, **session_dict) # Clear Loop-protect settings on Interface loop_protect.clear_port_loop_protect(data['interfacename'], **session_dict) # Initialize L2 Interface interface.initialize_interface(data['interfacename'], **session_dict) # Delete L2 LAGs: for l2_lag_data in data['lags']: # Delete VLANs for vlan_id in l2_lag_data['trunk_vlans']: vlan.delete_vlan(vlan_id, **session_dict) # Clear Loop-protect settings on LAG loop_protect.clear_port_loop_protect(l2_lag_data.get('name'), **session_dict) # Delete LAG lag.delete_lag_interface(l2_lag_data['name'], l2_lag_data.get('interfaces'), **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("vrf_vlan_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'],data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info(params={"selector": "configuration"}, **session_dict) pprint.pprint(system_info_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("lag_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Delete L2 LAGs: for l2_lag_data in data['l2_lags']: # Delete VLANs for vlan_id in l2_lag_data['trunk_vlans']: vlan.delete_vlan(vlan_id, **session_dict) # Remove the L2 ports from the LAG and delete the LAG lag.delete_lag_interface(l2_lag_data.get('name'), l2_lag_data.get('interfaces'), **session_dict) # Delete L3 LAGs: for l3_lag_data in data['l3_lags']: # Remove the L2 ports from the LAG and delete the LAG lag.delete_lag_interface(l3_lag_data.get('name'), l3_lag_data.get('interfaces'), **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("ospf_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] if not data['version']: data['version'] = "v1" base_url = "https://{0}/rest/{1}/".format(data['switchip'],data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Initialize L3 interfaces interface.initialize_interface(data['l3interfacev3'], **session_dict) interface.initialize_interface(data['l3interfacev2'], **session_dict) # Remove an OSPFv3 Area for OSPF ID ospf.delete_ospfv3_area(data['ospfv3vrf'], data['ospfv3id'], data['ospfv3area'], **session_dict) # Remove an OSPFv2 Area for OSPF ID ospf.delete_ospf_area(data['ospfv2vrf'], data['ospfv2id'], data['ospfv2area'], **session_dict) # Remove OSPFv3 ID ospf.delete_ospfv3_id(data['ospfv3vrf'], data['ospfv3id'], **session_dict) # Remove OSPFv2 ID ospf.delete_ospf_id(data['ospfv2vrf'], data['ospfv2id'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("loop_protect_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Create VLANs and L2 LAG; assign VLANs as trunk VLANs on LAG for l2_lag_data in data['lags']: # Create VLANs for vlan_id in l2_lag_data['trunk_vlans']: vlan.create_vlan(vlan_id, "vlan%s" % vlan_id, **session_dict) # Create L2 LAG and assign VLANs as trunk VLANs on the LAG lag.create_l2_lag_interface( data['lags'][0]['name'], data['lags'][0]['interfaces'], vlan_ids_list=data['lags'][0]['trunk_vlans'], lacp_mode=data['lags'][0]['lacp_mode'], mc_lag=data['lags'][0]['mc_lag'], **session_dict) # Add a new entry to the Port table if it doesn't yet exist interface.add_l2_interface(data['interfacename'], **session_dict) vlan.port_add_vlan_trunks(data['interfacename'], data['lags'][0]['trunk_vlans'], **session_dict) # Update the Interface table entry with "user-config": {"admin": "up"} interface.enable_disable_interface(data['interfacename'], **session_dict) # Enable Loop-protect on Interface loop_protect.update_port_loop_protect(data['interfacename'], action=None, vlan_list=[], **session_dict) # Enable Loop-protect for specific VLANs on Interface loop_protect.update_port_loop_protect( data['interfacename'], action=None, vlan_list=data['lags'][0]['trunk_vlans'], **session_dict) # Enable Loop-protect on LAG loop_protect.update_port_loop_protect(data['lags'][0]['name'], action=None, vlan_list=[], **session_dict) # Enable Loop-protect for specific VLANs on LAG loop_protect.update_port_loop_protect( data['lags'][0]['name'], action=None, vlan_list=data['lags'][0]['trunk_vlans'], **session_dict) # Update Loop-protect Actions on Interface loop_protect.update_port_loop_protect(data['interfacename'], action=data['interfaceaction'], vlan_list=None, **session_dict) # Update Loop-protect Actions on LAG loop_protect.update_port_loop_protect(l2_lag_data.get('name'), action=data['lagaction'], vlan_list=[], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): # This is the yaml file that will be used for the vsx_configuration data = yaml_ops.read_yaml("vsx_data.yaml") if not data['primarymgmtip']: data['primarymgmtip'] = input("Switch Primary IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['primarymgmtip'] os.environ['NO_PROXY'] = data['primarymgmtip'] if not data['version']: data['version'] = "v1" # Clear VSX settings on Primary base_url_1 = "https://{0}/rest/{1}/".format(data['primarymgmtip'], data['version']) try: session_dict_1 = dict(s=session.login(base_url_1, data['primaryusername'], data['primarypassword']), url=base_url_1) # Delete VSX settings from VLANs vsx.delete_vsx_interface_vlan(data['vlanid'], **session_dict_1) # Delete VSX Instance vsx.delete_vsx(**session_dict_1) # Delete VLANs vlan.delete_vlan_and_svi(data['vlanid'], data['vlanportname'], **session_dict_1) for islvlans in data['islvlans']: vlan.delete_vlan_and_svi(islvlans, 'vlan%s' % islvlans, **session_dict_1) # Delete Lag lag.delete_lag_interface(data['islport'], data['peer1isllaginterfaces'], **session_dict_1) lag.delete_lag_interface(data['mclagport'], data['peer1mclaginterfaces'], **session_dict_1) # Disable and initialize Interfaces for link in data['peer1isllaginterfaces']: interface.enable_disable_interface(link, state="down", **session_dict_1) interface.initialize_interface(link, **session_dict_1) for mclink in data['peer1mclaginterfaces']: