By:
On:
In: automation, Scripting, Windows
With: 0 Comments

After provisioning a new Cisco CSR1000V-Router this script waits until the router is fully deployed got it’s Management-IP-Address assigned via DHCP. and returns this Management IP-Address. Prepare First, install „netaddr“-package. needed to check, if the management-IP of the CDP-Neighbor is in the correct IP-Subnet the „wait-for-CDP“-Script Obviously far to much hard-coded stuff, just as an example 😉 waiting for a CDP-Neighbor to appear with the following properties: hostname „CSR-A“ an IP-Address within the network „192.168.56.0 /24“ at the interface VirtualBox Host-Only-Network Provision a new CSR1000V Router named „CSR-A“ Run the „wait-for-CDP-Neighbor“-Script In a second CMD-Box, and… Be patient, of course. Or store the returned IP-AddressRead More →

By:
On:
In: Scripting
With: 0 Comments

It’s hard to believe, how easy it is to capture (and to craft) LAN-Data using Python Scapy. I need to capture CDP-Packets and to extract information like the hostname of the sender and it’s IP-Address. As an modification of the „ARP-Monitor“-example taken from the manual Using scapy in your tools. Scapy Installation nothing special: pip install Python: Install Scapy Example: List all Interfaces of my Laptop Capture 10 Packets on a specific interface Capture CDP-Packets Decode CDP (with inactive dissector) Activate the CDP-Parser Capture again and display CDP-Information as cleartext Decode CDP-Hostname Decode CDP-Management-IP-AddressRead More →

By:
On:
In: automation
With: 0 Comments

To enable immediate remote-access to brandnew deployed virtual Cisco CSR1000V-Routers by scripts, ansible etc. it’s necessary to predeploy the startup-config at least with public-rsa-keys etc. Prepare Download and install the nice tool http://CDBurnerXP. This will install a companion cli-tool cdbxpcmd.exe along with the GUI-Version. It’ll be used to prepare an ISO-„CDROM“ containing the prepared „startup-config“-file. Prepare Prepare an IOS-XE Configuration file… Modify the existing script These commands create the ISO-File in the %LOC%-Path. Mount this ISO to the VM The contained config-file will get automatically applied when the router boots the first time. Run the VM the config-file gets applied access the router This dependsRead More →

By:
On:
In: automation
With: 0 Comments

In a lab environment it might be handy to quickly rollout new (virtual) routers without much manual intervention. The following script creates a VirtualBox-VM and boots it up. Prepare Install VirtualBox and have a CSR1000V-ISO-File ready. Execute The Inventory populates: Use it After another reboot the serial console can be accessed by a windows pipe: The pipe provides access to the serial-console:Read More →

By:
On:
In: client, linux
With: 0 Comments

It’s a two step process to get rid of insecure username/password-authentication. Generate a RSA keypair at your SSH-client btw. Cisco-IOS doesn’t support DSA-keys Configure your network device(s) to assign the (public-)key of this keypair to an user-account This user-account could get privileges from a Radius/TACACS+-Server which could provide access-logs, too. Generate RSA-Key: Windows as SSH-Client I prefer Putty, usually in form of „mRemoteNG“, so i use PuttyGen to generate the RSA keypair. Windows.Start => PuttyGen (x) RSA, 4096-bits are supported, use it [Generate] move the mouse to improve the randomgenerator change the „comment“ – for example replace it by an username add a passphrase –Read More →

By:
On:
In: automation, linux
With: 0 Comments

…this article should have been published at 2017-11-23, i forgot to press the right botton. So, an update might be needed, anyone still interested in cot today? Release 2.1 (2018-01-29) is the current release, containing some fixes (https://github.com/glennmatthews/cot/blob/master/CHANGELOG.rst) COT installation using PIP So, let’s go, following thats embarassing. Install PIP first Try it again Optional: Argument-Completion Not essential, but handy. COT helpers A full installation requires so called „cot-helpers“ to use all features. first fix „fatdisk“ which is used to inject configs into OVA-Files uncomment to and run the helper-installation again: But it threw a lot of warnings.. warning: format ‘%lu’ expects argument of typeRead More →

By:
On:
In: automation, linux
With: 0 Comments

The CSR1000V-Router has already been prepared (Create a CSR1000V-Instance with nested Virtualiation support) and in (Part 4: Package the Service-VM into an OVA) we copied the OVA-Image of our „ubuntu-server“-VM to this Router. Add the internal Network-Interface between Router and Service-VM Install the Service-VM Activate the installed Service-VM Access the VM using the (virtual) Serial-Console Logout: 3x [CTRL]+ Access the VM using SSH via the internal Network Check the local python/NAPALM-Setup to get facts about the containing routerRead More →

By:
On:
In: automation, linux
With: 0 Comments

I’ll start at the KVM-Virtualization Host („Ubuntu Desktop“) again. Folder Structure I’ll create a folder „isr-service-container“ for common stuff (package.yaml, create_ova.sh) and a for each VM a dedicated sub-folder, today: „ubuntu-server16.04“ Download the Cisco-provided „templates.tar“ from GitHub (GitHub: Templates.tar). It contains: package.yaml create_ova.sh Prepare a compressed virtual harddisk of the „Ubuntu-Server“-VM Locate the original virtual harddisk: Convert the original „.qcow2“-File into a compressed „copy“: Change the Owner of this new file: I’ll change: Description: „KVM Ubuntu 16.04 LTS“ resources/vcpu: 1 disk/file: ubuntu-server16.04.qcow2 The vCPU# got decreased since the CSR1000v only supports Service-VMs with one vCPU. Another File „version.ver“ has to be created: the „version“ mustRead More →

By:
On:
In: automation
With: 0 Comments

Yesterday I attended a short presentation held by David Barroso introducing the NAPALM-„Validation“-Module. Configuring the Network fully automated is just half the way to go. Checking the Network-State the other half. Python-Script Had to try it out the easy-way using just python (without ansible) first: Static YAML-File Validating against the following static „validate.yaml“-File: leads to the following result Whats wrong with the Router? „nested = True“ means – the issue is downward in the datastructure. In the example, the first Object with „nested = False“ is „prefix_length“ The Prefix-Length („Subnet-Mask“) is wrong: wanted: /25-Bit configured: /24-Bit. Validate the output of commands which use additional parametersRead More →

By:
On:
In: automation, linux
With: 0 Comments

In real life an hardware-ISR/ASR-Router might be the correct choice. Create a CSR1000v-Instance with nested Virtualization support But since the CSR1000v-Router supports Service-Containers, too – this is the chance to prove the setup in a lab environment: IOS-XE 3.17 is the first supported release, i’ll go with IOS-XE 16.7.1 Option to enable unsigned containers any 3rd party KVM Libvirt based format / YAML manifest file Requires 4GB+ dedicated RAM ASR1000, ISR4000, CSR1000 5 Minutes to deploy the virtual CSR1000v-Router using COT I’ll use COT (Common OVF Tool (COT) – Automated Lab-Router Deployment) to deploy my CSR1000v-Router: Boot the Router Check the Virtualization-Environment: fail 🙁 MachineRead More →