Network engineers often face the task of copy/pasting certain fragments from a notepad to the console. You usually have to copy several parameters: Username/Password and something else. The use of scripts allows you to speed up this process. BUT the tasks of writing the script and executing the script should take less time in total than manual configuration, otherwise the scripts are useless.
What is this article for? This article is from the Fast Start series and is aimed at saving network engineers time when setting up equipment (single task) on multiple devices. Uses SecureCRT software and built-in script execution functionality.
Content
Introduction
The SecureCRT program has a built-in script execution mechanism out of the box. What are terminal scripts for?
- Automated I/O, and minimal I/O validation.
- Speed ββup the execution of routine tasks - reducing pauses between equipment settings. (De facto reduction of pauses caused by time to perform copy/past actions on the same hardware, with 3 or more command fragments to be applied to hardware.)
This document covers the tasks:
- Creation of simple scripts.
- Running scripts on SecureCRT.
- Examples of using simple and advanced scripts. (Practice from real life.)
Creation of simple scripts.
The simplest scripts use only two commands, Send and WaitForString. This functionality is enough for 90% (or more) of the tasks performed.
Scripts can work in Python, JS, VBS (Visual Basic), Perl, etc.
Python
# $language = "Python"
# $interface = "1.0"
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("r")
crt.Screen.WaitForString("name")
crt.Screen.Send("adminr")
crt.Screen.WaitForString("Password:")
crt.Screen.Send("Password")
crt.Screen.Synchronous = False
main()
Usually a file with the extension "*.py"
VBS
# $language = "VBScript"
# $interface = "1.0"
Sub Main
crt.Screen.Synchronous = True
crt.Screen.Send vbcr
crt.Screen.WaitForString "name"
crt.Screen.Send "cisco" & vbcr
crt.Screen.WaitForString "assword"
crt.Screen.Send "cisco" & vbcr
crt.Screen.Synchronous = False
End Sub
Usually a file with the extension "*.vbs"
Create a script using a script entry.
Allows you to automate the process of writing a script. You start writing a script. SecureCRT records the commands and the subsequent hardware response and displays the finished script for you.
A. Start writing script:
SecureCRT Menu => Script => Start Recording Script
b. Perform actions with the console (perform configuration steps in the CLI).
V. Finish writing the script:
SecureCRT Menu => Script => Stop Recording Scriptβ¦
Save the script file.
Example of executed commands and saved script:
Running scripts on SecureCRT.
After creating/editing the script, a natural question arises: How to apply the script?
There are several ways:
- Running manually from the Script menu
- Automatic start after connection (logon script)
- Automatic logon without using a script
- Triggering manually with a button in SecureCRT (a button has yet to be created and added to SecureCRT)
Running manually from the Script menu
SecureCRT Menu => Script => Runβ¦
- The last 10 scripts are remembered and available for quick launch:
SecureCRT menu => Script => 1 "Script file name"
SecureCRT menu => Script => 2 "Script file name"
SecureCRT menu => Script => 3 "Script file name"
SecureCRT menu => Script => 4 "Script file name"
SecureCRT menu => Script => 5 "Script file name"
Automatic start after connection (logon script)
Automatic logging script settings are configured for the saved session: Connection => Logon Actions => Logon script
Automatic logon without using a script
It is possible to automatically enter the username of the password without writing a script, using only the built-in functionality of SecureCRT. In the connection settings βConnectionβ => Logon Actions => Automate logon - you need to fill in several bundles - which mean the pairs: βExpected textβ + βSent characters to this textβ there can be many such pairs. (Example: 1st pair waiting for username, second waiting for password, third waiting for privileged mode prompt, fourth pair for privileged mode password.)
Example of automatic logon on Cisco ASA:
Triggering manually with a button in SecureCRT (a button has yet to be created and added to SecureCRT)
In SecureCRT, you can assign a script to a button. The button is added to a panel specially created for this purpose.
A. Adding a panel to the interface: SecureCRT Menu => View => Button Bar
b. Add a button to the panel and add a script. β Right-click on the Button Bar and select βNew buttonβ¦β from the context menu.
V. In the "Map Button" dialog box, in the "Action" field, select the "Run Script" action (function).
Specify a caption for the button. The color for the button icon. Finish the settings by clicking Ok.
Note:
The panel with buttons is very useful functionality.