interface.enable_disable_interface(mclink, state="down", **session_dict_1) interface.initialize_interface(mclink, **session_dict_1) interface.initialize_interface(data['primarykeepaliveinterface'], **session_dict_1) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict_1) # Setup VSX on Secondary if not data['secondarymgmtip']: data['secondarymgmtip'] = input("Switch Secondary IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['secondarymgmtip'] os.environ['NO_PROXY'] = data['secondarymgmtip'] base_url_2 = "https://{0}/rest/{1}/".format(data['secondarymgmtip'], data['version']) try: session_dict_2 = dict(s=session.login(base_url_2, data['secondaryusername'], data['secondarypassword']), url=base_url_2) # Delete VSX settings from VLANs vsx.delete_vsx_interface_vlan(data['vlanid'], **session_dict_2) # Delete VSX Instance vsx.delete_vsx(**session_dict_2) # Delete VLANs vlan.delete_vlan_and_svi(data['vlanid'], data['vlanportname'], **session_dict_2) for islvlans in data['islvlans']: vlan.delete_vlan_and_svi(islvlans, 'vlan%s' % islvlans, **session_dict_2) # Delete Lag lag.delete_lag_interface(data['islport'], data['peer2isllaginterfaces'], **session_dict_2) lag.delete_lag_interface(data['mclagport'], data['peer2mclaginterfaces'], **session_dict_2) # Disable and initialize Interfaces for link in data['peer2isllaginterfaces']: interface.enable_disable_interface(link, state="down", **session_dict_2) interface.initialize_interface(link, **session_dict_2) for mclink in data['peer2mclaginterfaces']: interface.enable_disable_interface(mclink, state="down", **session_dict_2) interface.initialize_interface(mclink, **session_dict_2) interface.initialize_interface(data['secondarykeepaliveinterface'], **session_dict_2) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict_2)
def main(): data = yaml_ops.read_yaml("qos_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info(**session_dict) platform_name = system_info_dict['platform_name'] # Create empty queue profile qos.create_queue_profile(data['queueprofilename'], **session_dict) # Add entries to queue profile for i in range(0, 5): qos.create_queue_profile_entry(data['queueprofilename'], i, [i], **session_dict) for i in range(5, 7): qos.create_queue_profile_entry(data['queueprofilename'], i, [i + 1], **session_dict) qos.create_queue_profile_entry(data['queueprofilename'], 7, [5], desc="VOICE", **session_dict) # Create empty schedule profile qos.create_schedule_profile(data['scheduleprofilename'], **session_dict) # Add entries to schedule profile # Scheduling algorithms: 8400 uses WFQ; other platforms use DWRR if "8400" in platform_name: algorithm = "wfq" else: algorithm = "dwrr" for i in range(0, 7): qos.create_schedule_profile_entry(data['scheduleprofilename'], i, algorithm, weight=i + 1, **session_dict) qos.create_schedule_profile_entry(data['scheduleprofilename'], 7, "strict", **session_dict) # Apply profiles globally qos.apply_profiles_globally(data['queueprofilename'], data['scheduleprofilename'], **session_dict) # Set trust globally qos.set_trust_globally('dscp', **session_dict) # Remap DSCP code points' priorities qos.remap_dscp_entry(40, color='green', local_priority=6, desc='CS5', **session_dict) for i in range(41, 46): qos.remap_dscp_entry(i, color='green', local_priority=6, **session_dict) qos.remap_dscp_entry(47, color='green', local_priority=6, **session_dict) # Create empty traffic class qos.create_traffic_class(data['trafficclass']['name'], data['trafficclass']['type'], **session_dict) # Create traffic class entry qos.create_traffic_class_entry(data['trafficclass']['name'], data['trafficclass']['type'], "match", 10, **session_dict) # Version-up the traffic class to complete the change qos.update_traffic_class(data['trafficclass']['name'], data['trafficclass']['type'], **session_dict) # Create empty classifier policy qos.create_policy(data['policy']['name'], **session_dict) # Add entry to classifier policy qos.create_policy_entry(data['policy']['name'], data['trafficclass']['name'], data['trafficclass']['type'], 10, **session_dict) # Set action on the policy entry qos.create_policy_entry_action(data['policy']['name'], 10, dscp=0, pcp=0, **session_dict) # Version-up the policy to complete the change qos.update_policy(data['policy']['name'], **session_dict) # Create LAGs and set trust mode on the LAG interfaces for lag_data in data['lags']: lag.create_l2_lag_interface(lag_data['name'], lag_data['interfaces'], **session_dict) qos.set_trust_interface(lag_data['name'], lag_data['qostrust'], **session_dict) # Create L2 interface interface.add_l2_interface(data['portrateinterface'], **session_dict) if platform_name.startswith("6"): unknown_unicast_limit = None unknown_unicast_units = None else: unknown_unicast_limit = 30 unknown_unicast_units = 'pps' # Set rate limits on the L2 interface qos.update_port_rate_limits( data['portrateinterface'], broadcast_limit=50, broadcast_units='pps', multicast_limit=40, multicast_units='pps', unknown_unicast_limit=unknown_unicast_limit, unknown_unicast_units=unknown_unicast_units, **session_dict) # Create L2 interface interface.add_l2_interface(data['portpolicyinterface'], **session_dict) # Apply policy to L2 interface qos.update_port_policy(data['portpolicyinterface'], data['policy']['name'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("acl_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] if not data['version']: data['version'] = "v10.04" base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) session_dict['platform_name'] = system.get_system_info( **session_dict).get('platform_name') # Clear Egress ACLs from L3 interface acl.clear_interface_acl(data['L3egressinterface'], acl_type="aclv4_out", **session_dict) # Clear