Ansible and VOSS

Posted on by
Reply

This took me some time to get to work using Windows / Cygwin and my GNS3 VOSS simulated switch.

I struggled with getting Ansible + SSH to work from within Cygwin using key based authentication. But I wanted to test Ansible and Ansible-Playbook against VOSS so I persevered with simple user and password authentication which I got to work using a combination of files (ansible.cfg, inventory file = hosts and a test.yml file to run a single show command and display the output).

Hosts file

-bash-4.4$ cat ./inventory/hosts
[voss]
192.168.211.10
[voss:vars]
ansible_ssh_common_args=’-o StrictHostKeyChecking=no’
ansible_network_os=voss
ansible_connection=network_cli
ansible_ssh_pass=rwa
Ansible.cfg
-bash-4.4$ cat ansible.cfg
[defaults]
inventory = inventory
host_key_checking = False
[ssh_connection]
ansible_connection=network_cli
ssh_args = -o ControlMaster=no

First stage, was to get a ‘Pong’ response to my ‘Ping’:

-bash-4.4$ ansible -i ./inventory/hosts voss -u rwa -m ping -c network_cli -e ansible_network_os=voss

192.168.211.10 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“ping”: “pong”

Next, I wanted to run Ansible which would login to the switch and run a simple command:

-bash-4.4$ ansible -i ./inventory/hosts voss -u rwa -m voss_command -a “commands=’show clock'”

192.168.211.10 | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: false,
“stdout”: [
“Sat Jun 13 13:02:15 2020 UTC”
],
“stdout_lines”: [
[
“Sat Jun 13 13:02:15 2020 UTC”
]
]
}

Now that Ansible could login and carry out a task I progressed to put a task into a Playbook:

-bash-4.4$ cat test.yml

– hosts: voss
  tasks:
– name: run show clock on remote devices
voss_command:
commands: show clock
           register: output
      – name: show output
debug:
var: output
-bash-4.4$ ansible-playbook test.yml
PLAY [voss] *********************************************************************
TASK [Gathering Facts] **********************************************************
ok: [192.168.211.10]
TASK [run show clock on remote devices] *****************************************
ok: [192.168.211.10]
TASK [show output] **************************************************************
ok: [192.168.211.10] => {
“output”: {
“changed”: false,
“failed”: false,
“stdout”: [
“Sat Jun 13 15:00:37 2020 UTC”
],
“stdout_lines”: [
[
“Sat Jun 13 15:00:37 2020 UTC”
]
]
}
}
PLAY RECAP **********************************************************************
192.168.211.10             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Checking stdout for a string…

– hosts: voss
gather_facts: false
  tasks:
– name: show run pipe prompt
voss_command:
commands:
– enable
– show run | i promptregister: output- name: show output

        when: output.stdout is search(‘VOSS1’)

debug:

            msg: ‘{{ output.stdout.1 }}’
###
Output snippet includes…
TASK [show output] *************************************************************
ok: [192.168.211.10] => {
“msg”: “prompt \”VOSS1\””
}
###
Add VLANs…

– hosts: voss
gather_facts: false
vars:
vlan_numbers: [100, 200]
tasks:
– name: add vlans
voss_config:
commands:
– vlan create {{ item }} type port-mstprstp 0
with_items: “{{ vlan_numbers }}”
become: yes
     register: output
###
-bash-4.4$ ansible-playbook test3.yml
PLAY [voss] ********************************************************************
TASK [add vlans] ***************************************************************
changed: [192.168.211.10] => (item=100)
changed: [192.168.211.10] => (item=200)
PLAY RECAP *********************************************************************
192.168.211.10             : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
###
VOSS1:1#show vlan basic | i ‘100’
100   VLAN-100         byPort       0       none         N/A             N/A             0
VOSS1:1#show vlan basic | i ‘200’
200   VLAN-200         byPort       0       none         N/A             N/A             0
###
Looping over a dictionary…

– hosts: voss
gather_facts: falsevars:
vlans: {
“100”: {“description”: “floor1”, “ip”: “1.1.1.1”},
“200”: {“description”: “floor2”, “ip”: “1.1.2.1”}
}
  tasks:
– name: add vlans
voss_config:
commands:
– vlan create {{ item.key }} type port-mstprstp 0
with_dict: “{{ vlans }}”
become: yes- name: configure vlans
voss_config:
commands:
– ip address {{ item.value.ip }}/24
parents: interface vlan {{ item.key }}
with_dict: “{{ vlans }}”
become: yes- name: name vlans
voss_config:
commands:
– vlan name {{ item.key }} {{ item.value.description }}
with_dict: “{{ vlans }}”
become: yes