1. It is possible, when Logon to a specific session, to specify which panel to open to this tab by default.
2. It is possible to set predefined actions for standard actions with equipment: show show version, show running-config, save configuration.
No script is attached to these buttons. Action line only:
Setting - so that when switching to a session, the necessary panel with buttons opens in the session settings:
It makes sense for the customer to set up individual scripts for Login and go to the panel with frequent commands for the vendor.
When you press the Go Cisco button, the panel switches to the Cisco Button Bar.
Examples of using simple and advanced scripts. (Practice from real life.)
Simple scripts are enough for almost all occasions. But once I needed to complicate the script a little - to speed up the work. This complication simply requested additional data in a dialog box from the user.
Requesting data from the user using a dialog box
I had 2 in the data request script. This is the Hostname and the 4th octet of the IP address. To perform this action - I googled how to do it and found it on the official website of SecureCRT (vandyke). - the functionality is called prompt.
crt.Screen.WaitForString("-Vlanif200]")
hostnamestr = crt.Dialog.Prompt("Enter hostname:", "hostname", "", False)
ipaddressstr = crt.Dialog.Prompt("Enter ip address:", "ip", "", False)
crt.Screen.Send("ip address 10.10.10.")
crt.Screen.Send(ipaddressstr)
crt.Screen.Send(" 23r")
crt.Screen.Send("quitr")
crt.Screen.Send("sysname ")
crt.Screen.Send(hostnamestr)
crt.Screen.Send("r")
This part of the script asked for Hostname and numbers from the last octet. Since there were 15 pieces of equipment. And the data was presented in a table, then I copied the values ββ\uXNUMXb\uXNUMXbfrom the table and pasted it into the dialog boxes. Further the script worked independently.
FTP copying to network equipment.
This script launched my command window (shell) and copied data via FTP. At the end, close the session. It is impossible to use notepad for this, because copying takes a very long time and the data in the FTP buffer will not be stored for that long:
# $language = "Python"
# $interface = "1.0"
# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("ftp 192.168.1.1r")
crt.Screen.WaitForString("Name")
crt.Screen.Send("adminr")
crt.Screen.WaitForString("Password:")
crt.Screen.Send("Passwordr")
crt.Screen.WaitForString("ftp")
crt.Screen.Send("binaryr")
crt.Screen.WaitForString("ftp")
crt.Screen.Send("put S5720LI-V200R011SPH016.patr")
crt.Screen.WaitForString("ftp")
crt.Screen.Send("quitr")
crt.Screen.Synchronous = False
main()
Entering username/password using a script
At one customer access to network equipment directly was closed. It was possible to enter the equipment by first connecting to the Default Gateway, and from it then to the equipment connected to it. The ssh client built into the IOS/hardware software was used to connect. Accordingly, the username and password were requested in the console. With the script below, the username and password were entered automatically:
# $language = "Python"
# $interface = "1.0"
# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("snmpadminr")
crt.Screen.WaitForString("assword:")
crt.Screen.Send("Passwordr")
crt.Screen.Synchronous = False
main()
Note: There were 2 scripts. One for the administrator account, the second for the eSIGHT account.
Script with the ability to directly append data during script execution.
The task was to add a static route on all network equipment. But the gateway to the Internet on each equipment was different (and it differed from the default gateway). The following script displayed the routing table, entered the configuration mode, did not write the command to the end (the IP address of the gateway to the Internet) - I added this part. After I pressed Enter, the script continued to execute the command.
# $language = "Python"
# $interface = "1.0"
# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("Zdes-mogla-bit-vasha-reklamar")
crt.Screen.WaitForString("#")
crt.Screen.Send("show run | inc ip router")
crt.Screen.WaitForString("#")
crt.Screen.Send("conf tr")
crt.Screen.WaitForString("(config)#")
crt.Screen.Send("ip route 10.10.10.8 255.255.255.252 ")
crt.Screen.WaitForString("(config)#")
crt.Screen.Send("endr")
crt.Screen.WaitForString("#")
crt.Screen.Send("copy run star")
crt.Screen.WaitForString("[startup-config]?")
crt.Screen.Send("r")
crt.Screen.WaitForString("#")
crt.Screen.Send("exitr")
crt.Screen.Synchronous = False
main()
In this script, in the line: crt.Screen.Send("ip route 10.10.10.8 255.255.255.252 ") the IP address of the gateway is not added and there is no carriage return character. The script is waiting for the next line with the characters "(config) #" These characters appeared after I entered the ip address and enter.
