Recently, I was involved in a project to re-architect the VLANs for 1000+ Servers. The idea was to move about 1000+ servers to their new VLANs in batches of about 250 servers. This process involved creating:
- New VLANs
- Configuring the ports of multiple switches
Each server was dual-homed to 2 switches (odd & even switches – switch1 & switch2) in different cabinets for redundancy. Some of the batches required making changes to 100+ switches at a time.
I used the following scripts to make the changes:
- Bash Script to obtain the TACACS username/password in order to log into the switch.
- Expect Script to create new VLANs.
- Expect Script to configure the ports.
This is the bash script that is utilized to obtain the TACACS username/password from the user and to log into each switch in the “switch-list.txt”. “switch-list.txt” is a normal file that contains the list of switches that require configuration changes.
VLAN Configuration Changes:
- Create a list of switches that needs to be changed. I utilized “vi” edit tool to open up a file “switch-list.txt” and paste the list of switch names. You can also use the IP addresses of the switches.
Example of switch-list.txt:
$ cat switch-list.txt
switch1
switch2
switch3
switch4
2. Create a bash script that will use the “switch-list.txt” file, obtain the username/password from the user and utilize the VLANConfig.exp expect script to create VLANs in the switches in the “switch-list.txt” file.
#!/bin/bash
# Collect the current user's ssh and enable passwords
echo -n "Enter the SSH password for $(whoami) "
read -s -e password
echo -ne '\n'
echo -n "Enter the Enable password for $(whoami) "
read -s -e enable
echo -ne '\n'
# Feed the expect script a device list & the collected passwords
for device in `cat ~/switch-list.txt`; do
./VLANConfig.exp $device $password $enable ;
done
3. This “VLANConfig.exp” Expect Script will create the right VLANs and this expect script is utilized in the bash script.
#!/usr/bin/expect -f
# Set variables
set hostname [lindex $argv 0]
set username $env(USER)
set password [lindex $argv 1]
set enablepassword [lindex $argv 2]
# Log results
log_file -a ~/results-VLAN1300.log
# Announce which device we are working on and at what time
send_user "\n"
send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
send "enable\n"
expect "*assword"
send "$enablepassword\n"
expect "*#"
}
}
# Configuration Changes
send "conf t\n"
expect "(config)#"
send "vlan 1300\n"
expect "(config-vlan)#"
send "name VLAN-WEB-1300\n"
expect "(config-vlan)#"
send "end\n"
expect "#"
send "write mem\n"
expect "#"
send "exit\n"
expect ":~\$"
exit
PORT Configuration Changes:
- This is the bash script that is utilized to collect the username/password and feed it to the expect script that will change the ports.
#!/bin/bash
# Collect the current user's TELNET and enable passwords
echo -n "Enter the TELNET password for $(whoami) "
read -s -e password
echo -ne '\n'
echo -n "Enter the Enable password for $(whoami) "
read -s -e enable
echo -ne '\n'
# Feed the expect script passwords
./PORTConfig.exp $password $enable2. This “PORTConfig.exp” Expect Script will change the relevant ports. In this script, the array contains the switch name and the ports that needs to be changed.
#!/usr/bin/expect -f
# Set variables
set username $env(USER)
set password [lindex $argv 0]
set enablepassword [lindex $argv 1]
# Log results
log_file -a ~/results-port.log
#Add switch & interfaces
array set interface {
switch1 "int range g1/3"
switch2 "int range g1/3"
switch3 "int range g1/6, g1/8, g1/10, g1/12"
switch4 "int range g1/6, g1/8, g1/10, g1/12"
}
foreach hostname [array names interface] {
# Announce which device we are working on and at what time
send_user "\n"
send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
send "enable\n"
expect "*assword"
send "$enablepassword\n"
expect "*#"
}
}
# Configuration Changes
send "conf t\n"
expect "(config)#"
send "$interface($hostname)\n"
expect "(config-if-range)#"
send "switchport access vlan 1300\n"
expect "(config-if-range)#"
send "end\n"
expect "#"
send "write mem\n"
expect "#"
send "exit\n"
expect ":~\$"
}
exit
Reference: Blog