Ingress ACLs from L2 interface acl.clear_interface_acl(data['ipv4L2ingressinterface'], acl_type="aclv4_in", **session_dict) acl.clear_interface_acl(data['ipv6L2ingressinterface'], acl_type="aclv6_in", **session_dict) # Clear Ingress ACLs from LAG interface acl.clear_interface_acl(data['LAGname'], acl_type="aclv4_in", **session_dict) # Detach ACL from VLAN vlan.detach_vlan_acl(data['aclVLANid'], "ipv4", **session_dict) # Remove and initialize L2 and L3 interfaces interface.initialize_interface(data['L3egressinterface'], **session_dict) interface.initialize_interface(data['ipv4L2ingressinterface'], **session_dict) interface.initialize_interface(data['ipv6L2ingressinterface'], **session_dict) interface.initialize_interface(data['interfaceVLAN'], **session_dict) # Remove LAG and initialize associated L2 interfaces lag.delete_lag_interface(data['LAGname'], data['LAGinterfaces'], **session_dict) for LAGinterface in data['LAGinterfaces']: interface.initialize_interface(LAGinterface, **session_dict) # Delete VLAN vlan.delete_vlan(data['aclVLANid'], **session_dict) # For each ACL that was configured for pair_dict in [{ "name": data['ipv4aclname'], "type": "ipv4" }, { "name": data['ipv6aclname'], "type": "ipv6" }, { "name": data['macaclname'], "type": "mac" }]: # Delete ACL entries for i in range(10, 60, 10): acl.delete_acl_entry(pair_dict["name"], pair_dict["type"], i, **session_dict) # Delete the ACL acl.delete_acl(pair_dict["name"], pair_dict["type"], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("vrf_vlan_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Add new VRF with optional route distinguisher to VRF table vrf.add_vrf(data['vrfname'], data['vrfrd'], **session_dict) vlan.create_vlan_and_svi(data['vlan1id'], data['vlan1name'], data['vlan1portname'], data['vlan1interfacename'], data['vlan1description'], data['vlan1ip'], data['vrfname'], data['vlan1portdescription'], **session_dict) vlan.create_vlan_and_svi(data['vlan2id'], data['vlan2name'], data['vlan2portname'], data['vlan2interfacename'], data['vlan2description'], data['vlan2ip'], data['vrfname'], data['vlan2portdescription'], **session_dict) # Add DHCP helper IPv4 addresses for SVI dhcp.add_dhcp_relays(data['vlan1portname'], data['vrfname'], data['ipv4helperaddresses'], **session_dict) # Add a new entry to the Port table if it doesn't yet exist interface.add_l2_interface(data['systemportname'], **session_dict) # Update the Interface table entry with "user-config": {"admin": "up"} interface.enable_disable_interface(data['systeminterfacename'], **session_dict) # Set the L2 port VLAN mode as 'access' src.vlan.port_set_vlan_mode(data['systemportname'], "access", **session_dict) # Set the access VLAN on the port src.vlan.port_set_untagged_vlan(data['systemportname'], data['vlan1id'], **session_dict) # Print ARP entries of VRF arp_entries = arp.get_arp_entries(data['vrfname'], **session_dict) print("VRF '%s' ARP entries: %s" % (data['vrfname'], repr(arp_entries))) # Modify the created VLANs vlan.modify_vlan(data['vlan1id'], "New Name for VLAN %s" % data['vlan1id'], "New Description for VLAN %s" % data['vlan1id'], **session_dict) vlan.modify_vlan(data['vlan2id'], "New Name for VLAN %s" % data['vlan2id'], "New Description for VLAN %s" % data['vlan2id'], **session_dict) # Print modified VLANs' data vlan_data1 = vlan.get_vlan(data['vlan1id'], **session_dict) print("VLAN '%d' data: %s" % (data['vlan1id'], repr(vlan_data1))) vlan_data2 = vlan.get_vlan(data['vlan2id'], **session_dict) print("VLAN '%d' data: %s" % (data['vlan2id'], repr(vlan_data2))) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("access_security_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info(**session_dict) platform_name = system_info_dict['platform_name'] # Only execute workflow if the platform is in the 6xxx series if platform_name.startswith("6"): # Configure RADIUS server host access_security.create_radius_host_config( data['radius_server_host']['vrf'], data['radius_server_host']['hostname'], passkey=data['radius_server_host']['passkey'], **session_dict) # Enable 802.1x globally access_security.enable_disable_dot1x_globally(enable=True, **session_dict) # Create L2 interface interface.add_l2_interface(data['802.1x']['port'], **session_dict) # Configure 802.1x on the L2 interface access_security.configure_dot1x_interface( data['802.1x']['port'], auth_enable=data['802.1x']['auth_enable'], cached_reauth_enable=data['802.1x']['cached_reauth_enable'], cached_reauth_period=data['802.1x']['cached_reauth_period'], discovery_period=data['802.1x']['discovery_period'], eapol_timeout=data['802.1x']['eapol_timeout'], max_requests=data['802.1x']['max_requests'], max_retries=data['802.1x']['max_retries'], quiet_period=data['802.1x']['quiet_period'], reauth_enable=data['802.1x']['reauth_enable'], reauth_period=data['802.1x']['reauth_period'], **session_dict) # Enable MAC authentication globally access_security.enable_disable_mac_auth_globally(enable=True, **session_dict) # Create L2 interface interface.add_l2_interface(data['mac_auth']['port'], **session_dict) # Configure MAC authentication on the L2 interface access_security.configure_mac_auth_interface( data['mac_auth']['port'], auth_enable=data['mac_auth']['auth_enable'], cached_reauth_enable=data['mac_auth']['cached_reauth_enable'], cached_reauth_period=data['mac_auth']['cached_reauth_period'], quiet_period=data['mac_auth']['quiet_period'], reauth_enable=data['mac_auth']['reauth_enable'], reauth_period=data['mac_auth']['reauth_period'], **session_dict) # Enable port security globally access_security.enable_disable_port_security_globally( enable=True, **session_dict) # Create reserved VLAN for