Conclusion:
When writing a script and executing it, the rule must be followed: The time for writing a script and executing a script should never be more than the time theoretically spent on doing the same work manually (copy / paste from a notepad, writing and debugging a playbook for ansible, writing and debugging python script). That is, the use of the script should save time, and not waste time on one-time automation of processes (i.e., when the script is unique and there will be no more repetition). But if the script is unique and automation with the script and writing / debugging the script takes less time than doing it in any other way (ansible, command window), then the script is the best solution.
Debugging a script. The script grows gradually, debugging takes place on the run-in on the first, second, third device, and by the fourth the script will most likely be fully operational.
Running a script (by entering username+password) with the mouse is usually faster than copying Username and Password from a notepad. But not safe from a security point of view.
Another (real) example when using a script: You do not have direct access to network equipment. But there is a need to configure all network equipment (bring it into the monitoring system, configure an additional Username/password/snmpv3username/password). There is access when you go to the Core switch, from it you open SSH to other equipment. Why can't you use Ansible. - Because we run into a limit on the number of allowed simultaneous sessions on network equipment (line vty 0 4, user-interface vty 0 4) (another question is how to start different equipment in Ansible with the same SSH first hop).
The script reduces time during long operations - for example, copying files via FTP. After copying is completed, the script immediately starts working. A person will need to see the end of copying, then realize the end of copying, then enter the appropriate commands. The script does it objectively faster.
Scripts are applicable where it is impossible to use mass data delivery tools: Console. Or when some of the data for the equipment is unique: hostname, management ip address. Or when writing a program and debugging it is more difficult than adding data received from the equipment while the script is running. - An example with a script for prescribing a route, when each equipment has its own IP address of the Internet provider. (My colleagues wrote such scripts - when the DMVPN spoke was over 3. It was necessary to change the DMVPN settings).
Case Study: Configuring Initial Settings on a New Switch Using the Console Ports:
A. Plugged the console cable into the device.
B. Run the script
B. Waited for the execution of the script
D. Plugged the console cable into the next device.
E. If the switch is not the last one, go to step B.
As a result of the script's work:
- the initial password is set on the equipment.
- Username entered
- the unique IP address of the device is entered.
PS the operation had to be repeated. Because Default ssh was not configured/disabled. (Yes, this is my mistake.)
Used sources.
1.
2.
Appendix 1: Sample scripts.
An example of a long script, with two queries: Hostname and IP address. It was created for presetting equipment through the console (9600 baud). And also to prepare the connection of equipment to the network.
# $language = "Python"
# $interface = "1.0"
# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("r")
crt.Screen.WaitForString("name")
crt.Screen.Send("adminr")
crt.Screen.WaitForString("Password:")
crt.Screen.Send("Passwordr")
crt.Screen.Send("sysr")
crt.Screen.WaitForString("]")
crt.Screen.Send("interface Vlanif 1r")
crt.Screen.WaitForString("Vlanif1]")
crt.Screen.Send("undo ip addressr")
crt.Screen.Send("shutdownr")
crt.Screen.Send("vlan 100r")
crt.Screen.Send(" description description1r")
crt.Screen.Send(" name description1r")
crt.Screen.Send("vlan 110r")
crt.Screen.Send(" description description2r")
crt.Screen.Send(" name description2r")
crt.Screen.Send("vlan 120r")
crt.Screen.Send(" description description3r")
crt.Screen.Send(" name description3r")
crt.Screen.Send("vlan 130r")
crt.Screen.Send(" description description4r")
crt.Screen.Send(" name description4r")
crt.Screen.Send("vlan 140r")
crt.Screen.Send(" description description5r")
crt.Screen.Send(" name description5r")
crt.Screen.Send("vlan 150r")
crt.Screen.Send(" description description6r")
crt.Screen.Send(" name description6r")
crt.Screen.Send("vlan 160r")
crt.Screen.Send(" description description7r")
crt.Screen.Send(" name description7r")
crt.Screen.Send("vlan 170r")
crt.Screen.Send(" description description8r")
crt.Screen.Send(" name description8r")
crt.Screen.Send("vlan 180r")
crt.Screen.Send(" description description9r")
crt.Screen.Send(" name description9r")
crt.Screen.Send("vlan 200r")
crt.Screen.Send(" description description10r")
crt.Screen.Send(" name description10r")
crt.Screen.Send("vlan 300r")
