By:
On:
In: automation, Scripting
With: 0 Comments

The existing Windows-Comman-Script has been enhanced so it now waits until the Router-VM is up got an IP-Address assigned using DHCP. For Demonstration-Purposes an SSH-Connection will be established. The public-key of my laptop-ssh-client is part of the slipstreamed Router-Configuration. Deploy a Router-VM with hostname „CSY“. Establish an SSH-Connection to the discovered Router-IP: Have a look to the startup-config used: This is the „CMD“-Script used:Read More →

By:
On:
In: automation, Scripting
With: 0 Comments

The following version adds a „-c“ option: „Connected IP-Address“-Check. the script exits, when the Router-VM is up and running and has an usable IP-Address The Script still checks all CDP-Packets received at the specified Interface: If the Sender has the correct „Hostname“ it reads the CDP-Management-IP-Address announced. This IP-Address has to be within the IP-Range of any connected IP-Network at the specified Interface. So it’ll be possible to establish a SSH-Session to the router-VM.Read More →

By:
On:
In: automation, Scripting, Windows
With: 0 Comments

After provisioning a new Cisco CSR1000V-Router this script waits until the router is fully deployed got it’s Management-IP-Address assigned via DHCP. and returns this Management IP-Address. Prepare First, install „netaddr“-package. needed to check, if the management-IP of the CDP-Neighbor is in the correct IP-Subnet the „wait-for-CDP“-Script Obviously far to much hard-coded stuff, just as an example 😉 waiting for a CDP-Neighbor to appear with the following properties: hostname „CSR-A“ an IP-Address within the network „192.168.56.0 /24“ at the interface VirtualBox Host-Only-Network Provision a new CSR1000V Router named „CSR-A“ Run the „wait-for-CDP-Neighbor“-Script In a second CMD-Box, and… Be patient, of course. Or store the returned IP-AddressRead More →

By:
On:
In: Scripting
With: 0 Comments

Watch and decode Cisco Discovery Protocol Packetes. CDP Monitor-Script Inspired by the Scapy ARP-Monitor i created an CDP-Monitor displaying hostname and an optional Management-IP-Address. Real-Life Example Run this script: Open another CMD-Window to spin up a new CSR1000V-Router: Go back to the „python“-Screen and wait: It works, the IOS-XE CSR1000V-Router is installed and it got it’s baseline-config applied: Hostname Interface set to „ip address dhcp“ CDP enabled takes some time, but these first CDP-Packets captured were not sent in 60s interval, so don’t be scared 😉Read More →

By:
On:
In: Scripting
With: 0 Comments

It’s hard to believe, how easy it is to capture (and to craft) LAN-Data using Python Scapy. I need to capture CDP-Packets and to extract information like the hostname of the sender and it’s IP-Address. As an modification of the „ARP-Monitor“-example taken from the manual Using scapy in your tools. Scapy Installation nothing special: pip install Python: Install Scapy Example: List all Interfaces of my Laptop Capture 10 Packets on a specific interface Capture CDP-Packets Decode CDP (with inactive dissector) Activate the CDP-Parser Capture again and display CDP-Information as cleartext Decode CDP-Hostname Decode CDP-Management-IP-AddressRead More →

By:
On:
In: automation
With: 0 Comments

In a lab environment it might be handy to quickly rollout new (virtual) routers without much manual intervention. The following script creates a VirtualBox-VM and boots it up. Prepare Install VirtualBox and have a CSR1000V-ISO-File ready. Execute The Inventory populates: Use it After another reboot the serial console can be accessed by a windows pipe: The pipe provides access to the serial-console:Read More →

By:
On:
In: client, linux
With: 0 Comments

It’s a two step process to get rid of insecure username/password-authentication. Generate a RSA keypair at your SSH-client btw. Cisco-IOS doesn’t support DSA-keys Configure your network device(s) to assign the (public-)key of this keypair to an user-account This user-account could get privileges from a Radius/TACACS+-Server which could provide access-logs, too. Generate RSA-Key: Windows as SSH-Client I prefer Putty, usually in form of „mRemoteNG“, so i use PuttyGen to generate the RSA keypair. Windows.Start => PuttyGen (x) RSA, 4096-bits are supported, use it [Generate] move the mouse to improve the randomgenerator change the „comment“ – for example replace it by an username add a passphrase –Read More →

By:
On:
In: automation, linux
With: 0 Comments

The CSR1000V-Router has already been prepared (Create a CSR1000V-Instance with nested Virtualiation support) and in (Part 4: Package the Service-VM into an OVA) we copied the OVA-Image of our „ubuntu-server“-VM to this Router. Add the internal Network-Interface between Router and Service-VM Install the Service-VM Activate the installed Service-VM Access the VM using the (virtual) Serial-Console Logout: 3x [CTRL]+ Access the VM using SSH via the internal Network Check the local python/NAPALM-Setup to get facts about the containing routerRead More →

By:
On:
In: automation, linux
With: 0 Comments

In real life an hardware-ISR/ASR-Router might be the correct choice. Create a CSR1000v-Instance with nested Virtualization support But since the CSR1000v-Router supports Service-Containers, too – this is the chance to prove the setup in a lab environment: IOS-XE 3.17 is the first supported release, i’ll go with IOS-XE 16.7.1 Option to enable unsigned containers any 3rd party KVM Libvirt based format / YAML manifest file Requires 4GB+ dedicated RAM ASR1000, ISR4000, CSR1000 5 Minutes to deploy the virtual CSR1000v-Router using COT I’ll use COT (Common OVF Tool (COT) – Automated Lab-Router Deployment) to deploy my CSR1000v-Router: Boot the Router Check the Virtualization-Environment: fail 🙁 MachineRead More →

By:
On:
In: automation, linux
With: 0 Comments

Network Hosted Kernel Virtual Machine (KVM) Many Cisco Routers allow you to host your own virtual machine directly inside a router. DevNet: Cisco IOS KVM Service-Containers CSR 1000v ISR 4000 ASR 1000 I went through the documentation, especially Service-Containers-Tutorial.pdf and Ubuntu – Building a Service Container.pdf where very helpful. But i didn’t want to go the „Ubuntu-Desktop-14.04-LTS“-way which was described. „My“ Service-Container-VM should be: Ubuntu 16.04 LTS provides longer support (April 2021) Releases – Ubuntu Wiki Ubuntu Server save some compute/cpu/dram/harddisk-ressources by not installing an Ubuntu-Desktop-Environment inside the Router. Just network services, please! The whole deployment process can be accomplished in five steps: build aRead More →