tunneled clients vlan.create_vlan(data['vlan']['id'], data['vlan']['name'], **session_dict) # Set reserved VLAN for tunneled clients access_security.set_ubt_client_vlan(data['vlan']['id'], **session_dict) # Create user-based-tunneling (UBT) zone access_security.create_ubt_zone( data['zone']['name'], data['zone']['vrf_name'], enable=data['zone']['enable'], pri_ctrlr_ip_addr=data['zone']['pri_ctrlr_ip_addr'], sac_heartbeat_interval=data['zone']['sac_heartbeat_interval'], uac_keepalive_interval=data['zone']['uac_keepalive_interval'], **session_dict) # Create port access role access_security.create_port_access_role( data['role']['name'], gateway_zone=data['role']['gateway_zone'], ubt_gateway_role=data['role']['ubt_gateway_role'], vlan_mode=data['role']['vlan_mode'], vlan_tag=data['role']['vlan_tag'], **session_dict) # Create L2 interface interface.add_l2_interface(data['client_port']['port'], **session_dict) # Enable MAC authentication on client port access_security.configure_mac_auth_interface( data['client_port']['port'], auth_enable=data['client_port']['auth_enable'], reauth_enable=data['client_port']['reauth_enable'], cached_reauth_enable=data['client_port'] ['cached_reauth_enable'], **session_dict) # Set maximum limit of allowable authorized clients on the client port access_security.set_port_access_clients_limit( data['client_port']['port'], data['client_port']['clients_limit'], **session_dict) # Set source IP address for UBT access_security.set_source_ip_ubt( data['ubt_source_ip']['vrf_name'], data['ubt_source_ip']['ip_addr'], **session_dict) else: print("This workflow only applies to access platforms!") except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("evpn_vxlan_data.yaml") if not data['version']: data['version'] = "v10.04" # Cleanup Border Leaf print("Cleaning up Border Leaf configuration...") border_data = data['borderleaf'][0] if data['bypassproxy']: os.environ['no_proxy'] = border_data['mgmtip'] os.environ['NO_PROXY'] = border_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(border_data['mgmtip'], data['version']) try: session_dict = dict(s=session.login(base_url, border_data['username'], border_data['password']), url=base_url) # Delete external facing Interface settings for border_vlan in border_data['interfacevlans']: vlan.delete_vlan_and_svi(border_vlan['vlanid'], "vlan%d" % border_vlan['vlanid'], **session_dict) # Delete Tenant VRFs for tenants in border_data['tenantvrfs']: bgp.delete_bgp_asn(tenants['name'], border_data['bgpasn'], **session_dict) vrf.delete_vrf(tenants['name'], **session_dict) # Remove Interface Settings to Core interface.initialize_interface(border_data['interfacetocore'], **session_dict) # Delete Router BGP Settings bgp.delete_bgp_asn(border_data['vrftocore'], border_data['neighbortocoreasn'], **session_dict) # Delete VRF to Core vrf.delete_vrf(border_data['vrftocore'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict) # Cleaning up Leafs for Fabric Infrastructure print("Cleaning up Leafs for Fabric Infrastructure...") for leaf_data in data['leafs']: if data['bypassproxy']: os.environ['no_proxy'] = leaf_data['mgmtip'] os.environ['NO_PROXY'] = leaf_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(leaf_data['mgmtip'], data['version']) try: print("Cleaning up Leaf at %s" % leaf_data['mgmtip']) session_dict = dict(s=session.login(base_url, leaf_data['username'], leaf_data['password']), url=base_url) # Remove BGP info # Delete EVPN instance evpn.delete_evpn_instance(**session_dict) # Delete VNI to VLAN for vni_list in leaf_data['vnivlans']: vxlan.delete_vni_mapping(vni_list, **session_dict) # Delete VXLAN interface.delete_interface(leaf_data['vxlanname'], **session_dict) # Delete LAGs to Downstream Servers for lag_data in leaf_data['lagtoserver']: lag.delete_lag_interface(lag_data['name'], lag_data['interfaces'], **session_dict) # Delete VLANs for vlan_id in leaf_data['vnivlans']: vlan.delete_vlan(vlan_id, **session_dict) # Delete BGP ASN and Router ID bgp.delete_bgp_asn(leaf_data['ospfvrf'], leaf_data['bgpasn'], **session_dict) # Remove OSPF and Interfaces # Initialize upstream L2 interfaces for upstream in leaf_data['upstreaminterface']: interface.initialize_interface(upstream['interface'], **session_dict) # Delete Loopback interface interface.delete_interface(leaf_data['loopbackinterface'], **session_dict) # Delete an OSPFv2 Area for OSPF ID ospf.delete_ospf_area(leaf_data['ospfvrf'], leaf_data['ospfid'], leaf_data['ospfarea'], **session_dict) # Delete OSPFv2 ID ospf.delete_ospf_id(leaf_data['ospfvrf'], leaf_data['ospfid'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict) # Cleaning up Spines for Fabric Infrastructure print("Cleaning up Spines of Fabric Infrastructure...") for spine_data in data['spines']: if data['bypassproxy']: os.environ['no_proxy'] = spine_data['mgmtip'] os.environ['NO_PROXY'] = spine_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(spine_data['mgmtip'], data['version']) try: print("Setting up Spine at %s" % spine_data['mgmtip']) session_dict = dict(s=session.login(base_url, spine_data['username'], spine_data['password']), url=base_url) # Remove BGP configuration # Delete BGP ASN and Router ID bgp.delete_bgp_asn(spine_data['ospfvrf'], spine_data['bgpasn'], **session_dict) # Initialize downstream L2 interfaces for downstream in spine_data['downstreaminterface']: interface.initialize_interface(downstream['interface'], **session_dict) # Create Loopback interface interface.delete_interface(spine_data['loopbackinterface'], **session_dict) # Create an OSPFv2 Area for OSPF ID ospf.delete_ospf_area(spine_data['ospfvrf'], spine_data['ospfid'], spine_data['ospfarea'], **session_dict) # Create OSPFv2 ID