CCIE Ep.1 Network Automation and programability — believe-in-erasing.au
Python3 and Cisco archive tool
A l w a y s Automate boring tasks!
Hi Networkers, today we’ll use simple but powerful automation tools for backuping Cisco device configuration.
ARCHIVE
First tool is called archive. It’s available nativaly on Cisco IOS and Cisco NXOS. That include switches, AP’s, Routers. Maybe available on others devices type too.
This simple tool allow network administrator export device configuration to local or remote file system and log what was change, who did it and encrypt password configuration on a log view:
Use FTP or/and SCP is a good idea.
crashinfo-1: Write archive on crashinfo-1: file system
crashinfo-2: Write archive on crashinfo-2: file system
crashinfo: Write archive on crashinfo: file system
flash-1: Write archive on flash-1: file system
flash-2: Write archive on flash-2: file system
flash: Write archive on flash: file system
ftp: Write archive on ftp: file system
http: Write archive on http: file system
https: Write archive on https: file system
rcp: Write archive on rcp: file system
scp: Write archive on scp: file system
stby-crashinfo: Write archive on stby-crashinfo: file system
stby-flash: Write archive on stby-flash: file system
stby-usbflash0: Write archive on stby-usbflash0: file system
tftp: Write archive on tftp: file system
usbflash0-1: Write archive on usbflash0-1: file system
usbflash0-2: Write archive on usbflash0-2: file system
usbflash0: Write archive on usbflash0: file systemArchive configuration
!FTP user configuration
switch-josy(config)# ip ftp source-interface vlan99
switch-josy(config)#ip ftp username ftp.user
switch-josy(config)#ip ftp password passNONsecret:(
switch-josy(config)#service password-encryption!archive configuration
switch-josy(config)#archive
switch-josy(config-archive)#log config
switch-josy(config-archive-log-cfg)#logging enable
switch-josy(config-archive-log-cfg)#hidekeys
switch-josy(config-archive)#path ftp://{server}/diretory/$h.cfg
switch-josy(config-archive)# write-memory
switch-josy(config-archive)#time-period 1440 !minutes
note variable $h contains device hostname
!verification command reference!Last tem backup history
switch-josy#show archive
!Force backup
switch-josy#archive config
!show changes
switch-josy#show archice log config all|statistics|user
PROS:
No externo service is needed;
Simple configuration;
Accounting.
CONS:
Must configure all device one by one;
backup delay based on minutes and not based on calendar.
NETMIKO is the powerfull python library that’s allow SSH conections with a lots of plataforms. That’s include:
- Arista vEOS
- Cisco ASA
- Cisco IOS
- Cisco IOS-XE
- Cisco IOS-XR
- Cisco NX-OS
- Cisco SG300
- HP ProCurve
- Juniper Junos
- Linux
and moooooooooore.
NETMIKO CONFIGURATION
from netmiko import ConnectHandlerRTR-josy = {
'device_type': 'cisco_nxos',
'ip': '192.0.2.1',
'username': 'user-lvl1',
'password': 'passNONsecret:('}RTR-seni = {
'device_type': 'cisco_ios',
'ip': '192.0.2.2',
'username': 'user-lvl1',
'password': 'passNONsecret:('
}SWITCHLIST = [RTR-josy, RTR-seni]for devices in SWITCHLIST:
net_connect = ConnectHandler(**devices)
cmd0 = net_connect.send_command('copy running-config ftp://user:pass@ftp-path vrf vrf-name')orcmd1 = net_connect.send_command('copy running-config ftp://ftp-path)
net_connect.disconnect()
Crontab
Crontab is a deamon available on unix-like system to help automate and scheldule tasks. In our case, crontab will be used to run our script everyday on 7 AM.
$ sudo crontab -u roor -e
00 7 * * * /usr/bin/python3.7 /home/rafael.alves/devices-bckp.pyPROS:
Example configuration available on netmiko web page;
Centralized configuration;
configured once a time.
CONS:
understand basic of python and libraries;
A linux server or container is needed.