###
Create a results folder and write results to a file using each host in the filename.

$ cat playbook1.yml

– name: “Play 1: Capture sys-info”

hosts: routers

connection: network_cli

tasks:

– name: “Task 1: Show sys-info”

voss_command:

commands: show sys-info

register: result

– name: “Task 2: Print output”

debug:

msg: “{{ result }}”

– name: “Task 3: Create files folder”

file:

path: “outputs”

state: directory

run_once: true

– name: “Task 4: Write stdout to file”

copy:

content: “{{ result.stdout[0] }}\n”

dest: “outputs/{{ inventory_hostname }}.txt”

###
References:

Nornir Script

Posted on by
Reply

Get ARP table from VSP switches…

from nornir import InitNornir
from nornir.plugins.tasks.networking import netmiko_send_command
from nornir.plugins.functions.text import print_result

nr = InitNornir()

result = nr.run(
task=netmiko_send_command,
command_string=”show ip arp”
)

print_result(result)

Hosts.yaml


voss-1:
hostname: ‘192.168.1.10’
port: 22
username: ‘rwa’
password: ‘rwa’
platform: ‘extreme_vsp’

voss-2:
hostname: ‘192.168.1.11’
port: 22
username: ‘rwa’
password: ‘rwa’
platform: ‘extreme_vsp’

Netmiko Script

Posted on by
Reply

Device_Type: Extreme_VSP

Get list of IP interfaces…

from netmiko import ConnectHandler
voss1 = {‘device_type’: ‘extreme_vsp’, ‘host’: ‘192.168.1.10’, ‘username’: ‘rwa’, ‘password’: ‘rwa’}
net_connect = ConnectHandler(**voss1)
net_connect.find_prompt()
output = net_connect.send_command(‘show ip interface’)
print(output)

Making a configuration change, for example, disabling FTPD…

from netmiko import ConnectHandler
voss2 = {‘device_type’: ‘extreme_vsp’, ‘host’: ‘192.168.1.11’, ‘username’: ‘rwa’, ‘password’: ‘rwa’}
net_connect = ConnectHandler(**voss2)
net_connect.find_prompt()
net_connect.enable()
net_connect.send_config_set([‘no boot config flags ftpd’])

Device_Type: Extreme_ERS

from netmiko import ConnectHandler
ers1 = {‘device_type’: ‘extreme_ers’, ‘host’: ‘192.168.1.5’, ‘username’: ‘RW’, ‘password’: ‘securepasswd’}
net_connect = ConnectHandler(**ers1)
net_connect.find_prompt()
output = net_connect.send_command(‘show system’)
print(output)

 

 

 

Paramiko Change Config

Posted on by
Reply

Paramiko script which logs in to VOSS and sets the FTPD boot flag.

Devices.json

{
“voss-1”: {“ip”: “192.168.1.10”},
“voss-2”: {“ip”: “192.168.1.11”}
}

Commands.txt

enable
config t
boot config flags ftpd
exit
save config
exit

Verify changes made to running-config and configuration file on intflash.

show run | I ftpd

show grep ftpd config.cfg

VSP-8284XSQ-1:1#show run | i ftpd
boot config flags ftpd
VSP-8284XSQ-1:1#grep ftpd config.cfg
boot config flags ftpd
VSP-8284XSQ-1:1#

Script:

import paramiko, getpass, time, json

with open(‘devices.json’, ‘r’) as f:
devices = json.load(f)

with open(‘commands.txt’, ‘r’) as f:
commands = f.readlines()

username = input(‘Username: ‘)
password = getpass.getpass(‘Password: ‘)

max_buffer = 65535

def clear_buffer(connection):
if connection.recv_ready():
return connection.recv(max_buffer)

# Starts the loop for devices
for device in devices.keys():
outputFileName = device + ‘_output.txt’
connection = paramiko.SSHClient()
connection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
connection.connect(devices[device][‘ip’], username=username, password=password, look_for_keys=False, allow_agent=False)
new_connection = connection.invoke_shell()
output = clear_buffer(new_connection)
time.sleep(2)
new_connection.send(“terminal more disable\n”)
output = clear_buffer(new_connection)
with open(outputFileName, ‘wb’) as f:
for command in commands:
new_connection.send(command)
time.sleep(2)
output = new_connection.recv(max_buffer)
print(output)
f.write(output)

new_connection.close()

Paramiko Script

Posted on by
Reply

Mastering Python Networking (Paramiko).