ospf.delete_ospf_id(spine_data['ospfvrf'], spine_data['ospfid'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("evpn_vxlan_data.yaml") if not data['version']: data['version'] = "v1" # Setting up Spines for Fabric Infrastructure print("Setting up Spines for Fabric Infrastructure...") for spine_data in data['spines']: if data['bypassproxy']: os.environ['no_proxy'] = spine_data['mgmtip'] os.environ['NO_PROXY'] = spine_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(spine_data['mgmtip'], data['version']) try: print("Setting up Spine at %s" % spine_data['mgmtip']) session_dict = dict(s=session.login(base_url, spine_data['username'], spine_data['password']), url=base_url) # Create OSPFv2 ID ospf.create_ospf_id(spine_data['ospfvrf'], spine_data['ospfid'], **session_dict) # Create an OSPFv2 Area for OSPF ID ospf.create_ospf_area(spine_data['ospfvrf'], spine_data['ospfid'], spine_data['ospfarea'], **session_dict) # Create Loopback interface interface.create_loopback_interface( spine_data['loopbackinterface'], spine_data['ospfvrf'], spine_data['loopbackip'], **session_dict) ospf.create_ospf_interface(spine_data['ospfvrf'], spine_data['ospfid'], spine_data['ospfarea'], spine_data['loopbackinterface'], **session_dict) # Create downstream interfaces for downstream in spine_data['downstreaminterface']: interface.add_l3_ipv4_interface(downstream['interface'], downstream['ipaddress'], **session_dict) interface.enable_disable_interface(downstream['interface'], "up", **session_dict) # Attach downstream interface to OSPF ID ospf.create_ospf_interface(spine_data['ospfvrf'], spine_data['ospfid'], spine_data['ospfarea'], downstream['interface'], **session_dict) ospf.update_ospf_interface_type(spine_data['ospfvrf'], spine_data['ospfid'], downstream['interface'], spine_data['ospftype'], **session_dict) # Create BGP ASN and Router ID bgp.create_bgp_asn(spine_data['ospfvrf'], spine_data['bgpasn'], spine_data['bgprouterid'], **session_dict) # Set BGP Neighbors for neighbors in spine_data['neighborips']: bgp.create_bgp_neighbors( spine_data['ospfvrf'], spine_data['bgpasn'], neighbors, spine_data['addressfamilytype'], reflector=True, send_community=True, local_interface=spine_data['loopbackinterface'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict) # Setting up Leafs for Fabric Infrastructure print("Setting up Leafs for Fabric Infrastructure...") for leaf_data in data['leafs']: if data['bypassproxy']: os.environ['no_proxy'] = leaf_data['mgmtip'] os.environ['NO_PROXY'] = leaf_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(leaf_data['mgmtip'], data['version']) try: print("Setting up Leaf at %s" % leaf_data['mgmtip']) session_dict = dict(s=session.login(base_url, leaf_data['username'], leaf_data['password']), url=base_url) # Create OSPFv2 ID ospf.create_ospf_id(leaf_data['ospfvrf'], leaf_data['ospfid'], **session_dict) # Create an OSPFv2 Area for OSPF ID ospf.create_ospf_area(leaf_data['ospfvrf'], leaf_data['ospfid'], leaf_data['ospfarea'], **session_dict) # Create Loopback interface interface.create_loopback_interface(leaf_data['loopbackinterface'], leaf_data['ospfvrf'], leaf_data['loopbackip'], **session_dict) ospf.create_ospf_interface(leaf_data['ospfvrf'], leaf_data['ospfid'], leaf_data['ospfarea'], leaf_data['loopbackinterface'], **session_dict) # Create upstream interfaces for upstream in leaf_data['upstreaminterface']: interface.add_l3_ipv4_interface(upstream['interface'], upstream['ipaddress'], **session_dict) interface.enable_disable_interface(upstream['interface'], "up", **session_dict) # Attach upstream interface to OSPF ID ospf.create_ospf_interface(leaf_data['ospfvrf'], leaf_data['ospfid'], leaf_data['ospfarea'], upstream['interface'], **session_dict) ospf.update_ospf_interface_type(leaf_data['ospfvrf'], leaf_data['ospfid'], upstream['interface'], leaf_data['ospftype'], **session_dict) # Create BGP ASN and Router ID bgp.create_bgp_asn(leaf_data['ospfvrf'], leaf_data['bgpasn'], leaf_data['bgprouterid'], **session_dict) # Set BGP Neighbors for neighbors in leaf_data['neighborips']: bgp.create_bgp_neighbors( leaf_data['ospfvrf'], leaf_data['bgpasn'], neighbors, leaf_data['addressfamilytype'], reflector=False, send_community=True, local_interface=leaf_data['loopbackinterface'], **session_dict) # Create VLANs for vlan_id in leaf_data['vnivlans']: vlan.create_vlan(vlan_id, "VLAN%d" % vlan_id, **session_dict) # Create LAGs to Downstream Servers for lag_data in leaf_data['lagtoserver']: lag.create_l2_lag_interface(lag_data['name'], lag_data['interfaces'], lag_data['lacp_mode'], lag_data['mc_lag'], False, lag_data['trunk_vlans'], **session_dict) # Create VXLAN vxlan.create_vxlan_interface(leaf_data['vxlanname'], leaf_data['vxlanip'], **session_dict) # Map VNI to VLAN for vni_list in leaf_data['vnivlans']: vxlan.add_vni_mapping(vni_list, leaf_data['vxlanname'], vni_list, **session_dict) # Create EVPN instance evpn.create_evpn_instance(**session_dict) # Configure EVPN Routes for vlan_id in leaf_data['vnivlans']: evpn.add_evpn_vlan(vlan_id, **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict) # Setup Border Leaf print("Setting up Border Leaf...") border_data = data['borderleaf'][0] if data['bypassproxy']: os.environ['no_proxy'] = border_data['mgmtip'] os.environ['NO_PROXY'] = border_data['mgmtip'] base_url = "https://{0}/rest/{1}/".format(border_data['mgmtip'], data['version']) try: session_dict = dict(s=session.login(base_url, border_data['username'], border_data['password']), url=base_url) # Create VRF to Core vrf.add_vrf(border_data['vrftocore'], border_data['rd'], **session_dict) vrf.add_vrf_address_family(border_data['vrftocore'], border_data['addressfamilytype'], border_data['addressfamilyexports'], border_data['addressfamilyimports'], **session_dict) # Setup