Revision 2 Script – Networking Lab

Revision2 Scripts

Revision2 Lab

Revision2 Scripts

A link to the Revision2 scripts in this example may be found on my GitHub.

The overall changes to the function of the script has not changed. TACACS is still checked and reconfigured.

Main Changes are;

Ability to get OS type
Added IOS12, 15 and NXOS v7 devices
Takes in different config files per OS type
Config is applied based off device version

As the script is basically the same functionality as in revision1 performed in the same manner I will talk about the specifics of the changes.

There is more I would like to do for a revision3. This would be the inclusion of NXOS v9 and the ability for some parallelism. Currently each device is logged into and configured one at a time. It’s quite slow.

How to Get OS Type

This is run as soon as the device has an initial connection made. The OS type is then stored in a new dictionary that is referenced when deciding what config to apply.

        # 2. Get Version commands
        print("Getting Version")
        device_version = check_tacacs_cmds_iosxe.get_version(connection)
        print(device_version)

        dev_ver_dict = {"IP Address":host_ip, 
                        "Hostname":hostname, 
                        "Username":host_username, 
                        "Device Version":device_version}      
        dev_ver_list.append(dev_ver_dict)

This next part is the heavy lifting. This is what is sending the commands to the devices and then using textfsm to parse the output and determine the output to determine what it is.
I have used two commands “show version” and “show inventory”. I needed to use two as the textfsm default Cisco Nexus template was not picking up it was a Nexus from the show version command. I’m not sure if this is because they are NXOSv images. But it works for NXOS7.

def get_version(self, connection):
        show_version = BaseConn.send_commands(self, connection, "show version", True)
        show_inventory = BaseConn.send_commands(self, connection,"show inventory", True)
        version = show_version[0]["version"].split(".")[0]
        inventory = show_inventory[0]["descr"].split(" ")[0]

        if version == "12":
            device_version = "ios12"
        elif version == "15":
            device_version = "ios15"
        elif  " 16" in version:
            device_version = "iosxe"
        elif "NX-OS" in inventory:
            device_version = "nxos"
        else:
            device_version = "unknown"


        return device_version

How to Match up Files to OS Types

The script will ask for a file per OS type. In this case the IOS variants are all the same config. Only the NXOS TACACS config is different.

Please enter the file name of the IOS 12 config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the IOS 15 config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the IOS XE config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the NXOS config file to apply to devices: nxosnewtacacs.cfg

The script will then continue and apply the config to each device type. This is achieved by adding the device version to the cisco_device dictionary after the connection has been opened with Netmiko.

error_ips = []
configured_list = []
i = 0
for cisco_device in device_list:
    try:
        if cisco_device["host"] not in check_error_ips:
            
            # 1. Create connection
            connection, hostname, host_ip, host_username = check_tacacs_cmds_iosxe.open_connection(cisco_device)

            # 2. Create and if based on the device type
            # config_remove = show_tacacs_list[i]["Removal Config"]
            device_type = cisco_device["Device_Version"]=show_tacacs_list[i]["Device Version"]

        # 3. Send removal commands
        # config_remove = show_tacacs_list[i]["Removal Config"]
        config_remove = cisco_device["Removal_Config"]=show_tacacs_list[i]["Removal Config"]
        config_remove_list = []
        for line in config_remove:
            config_remove_list.append(line)
        check_tacacs_cmds_iosxe.send_config_file(connection,config_remove_list)
        

        # 4. Send config file for newtacacs.cfg
        show_cmds.conf_dev_type(connection, cisco_device, ios12config_file, ios15config_file, iosxeconfig_file, nxosconfig_file)
        
    
        # 5. Send show commands to check2
        print("\nGetting AAA & TACACS")
        show_tacacs, removal_conf = show_cmds.get_tacacs(connection, dev_details)

        show_tacacs_dict = {"IP Address":host_ip, 
                        "Hostname":hostname, 
                        "Username":host_username, 
                        "Current Config":show_tacacs}      
        configured_list.append(show_tacacs_dict)


        # 6. Close Connection
        check_tacacs_cmds_iosxe.close_connection(connection)
        i += 1
    
    except:
        error = cisco_device["host"]
        print(f"There is an error connecting to {error}" )
        print("Continuing...\n")
        error_ips.append(cisco_device["host"])
        i += 1

The check of the file type is performed in the deviceConnection.py file.