crt.Screen.Send(" description description11r")
crt.Screen.Send(" name description11r")
crt.Screen.Send("quitr")
crt.Screen.WaitForString("]")
crt.Screen.Send("stp region-configurationr")
crt.Screen.Send("region-name descr")
crt.Screen.Send("active region-configurationr")
crt.Screen.WaitForString("mst-region]")
crt.Screen.Send("quitr")
crt.Screen.Send("stp instance 0 priority 57344r")
crt.Screen.WaitForString("]")
crt.Screen.Send("interface range GigabitEthernet 0/0/1 to GigabitEthernet 0/0/42r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("description Usersr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port link-type hybridr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("voice-vlan 100 enabler")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("voice-vlan legacy enabler")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port hybrid pvid vlan 120r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port hybrid tagged vlan 100r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port hybrid untagged vlan 120r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("stp edged-port enabler")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("trust 8021pr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control action blockr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control enable trapr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("quitr")
crt.Screen.Send("interface range GigabitEthernet 0/0/43 to GigabitEthernet 0/0/48r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("description Printersr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port link-type accessr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port default vlan 130r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("stp edged-port enabler")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("trust 8021pr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control action blockr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control enable trapr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("quitr")
crt.Screen.Send("interface range XGigabitEthernet 0/0/1 to XGigabitEthernet 0/0/2r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("description uplinkr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port link-type trunkr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port trunk allow-pass vlan 100 110 120 130 140 150 160 170 180 200r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("port trunk allow-pass vlan 300r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500r")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control action blockr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("storm-control enable trapr")
crt.Screen.WaitForString("port-group]")
crt.Screen.Send("quitr")
crt.Screen.Send("ntp-service unicast-server 10.10.10.4r")
crt.Screen.Send("ntp-service unicast-server 10.10.10.2r")
crt.Screen.Send("ntp-service unicast-server 10.10.10.134r")
crt.Screen.Send("ip route-static 0.0.0.0 0.0.0.0 10.10.10.254r")
crt.Screen.Send("interface Vlanif 200r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
crt.Screen.Send("r")
crt.Screen.WaitForString("-Vlanif200]")
hostnamestr = crt.Dialog.Prompt("Enter hostname:", "hostname", "", False)
ipaddressstr = crt.Dialog.Prompt("Enter ip address:", "ip", "", False)
crt.Screen.Send("ip address 10.10.10.")
crt.Screen.Send(ipaddressstr)
crt.Screen.Send(" 24r")
crt.Screen.Send("quitr")
crt.Screen.Send("sysname ")
crt.Screen.Send(hostnamestr)
crt.Screen.Send("r")
crt.Screen.WaitForString("]")
crt.Screen.Synchronous = False
main()
Such scripts are usually not needed, but the amount of equipment is 15 pcs. Allowed faster setup. It was faster to set up the equipment using the SecureCRT Command window.
Setting up an account for ssh.
Another example. Configuration is also via the console.
# $language = "Python"
# $interface = "1.0"
# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.
def main():
crt.Screen.Synchronous = True
crt.Screen.Send("r")
crt.Screen.WaitForString("name")
crt.Screen.Send("adminr")
crt.Screen.WaitForString("Password:")
crt.Screen.Send("Passwordr")
crt.Screen.WaitForString(">")
crt.Screen.Send("sysr")
crt.Screen.Send("stelnet server enabler")
crt.Screen.Send("aaar")
crt.Screen.Send("local-user admin service-type terminal ftp http sshr")
crt.Screen.Send("quitr")
crt.Screen.Send("user-interface vty 0 4r")
crt.Screen.Send("authentication-mode aaar")
crt.Screen.Send("quitr")
crt.Screen.Send("quitr")
crt.Screen.Synchronous = False
main()
About SecureCRT:Paid software: from $99 (the smallest price is only for SecureCRT for one year)
A software license is purchased once, with support (for updating), then the software is used with this license for an unlimited time.
Works on Mac OS X and Windows operating systems.
There is script support (this article)
There is
Serial/Telnet/SSH1/SSH2/Shell Operating System
Source: habr.com