link to Core interface.add_l3_ipv4_interface( border_data['interfacetocore'], ip_address=border_data['interfacetocoreip'], vrf=border_data['vrftocore'], **session_dict) # Setup BGP to Core bgp.create_bgp_asn(border_data['vrftocore'], border_data['neighbortocoreasn'], **session_dict) bgp.create_bgp_neighbors(border_data['vrftocore'], border_data['neighbortocoreasn'], border_data['neighbortocoreip'], border_data['addressfamilytype'], reflector=False, send_community=False, **session_dict) # Configure Leaf VRF Routes and Address-family for tenants in border_data['tenantvrfs']: vrf.add_vrf(tenants['name'], tenants['rd'], **session_dict) vrf.add_vrf_address_family(tenants['name'], border_data['addressfamilytype'], tenants['addressfamilyexports'], tenants['addressfamilyimports'], **session_dict) bgp.create_bgp_asn(tenants['name'], border_data['bgpasn'], **session_dict) bgp.create_bgp_vrf(tenants['name'], border_data['bgpasn'], tenants['redistribute'], **session_dict) # Attach Leaf VRFs and give IP Addresses to VLANs for border_vlan in border_data['interfacevlans']: vlan.create_vlan_and_svi(border_vlan['vlanid'], "VLAN%d" % border_vlan['vlanid'], "vlan%d" % border_vlan['vlanid'], "vlan%d" % border_vlan['vlanid'], vlan_desc=None, ipv4=border_vlan['vlanip'], vrf_name=border_vlan['vlanvrf'], **session_dict) vsx.update_vsx_interface_vlan(border_vlan['vlanid'], False, [], border_vlan['activegatewaymac'], border_vlan['activegatewayip'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("access_security_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) system_info_dict = system.get_system_info(**session_dict) platform_name = system_info_dict['platform_name'] # Only execute workflow if the platform is in the 6xxx series if platform_name.startswith("6"): # Unconfigure RADIUS server host access_security.delete_radius_host_config( data['radius_server_host']['vrf'], data['radius_server_host']['hostname'], passkey=data['radius_server_host']['passkey'], **session_dict) # Disable 802.1x globally access_security.enable_disable_dot1x_globally(enable=False, **session_dict) # Remove 802.1x from the L2 interface access_security.remove_auth_method_interface( data['802.1x']['port'], "802.1x", **session_dict) # Initialize L2 interface interface.initialize_interface(data['802.1x']['port'], **session_dict) # Disable MAC authentication globally access_security.enable_disable_mac_auth_globally(enable=False, **session_dict) # Remove MAC authentication from the L2 interface access_security.remove_auth_method_interface( data['mac_auth']['port'], "mac-auth", **session_dict) # Initialize L2 interface interface.initialize_interface(data['mac_auth']['port'], **session_dict) # Disable port security globally access_security.enable_disable_port_security_globally( enable=False, **session_dict) # Clear reserved VLAN value for tunneled clients access_security.clear_ubt_client_vlan(**session_dict) # Delete reserved VLAN for tunneled clients vlan.delete_vlan(data['vlan']['id'], **session_dict) # Delete user-based-tunneling (UBT) zone access_security.remove_ubt_zone(data['zone']['vrf_name'], **session_dict) # Remove port access role access_security.remove_port_access_role(data['role']['name'], **session_dict) # Remove MAC authentication from the client port access_security.remove_auth_method_interface( data['client_port']['port'], "mac-auth", **session_dict) # Clear limit of maximum allowable authorized clients on the client port access_security.clear_port_access_clients_limit( data['client_port']['port'], **session_dict) # Initialize L2 interface interface.initialize_interface(data['client_port']['port'], **session_dict) # Remove source IP address for UBT access_security.remove_source_ip_ubt( data['ubt_source_ip']['vrf_name'], **session_dict) else: print("This workflow only applies to access platforms!") except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): data = yaml_ops.read_yaml("qos_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Remove global application of QoS queue profile and schedule profile qos.unapply_profiles_globally(**session_dict) # Delete queue profile entries for i in range(0, 8): qos.delete_queue_profile_entry(data['queueprofilename'], i, **session_dict) # Delete queue profile qos.delete_queue_profile(data['queueprofilename'], **session_dict) # Delete schedule profile entries for i in range(0, 8): qos.delete_schedule_profile_entry(data['scheduleprofilename'], i, **session_dict) # Delete schedule profile qos.delete_schedule_profile(data['scheduleprofilename'], **session_dict) # Remove global setting of QoS trust mode qos.clear_trust_globally(**session_dict) # Reset DSCP code points to defaults qos.reset_dscp_entry(40, **session_dict) for i in range(41, 46): qos.reset_dscp_entry(i, **session_dict) qos.reset_dscp_entry(47, **session_dict) # Delete action on policy entry qos.delete_policy_entry_action(data['policy']['name'], 10, **session_dict) # Delete policy entry qos.delete_policy_entry(data['policy']['name'], 10, **session_dict) # Version-up the policy to complete the change qos.update_policy(data['policy']['name'], **session_dict) # Delete classifier policy qos.delete_policy(data['policy']['name'], **session_dict) # Delete traffic class entry qos.delete_traffic_class_entry(data['trafficclass']['name'], data['trafficclass']['type'], 10, **session_dict) # Version-up the traffic class to complete the change qos.update_traffic_class(data['trafficclass']['name'], data['trafficclass']['type'], **session_dict) # Delete traffic class qos.delete_traffic_class(data['trafficclass']['name'], data['trafficclass']['type'], **session_dict) # Clear trust mode on LAG interfaces and delete LAG interfaces for lag_data in data['lags']: qos.clear_trust_interface(lag_data['name'], **session_dict) lag.delete_lag_interface(lag_data['name'], lag_data['interfaces'], **session_dict) # Clear policy from L2 interface qos.clear_port_policy(data['portpolicyinterface'], **session_dict) interface.initialize_interface(data['portpolicyinterface'], **session_dict) # Clear rate limits from L2 interface qos.clear_port_rate_limits(data['portrateinterface'], **session_dict) interface.initialize_interface(data['portrateinterface'], **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)