import paramiko, getpass, time

devices = {‘voss-1’: {‘ip’: ‘192.168.1.10’},
‘voss-2’: {‘ip’: ‘192.168.1.11’}}
commands = [‘enable\n’, ‘show software\n’, ‘show sys-info card\n’, ‘exit\n’]

username = input(‘Username: ‘)
password = getpass.getpass(‘Password: ‘)

max_buffer = 65535

def clear_buffer(connection):
if connection.recv_ready():
return connection.recv(max_buffer)

# Starts the loop for devices
for device in devices.keys():
outputFileName = device + ‘_output.txt’
connection = paramiko.SSHClient()
connection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
connection.connect(devices[device][‘ip’], username=username, password=password, look_for_keys=False, allow_agent=False)
new_connection = connection.invoke_shell()
output = clear_buffer(new_connection)
time.sleep(5)
new_connection.send(“terminal more disable\n”)
output = clear_buffer(new_connection)
with open(outputFileName, ‘wb’) as f:
for command in commands:
new_connection.send(command)
time.sleep(5)
output = new_connection.recv(max_buffer)
print(output)
f.write(output)

new_connection.close()

Pexpect Script

Posted on by
Reply

Mastering Python Networking (Pexpect).

import getpass
from pexpect import pxssh
import time

devices = {‘VSP-8284XSQ-1’: {‘prompt’: ‘VSP-8284XSQ-1:1>’, ‘ip’: ‘192.168.1.10’}, ‘VSP-8284XSQ-2’: {‘prompt’: ‘VSP-8284XSQ-2:1>’, ‘ip’: ‘192.168.1.11’}}

commands = [‘terminal more disable’, ‘show sys-info card’, ‘terminal more enable’]

username = input(‘Username: ‘)
password = getpass.getpass(‘Password: ‘)

for device in devices.keys():
outputFileName = device + ‘_output.txt’
device_prompt = devices[device] [‘prompt’]
device_ip = devices[device] [‘ip’]
child = pxssh.pxssh()
child.login(devices[device] [‘ip’], username.strip(), password.strip(), auto_prompt_reset=False)
print(‘Logged in to ‘ + device)
with open(outputFileName, ‘wb’) as f:
for command in commands:
child.expect(device_prompt)
child.sendline(command)
time.sleep(1)
f.write(child.before)
child.logout()

Auditing VSP and ERS switches (show commands)

Posted on by
Reply

VOSS (VSP)

The following CLI commands were used to gather information from the VOSS switches in the network:

