Automating Cisco Switch Changes

Recently, I was involved in a project to re-architect the VLANs for 1000+ Servers. The idea was to move about 1000+ servers to their new VLANs in batches of about 250 servers. This process involved creating:

  • New VLANs
  • Configuring the ports of multiple switches

Each server was dual-homed to 2 switches (odd & even switches – switch1 & switch2) in different cabinets for redundancy. Some of the batches required making changes to 100+ switches at a time.

I used the following scripts to make the changes:

  • Bash Script to obtain the TACACS username/password in order to log into the switch.
  • Expect Script to create new VLANs.
  • Expect Script to configure the ports.

This is the bash script that is utilized to obtain the TACACS username/password from the user and to  log into each switch in the “switch-list.txt”. “switch-list.txt” is a normal file that contains the list of switches that require configuration changes.

VLAN Configuration Changes:

  1. Create a list of switches that needs to be changed. I utilized “vi” edit tool to open up a file “switch-list.txt” and paste the list of switch names. You can also use the IP addresses of the switches.

Example of switch-list.txt:


 $ cat switch-list.txt
 switch1
 switch2
 switch3
 switch4
 

2. Create a bash script that will use the “switch-list.txt” file, obtain the username/password from the user and utilize the VLANConfig.exp expect script to create VLANs in the switches in the “switch-list.txt” file.


 #!/bin/bash
 # Collect the current user's ssh and enable passwords
 echo -n "Enter the SSH password for $(whoami) "
 read -s -e password
 echo -ne '\n'
 echo -n "Enter the Enable password for $(whoami) "
 read -s -e enable
 echo -ne '\n'
 # Feed the expect script a device list & the collected passwords
 for device in `cat ~/switch-list.txt`; do
 ./VLANConfig.exp $device $password $enable ;
 done
 

3. This “VLANConfig.exp” Expect Script will create the right VLANs and this expect script is utilized in the bash script.


#!/usr/bin/expect -f
# Set variables
 set hostname [lindex $argv 0]
 set username $env(USER)
 set password [lindex $argv 1]
 set enablepassword [lindex $argv 2]
# Log results
 log_file -a ~/results-VLAN1300.log
# Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
 send "enable\n"
 expect "*assword"
 send "$enablepassword\n"
 expect "*#"
 }
 }
# Configuration Changes
 send "conf t\n"
 expect "(config)#"
 send "vlan 1300\n"
 expect "(config-vlan)#"
 send "name VLAN-WEB-1300\n"
 expect "(config-vlan)#"
 send "end\n"
 expect "#"
 send "write mem\n"
 expect "#"
 send "exit\n"
 expect ":~\$"
 exit

PORT Configuration Changes:

  1. This is the bash script that is utilized to collect the username/password and feed it to the expect script that will change the ports.

 #!/bin/bash
 # Collect the current user's TELNET and enable passwords
 echo -n "Enter the TELNET password for $(whoami) "
 read -s -e password
 echo -ne '\n'
 echo -n "Enter the Enable password for $(whoami) "
 read -s -e enable
 echo -ne '\n'
 # Feed the expect script passwords
 ./PORTConfig.exp $password $enable

2. This “PORTConfig.exp” Expect Script will change the relevant ports. In this script, the array contains the switch name and the ports that needs to be changed.


#!/usr/bin/expect -f
# Set variables
 set username $env(USER)
 set password [lindex $argv 0]
 set enablepassword [lindex $argv 1]
# Log results
 log_file -a ~/results-port.log
#Add switch & interfaces
 array set interface {
 switch1 "int range g1/3"
 switch2 "int range g1/3"
 switch3 "int range g1/6, g1/8, g1/10, g1/12"
 switch4 "int range g1/6, g1/8, g1/10, g1/12"
 }
foreach hostname [array names interface] {
 # Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
 send "enable\n"
 expect "*assword"
 send "$enablepassword\n"
 expect "*#"
 }
 }
# Configuration Changes
 send "conf t\n"
 expect "(config)#"
 send "$interface($hostname)\n"
 expect "(config-if-range)#"
 send "switchport access vlan 1300\n"
 expect "(config-if-range)#"
 send "end\n"
 expect "#"
 send "write mem\n"
 expect "#"
 send "exit\n"
 expect ":~\$"
 }
 exit

Reference: Blog