def main(): # This is the yaml file that will be used for the vsx_configuration data = yaml_ops.read_yaml("vsx_data.yaml") if not data['primarymgmtip']: data['primarymgmtip'] = input("Switch Primary IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['primarymgmtip'] os.environ['NO_PROXY'] = data['primarymgmtip'] if not data['version']: data['version'] = "v10.04" # Setup VSX on Primary base_url_1 = "https://{0}/rest/{1}/".format(data['primarymgmtip'], data['version']) try: session_dict_1 = dict(s=session.login(base_url_1, data['primaryusername'], data['primarypassword']), url=base_url_1) # Create VLANs for vlans in data['islvlans']: vlan.create_vlan_and_svi(vlans, "VLAN%s" % vlans, "vlan%s" % vlans, "vlan%s" % vlans, vlan_port_desc="ISL VLAN", **session_dict_1) vlan.create_vlan_and_svi(data['vlanid'], data['vlanname'], data['vlanportname'], data['vlanportname'], data['vlanportdescription'], data['primaryvlanip'], **session_dict_1) # Create LAG for ISL for link in data['peer1isllaginterfaces']: interface.enable_disable_interface(link, state="up", **session_dict_1) lag.create_l2_lag_interface(data['islport'], data['peer1isllaginterfaces'], lacp_mode=data['isllacp'], mc_lag=False, fallback_enabled=False, vlan_ids_list=(data['islvlans'] + [data['vlanid']]), desc="ISL LAG", **session_dict_1) # Create Downstream MCLAG for mclink in data['peer1mclaginterfaces']: interface.enable_disable_interface(mclink, state="up", **session_dict_1) lag.create_l2_lag_interface(data['mclagport'], data['peer1mclaginterfaces'], lacp_mode=data['mclaglacp'], mc_lag=True, fallback_enabled=True, vlan_ids_list=data['mclagvlans'], desc="Downstream MCLAG", **session_dict_1) # Create VSX Instance vsx.create_vsx("primary", data['islport'], data['secondarykeepaliveip'], data['primarykeepaliveip'], data['keepalivevrf'], data['vsxmac'], **session_dict_1) interface.add_l3_ipv4_interface(data['primarykeepaliveinterface'], data['primarykeepaliveip'], desc="Keepalive Link", **session_dict_1) interface.enable_disable_interface(data['primarykeepaliveinterface'], state="up", **session_dict_1) # Assign VSX Active-Gateways and synchronization options to VLANs vsx.update_vsx_interface_vlan(data['vlanid'], False, {'active-gateways', 'policies'}, data['activegatewaymac'], data['activegatewayip'], **session_dict_1) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict_1) # Setup VSX on Secondary if not data['secondarymgmtip']: data['secondarymgmtip'] = input("Switch Secondary IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['secondarymgmtip'] os.environ['NO_PROXY'] = data['secondarymgmtip'] base_url_2 = "https://{0}/rest/{1}/".format(data['secondarymgmtip'], data['version']) try: session_dict_2 = dict(s=session.login(base_url_2, data['secondaryusername'], data['secondarypassword']), url=base_url_2) # Create VLANs for vlans in data['islvlans']: vlan.create_vlan_and_svi(vlans, "VLAN%s" % vlans, "vlan%s" % vlans, "vlan%s" % vlans, vlan_port_desc="ISL VLAN", **session_dict_2) vlan.create_vlan_and_svi(data['vlanid'], data['vlanname'], data['vlanportname'], data['vlanportname'], data['vlanportdescription'], data['secondaryvlanip'], **session_dict_2) # Create LAG for ISL for link in data['peer2isllaginterfaces']: interface.enable_disable_interface(link, state="up", **session_dict_2) lag.create_l2_lag_interface(data['islport'], data['peer2isllaginterfaces'], lacp_mode=data['isllacp'], mc_lag=False, fallback_enabled=False, vlan_ids_list=(data['islvlans'] + [data['vlanid']]), desc="ISL LAG", **session_dict_2) # Create Downstream MCLAG for mclink in data['peer2mclaginterfaces']: interface.enable_disable_interface(mclink, state="up", **session_dict_2) lag.create_l2_lag_interface(data['mclagport'], data['peer2mclaginterfaces'], lacp_mode=data['mclaglacp'], mc_lag=True, fallback_enabled=True, vlan_ids_list=data['mclagvlans'], desc="Downstream MCLAG", **session_dict_2) # Create VSX Instance vsx.create_vsx("secondary", data['islport'], data['primarykeepaliveip'], data['secondarykeepaliveip'], data['keepalivevrf'], data['vsxmac'], **session_dict_2) interface.add_l3_ipv4_interface(data['secondarykeepaliveinterface'], data['secondarykeepaliveip'], desc="Keepalive Link", **session_dict_2) interface.enable_disable_interface(data['secondarykeepaliveinterface'], state="up", **session_dict_2) # Assign VSX Active-Gateways to VLANs vsx.update_vsx_interface_vlan(data['vlanid'], False, {'active-gateways', 'policies'}, data['activegatewaymac'], data['activegatewayip'], **session_dict_2) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict_2)