    def conf_dev_type(self, connection, cisco_device, ios12config_file, ios15config_file, iosxeconfig_file, nxosconfig_file):

        if cisco_device["Device_Version"] == "ios12":
            config_file = ios12config_file
            print("ios12")
        elif cisco_device["Device_Version"] == "ios15":
            config_file = ios15config_file
            print("ios15")
        elif cisco_device["Device_Version"] == "iosxe":
            config_file = iosxeconfig_file
            print("iosxe")
        elif cisco_device["Device_Version"] == "nxos":
            config_file = nxosconfig_file
            print("nxos")
        else:
            print("unknown")
        
        BaseConn.send_config_file(self, connection, config_file)

Script Check TACACS Output

$ python ios_xe_a1_run.py
SSH connection established to 192.168.122.102:22
Interactive SSH session established
Hostname: R1
IP Address: 192.168.122.102
Getting Version
ios15

Getting AAA & TACACS

Closing connection
##############################

SSH connection established to 192.168.122.194:22
Interactive SSH session established
Hostname: R2
IP Address: 192.168.122.194
Getting Version
ios15

Getting AAA & TACACS

Closing connection
##############################

SSH connection established to 192.168.122.98:22
Interactive SSH session established
Hostname: R3
IP Address: 192.168.122.98
Getting Version
ios15

Getting AAA & TACACS

Closing connection
##############################

SSH connection established to 192.168.122.105:22
Interactive SSH session established
Hostname: R4
IP Address: 192.168.122.105
Entering the enable mode ...
Getting Version
iosxe

Getting AAA & TACACS

Closing connection
##############################

SSH connection established to 192.168.122.107:22
Interactive SSH session established
Hostname: R5
IP Address: 192.168.122.107
Getting Version
ios12

Getting AAA & TACACS

Closing connection
##############################

SSH connection established to 192.168.122.104:22
Interactive SSH session established
Hostname: NX1_v7
IP Address: 192.168.122.104
Getting Version
nxos

Getting AAA & TACACS

Closing connection
##############################

IP Address	Hostname	Username	Current Config	Removal Config	Device Version
192.168.122.102	R1	admin	aaa new-model aaa session-id common	#Nothing to do	ios15
192.168.122.194	R2	skelly	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common tacacs-server host 192.168.122.97 key 123abc tacacs-server host 192.168.122.99 key 123abc	no aaa authentication login IPCISCOAUTH group tacacs+ local no aaa authorization exec default group tacacs+ no aaa accounting exec default start-stop group tacacs+ no tacacs-server host 192.168.122.97 key 123abc no tacacs-server host 192.168.122.99 key 123abc	ios15
192.168.122.98	R3	admin	aaa new-model aaa session-id common	#Nothing to do	ios15
192.168.122.105	R4	admin	aaa new-model aaa session-id common	#Nothing to do	iosxe
192.168.122.107	R5	admin	aaa new-model aaa session-id common	#Nothing to do	ios12
192.168.122.104	NX1_v7	admin	feature tacacs+	#Nothing to do	nxos

Script Configure TACACS Output

Please enter the file name of the IOS 12 config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the IOS 15 config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the IOS XE config file to apply to devices: iosnewtacacs.cfg
Please enter the file name of the NXOS config file to apply to devices: nxosnewtacacs.cfg
SSH connection established to 192.168.122.102:22
Interactive SSH session established
Hostname: R1
IP Address: 192.168.122.102
Entering the config mode ...

Applying config...

Config Complete...

ios15
Config file to be applied
aaa new-model
aaa session-id common
aaa authentication login IPCISCOAUTH group tacacs+ local


tacacs server NEWTACACS
address ipv4 192.168.122.136
key 123abc
address ipv4 192.168.122.137
key 123abc


line vty 0 15
login authentication IPCISCOAUTH

aaa authorization exec default group tacacs+
aaa accounting exec default start-stop group tacacs+


Entering the config mode ...

Applying config...

Config Complete...


Getting AAA & TACACS

Getting AAA & TACACS

Closing connection
##############################

IP Address	Hostname	Username	Current Config
192.168.122.102	R1	admin	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common tacacs server NEWTACACS
192.168.122.194	R2	skelly	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common tacacs-server host 192.168.122.97 key 123abc tacacs-server host 192.168.122.99 key 123abc tacacs server NEWTACACS
192.168.122.98	R3	admin	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common tacacs server NEWTACACS
192.168.122.105	R4	admin	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common tacacs server NEWTACACS
192.168.122.107	R5	admin	aaa new-model aaa authentication login IPCISCOAUTH group tacacs+ local aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa session-id common
192.168.122.104	NX1_v7	admin	feature tacacs+ ip tacacs source-interface Ethernet2/1 tacacs-server host 192.168.122.137 key 7 “123ftc” aaa group server tacacs+ NEWTACACS aaa authentication login default group NEWTACACS tacacs-server directed-request