9/30/2014
Good EXPECT script to use on Cisco / Other Network Devices
Expect script is a great way to make config changes across 40 or more switches/routers in your company without telnet or ssh into each device.
The script can be modified to suit your needs. I modified Paul's http://paulgporter.net/2012/12/08/30/comment-page-1/#comment-1703 script to meet my needs.
SSH for EXPECT is at the end. Below is for TELNET EXPECT:
STEPS:
1. Install EXPECT on your CENTOS or linux box
yum install expect
- The expect command should be installed in /usr/bin/expect.
Create your expect script:
2. Make a text file and put all IP Addresses of your devices:
[root@localhost script]# vi device-list
172.x.x.1
172.x.x.2
172.x.x.3
etc.
3. Create expectrun.sh file and put the following in it:
[root@localhost script]# vi expectrun.sh
#!/bin/bash
# Collect the current user's ssh and enable passwords
echo -n "Enter the SSH password for YOURUSERNAME"
read -s -e password
echo -ne '\n'
echo -n "Enter the Enable password for YOURUSERNAME"
read -s -e enable
echo -ne '\n'
# Set terminal to vt100 so Nexus devices don't complain
export TERM=vt100
# Feed the expect script a device list & the collected passwords
for device in `cat device-list`; do
./expectscript.exp $device $password $enable ;
done
4. Create the "EXPECT" script called, expectscript.exp and put the following:
[root@localhost script]# vi expectscript.exp
#!/usr/bin/expect
# Set variables
set hostname [lindex $argv 0]
set username "YOURUSERNAME"
set password [lindex $argv 1]
set enablepassword [lindex $argv 2]
# Path to Where to put the Log file results
log_file -a /root/script/results.log
# Display the device we are working on and the time
send_user "\n"
send_user ">>>>> Working on $hostname @ [exec date] <<<<<\n"
send_user "\n"
# Telnet
#spawn telnet $hostname
#expect "Username: " sleep .1;
#send "$username\r";
#sleep .1;
#expect "Password:"
#send "$password\r";
# Telnet
spawn telnet $hostname
expect "Username: "
send "$username\r"
expect "*assword: "
send "$password\r"
# Check to see if we're already in enable mode, if not get us there
expect {
default { send_user "\nEnable Mode Failed - Check Password\n"; exit 1 }
"*#" {}
"*>" {
send "enable\n"
expect "*assword"
send "$enablepassword\n"
expect "*#"
}
}
# Let's GET into configure mode
send "conf t\n"
expect "(config)#"
# Enter your commands here. Examples listed below
send "aaa authorization commands 1 default group tacacs+ local \n"
expect "(config)#"
send "aaa authorization commands 15 default group tacacs+ local \n"
expect "(config)#"
send "aaa authorization config-commands \n"
expect "(config)#"
#send "service timestamps log datetime msec localtime\n"
#expect "(config)#"
#send "clock timezone PST -8\n"
#expect "(config)#"
#send "clock summer-time PDT recurring\n"
#expect "(config)#"
#send "service timestamps debug datetime msec localtime\n"
#expect "(config)#"
send "end\n"
expect "#"
send "write mem\n"
expect "#"
send "exit\n"
expect ":~\$"
exit
5. Now RUN the expectrun.sh script:
[root@localhost script]# ./expectrun.sh
========================
NOTE: FOR SSH to devices instead of using telnet:
The Cisco IOS image used must be a k9(crypto) image in order to support SSH. For example c3750e-universalk9-mz.150-1.SE2.bin is a k9 (crypto) image.
[root@localhost script]# vi expectscript.exp
DELETE THE TELNET REFERENCE:
# Telnet
spawn telnet $hostname
expect "Username: "
send "$username\r"
expect "*assword: "
send "$password\r"
ADD the following for SSH to WORK:
# For SSH to devices and don't check keys
spawn ssh -o StrictHostKeyChecking=no $username\@$hostname
# Need to SSH to Work. Allow script to handle ssh connection issues
expect {
timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
"*#" {}
"*assword:" {
send "$password\n"
}
}
THAT'S IT.
Subscribe to:
Post Comments (Atom)
This comment has been removed by the author.
ReplyDeleteHello,
ReplyDeleteY a t-il un moyen de vous contacter concernant ce script pour avoir des clarifications, j'ai souhaite l'utiliser pour monitorer des ressources du des ASA firewalls.
Merci
Hi all,
ReplyDeletei am new in expect script , for my script.in my script i ask for configure switch (for creat automaticaly vlan and tunking vlan ) its good works. in secondly i said in output show running,its works too,but in finally i want ask user "Are u sure configuration is finished ? " its for checking configure switch ,if yes exit and if not can return ,but i cant write end of part script
please help me for finally step, Can you help me for finally step
here is my script:
#!/usr/bin/expect -f
#set variables
set hostname ...
set username..
set ip ...
foreach hostname [array names interface] {
set timeout 10
match_max 500000
# Log results
log_file -a ~/results.log
send_user "\n"
send_user ">>>> Working on $hostname @ [exec date]<<<< \n"
send_user "\n"
#ssh
spawn ssh -2 -o strictHostKeyChecking=no $username\@$ipaddress
expect "username:"
send "$username\r"
expect "#"
expect "password:"
send "$password\r"
expect -re $prompt
#enable configure mode
send "conf t\n"
expect "(config#)"
#vlan trunking mode
send "$interface($hostname)\n"
expect "(config-if-range)#"
send "switchport access vlan 9\n"
expect "(config-if-range)#"
send "switchport trunk encapsulation dot1q\n"
expect "(config-if-range)#"
send "switchport mode trunk\n"
expect "(config-if-range)#"
send "switchport trunk allowed vlan 7\n"
expect "(config-if-range)#"
send "end\n"
expect "#"
send "write mem\n"
expect "#"
send "terminal length 0\r"
expect "#"
send "show running-config\r"
expect "#"
}
set output $expect_out(buffer)
#Here dont working
exp_sleep 1
stty echo
send_user -- "Are you sure configuration is finished?(Y/n):\n"
expect_before "(yes/no)?"
send_user -- "\n
if [ "$(#)" != "yes" ];then
[ send_user "exit\n" ]
expect "#"
else
return
exp_send -- "\n"
puts "$output"
expect eof
exit