def main(): data = yaml_ops.read_yaml("acl_data.yaml") if not data['switchip']: data['switchip'] = input("Switch IP Address: ") if data['bypassproxy']: os.environ['no_proxy'] = data['switchip'] os.environ['NO_PROXY'] = data['switchip'] if not data['version']: data['version'] = "v10.04" base_url = "https://{0}/rest/{1}/".format(data['switchip'], data['version']) try: session_dict = dict(s=session.login(base_url, data['username'], data['password']), url=base_url) # Create empty IPv4 ACL acl.create_acl(data['ipv4aclname'], "ipv4", **session_dict) # Add entry 10 to IPv4 ACL acl.create_acl_entry(data['ipv4aclname'], "ipv4", 10, action="deny", count=data['hitcount'], ip_protocol=6, src_ip="10.1.2.1/255.255.255.0", **session_dict) # Add entry 20 to IPv4 ACL acl.create_acl_entry(data['ipv4aclname'], "ipv4", 20, action="deny", count=data['hitcount'], ip_protocol=17, dst_ip="10.33.12.3/255.255.255.255", dst_l4_port_min=80, dst_l4_port_max=80, **session_dict) # Add entry 30 to IPv4 ACL acl.create_acl_entry(data['ipv4aclname'], "ipv4", 30, action="permit", count=data['hitcount'], src_ip="10.2.4.2/255.255.255.255", dst_ip="10.33.25.34/255.255.255.0", **session_dict) # Add entry 40 to IPv4 ACL acl.create_acl_entry(data['ipv4aclname'], "ipv4", 40, action="deny", count=data['hitcount'], **session_dict) # Add entry 50 to IPv4 ACL acl.create_acl_entry(data['ipv4aclname'], "ipv4", 50, action="permit", count=data['hitcount'], **session_dict) # Version-up the IPv4 ACL to complete the change acl.update_acl(data['ipv4aclname'], "ipv4", **session_dict) # Create empty IPv6 ACL acl.create_acl(data['ipv6aclname'], "ipv6", **session_dict) # Add entry 10 to IPv6 ACL acl.create_acl_entry(data['ipv6aclname'], "ipv6", 10, action="deny", count=data['hitcount'], ip_protocol=6, dst_ip="22f4:23::1/ffff:ffff:ffff:ffff::", **session_dict) # Add entry 20 to IPv6 ACL acl.create_acl_entry(data['ipv6aclname'], "ipv6", 20, action="permit", count=data['hitcount'], ip_protocol=6, src_ip="3000:323:1221::88/ffff:ffff:ffff:ffff::", **session_dict) # Add entry 30 to IPv6 ACL acl.create_acl_entry( data['ipv6aclname'], "ipv6", 30, action="permit", count=data['hitcount'], ip_protocol=89, dst_ip= "3999:929:fa98:00f0::4/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00", **session_dict) # Add entry 40 to IPv6 ACL acl.create_acl_entry(data['ipv6aclname'], "ipv6", 40, action="deny", count=data['hitcount'], **session_dict) # Add entry 50 to IPv6 ACL acl.create_acl_entry(data['ipv6aclname'], "ipv6", 50, action="permit", count=data['hitcount'], **session_dict) # Version-up the IPv6 ACL to complete the change acl.update_acl(data['ipv6aclname'], "ipv6", **session_dict) # Create empty MAC ACL acl.create_acl(data['macaclname'], "mac", **session_dict) # Add entry 10 to MAC ACL acl.create_acl_entry(data['macaclname'], "mac", 10, action="permit", count=data['hitcount'], ethertype=2054, src_mac="ff33.244c.aabb/ffff.ffff.ffff", **session_dict) # Add entry 20 to MAC ACL acl.create_acl_entry(data['macaclname'], "mac", 20, action="permit", count=data['hitcount'], ethertype=34525, src_mac="1f33.cc4c.aaff/ffff.ffff.ffff", dst_mac="ff33.244c.aa11/ffff.ffff.ffff", **session_dict) # Add entry 30 to MAC ACL acl.create_acl_entry(data['macaclname'], "mac", 30, action="permit", count=data['hitcount'], ethertype=35020, src_mac="1f33.cc4c.aaff/ffff.ffff.ffff", dst_mac="ff33.244c.aa11/ffff.ffff.ffff", **session_dict) # Add entry 40 to MAC ACL acl.create_acl_entry(data['macaclname'], "mac", 40, action="permit", count=data['hitcount'], ethertype=32923, src_mac="1f33.cc4c.aaff/ffff.ffff.ffff", dst_mac="ff33.244c.aa11/ffff.ffff.ffff", **session_dict) # Add entry 50 to MAC ACL acl.create_acl_entry(data['macaclname'], "mac", 50, action="deny", count=data['hitcount'], **session_dict) # Version-up the ACL to complete the change acl.update_acl(data['macaclname'], "mac", **session_dict) # Create VLAN and L2 System interfaces interface.add_l2_interface(data['interfaceVLAN'], **session_dict) interface.enable_disable_interface(data['interfaceVLAN'], "up", **session_dict) interface.add_l2_interface(data['ipv4L2ingressinterface'], **session_dict) interface.enable_disable_interface(data['ipv4L2ingressinterface'], "up", **session_dict) vlan.port_set_vlan_mode(data['ipv4L2ingressinterface'], "native-tagged", **session_dict) vlan.port_add_vlan_trunks(data['ipv4L2ingressinterface'], **session_dict) interface.add_l2_interface(data['ipv6L2ingressinterface'], **session_dict) interface.enable_disable_interface(data['ipv6L2ingressinterface'], "up", **session_dict) vlan.port_set_vlan_mode(data['ipv6L2ingressinterface'], "native-tagged", **session_dict) vlan.port_add_vlan_trunks(data['ipv6L2ingressinterface'], **session_dict) # Create LAG Interfaces for LAGinterface in data['LAGinterfaces']: interface.add_l2_interface(LAGinterface, **session_dict) interface.enable_disable_interface(LAGinterface, "up", **session_dict) # Create L3 interface interface.add_l3_ipv4_interface(data['L3egressinterface'], **session_dict) interface.enable_disable_interface(data['L3egressinterface'], "up", **session_dict) # Create LAG interfaces lag.create_l2_lag_interface(data['LAGname'], data['LAGinterfaces'], **session_dict) # Create VLAN vlan.create_vlan(data['aclVLANid'], "vlan%d" % data['aclVLANid'], **session_dict) # Attach the ACL to VLAN vlan.attach_vlan_acl(data['aclVLANid'], data['ipv4aclname'], "ipv4", **session_dict) # Attach VLAN to interface vlan.port_set_vlan_mode(data['interfaceVLAN'], "native-tagged", **session_dict) vlan.port_add_vlan_trunks(data['interfaceVLAN'], [data['aclVLANid']], **session_dict) # Apply IPv4 ACL to L2 interface on ingress acl.update_port_acl_in(data['ipv4L2ingressinterface'], data['ipv4aclname'], 'ipv4', **session_dict) # Apply IPv6 ACL to L2 interface on ingress acl.update_port_acl_in(data['ipv6L2ingressinterface'], data['ipv6aclname'], 'ipv6', **session_dict) # Apply IPv4 ACL to L3 interface on egress acl.update_port_acl_out(data['L3egressinterface'], data['ipv4aclname'], **session_dict) # Apply IPv4 ACL to L2 LAG on ingress acl.update_port_acl_in(data['LAGname'], data['ipv4aclname'], 'ipv4', **session_dict) except Exception as error: print('Ran into exception: {}. Logging out..'.format(error)) session.logout(**session_dict)