terminal more disable

# CONFIGURATION, SERVERS, LICENSE and TECH

show running-config

show boot config flags

show ntp

show ntp server

show ntp statistics

show license

show web-server

show sys setting

show tech

# SNMP

show snmplog

show snmp-server

show snmp-server community

show snmp-server host

# RADIUS

show radius

show radius snmp

show radius reachability

show radius-server

show radius-server statistics

# KHI

show khi performance cpu

show khi performance memory

show khi performance buffer-pool

# QOS and RESOURCES

show filter acl statistics

show filter acl statistics all

show sys mgid-usage

show sys stats ipmc-threshold-exceeded-cnt

show qos cosq-stats cpu-port

show qos cosq-stats interface

show qos 802.1p-override

show qos egressmap

show qos ingressmap

show qos queue-profile

show qos rate-limiting interface gigabitEthernet

show qos shaper interface gigabitEthernet

# HARDWARE and SOFTWARE

show software

show software detail

show sys-info card

show sys-info temperature

show sys-info fan

show sys-info power

show sys-info uboot

show sys software

show sys power

show sys power power-supply

show alarm database

show alarm statistics

# TOPOLOGY

show autotopology nmm-table

# LLDP

show lldp

show lldp local-sys-data

show lldp port

show lldp neighbor

show lldp stats

# IPv4 ARP and ROUTE

show ip interface vrfids 0-512

show ip arp vrfids 0-512

show ip vrf

show ip vrf max-routes

show ip route count-summary vrfids 0-512

show ip route vrfids 0-512

show ip route alternative vrfids 0-512

show interfaces gigabitethernet vrfs

show interfaces vlan vrfs

# IPv6 INFO

show ipv6 address interface

# VRRP

show ip vrrp vrfids 0-512

show ip vrrp interface vrfids 0-512

show ip vrrp address vrfids 0-512

# RSMLT

show ip rsmlt vrfids 0-512

show ip rsmlt edge-support

# MSTP

show spanning-tree mstp config

show spanning-tree mstp status

show spanning-tree mstp msti config

show spanning-tree mstp statistics

# SLPP

show slpp

show slpp interface gigabitEthernet

# INTERFACES

show interfaces gigabitEthernet channelize

show interfaces gigabitEthernet private-vlan

show interfaces gigabitEthernet rate-limit

show interfaces gigabitEthernet shape

show interfaces gigabitEthernet high-secure

show interfaces gigabitEthernet statistics

show interfaces gigabitEthernet statistics dhcp-relay

show interfaces gigabitEthernet statistics lacp

show interfaces gigabitEthernet statistics rate-limiting

show interfaces gigabitEthernet statistics rmon

show interfaces gigabitEthernet statistics verbose

show interfaces gigabitEthernet error

show interfaces gigabitEthernet error verbose

show interfaces gigabitEthernet error collision

# VLAN

show vlan name

show port vlans

# MLT, SMLT and IST

show mlt

show mlt error main

show mlt stats

show smlt mlt

show virtual-ist

show virtual-ist stat

# LACP

show lacp

show lacp interface

# VLACP

show vlacp

show vlacp interface gigabitethernet

# RIP

show ip rip vrfids 0-512

# OSPF

show ip ospf vrfids 0-512

show ip ospf area vrfids 0-512

show ip ospf authentication interface vlan

show ip ospf ifstats vrfids 0-512

show ip ospf interface vrfids 0-512

show ip ospf neighbor vrfids 0-512

show ip ospf stats vrfids 0-512

# BGP

show ip bgp aggregates vrfids 0-512

show ip bgp conf vrfids 0-512

show ip bgp neighbors vrfids 0-512

show ip bgp networks vrfids 0-512

show ip bgp peer-group vrfids 0-512

show ip bgp redistributed-routes vrfids 0-512

show ip bgp route vrfids 0-512

show ip bgp stats vrfids 0-512

show ip bgp summary vrfids 0-512

# MROUTE

show ip mroute hw-resource-usage vrfids 0-512

show ip mroute interface vrfids 0-512

show ip mroute route vrfids 0-512

show ip mroute next-hop vrfids 0-512

show ip mroute static-source-group

# IGMP

show ip igmp interface vrfids 0-512

show ip igmp group vrfids 0-512

show ip igmp cache vrfids 0-512

show ip igmp sender vrfids 0-512

show ip igmp snooping vrfids 0-512

show ip igmp snoop-trace vrfids 0-512

show ip igmp static vrfids 0-512

show ip igmp stream-limit interface vrfids 0-512

show ip igmp sys vrfids 0-512

# SPBM

show spbm

show isis

show isis area

show isis manual-area

show isis system-id

show isis net

show isis interface

show isis adjacencies

show isis statistics

show isis spb-mcast-summary

show isis logical-interface

show isis int-l1-cntl-pkts

# SPBm

show isis spbm

show isis spbm nick-name

show isis spbm unicast-tree 4051

show isis spbm unicast-tree 4052

show isis spbm ip-unicast-fib

show isis spbm i-sid all

show isis spbm unicast-fib

show isis spbm unicast-fib summary

show isis spbm multicast-fib summary

show isis spbm ip-multicast-route

show isis spbm ip-multicast-route group 239.255.255.250

show cfm maintenance-endpoint

show vlan i-sid

show ip ipvpn vrfids 1-512

# FA

show fa

show fa interface

# PLUGGABLE

show pluggable-optical-modules basic

show pluggable-optical-modules detail

# DIRECTORY

dir /intflash -l -r

#END

terminal more enable terminal more enable

###############################################################

BOSS (ERS)

The following CLI commands were used to gather information from the BOSS stacks:

terminal length 0

terminal width 132

# CONFIGURATION, SERVERS, LICENSE and TECH

show cpu-utilization

show running-config

show sntp

show logging config

show autosave

show stack health

show stack forced-mode

show ssh global

show license all

show tech

# SNMP

show snmp-server

show snmp-server host

# RADIUS

show radius reachability

show radius use-management-ip

show radius-server

# KHI

show cpu-utilization

show environmental

# QOS and RESOURCES

show qos acl-assign

show qos diag

show qos queue-set

show qos queue-set-assignment

show qos queue-statistics

show qos queue-statistics non-zero

show qos egressmap

show qos ingressmap

show qos classifier

show qos classifier-block

show qos action all

show qos agent

show qos if-group

show qos if-assign

show qos traffic-profile

show qos traffic-profile interface

show qos capability shaper

show qos if-queue-shaper

show qos if-shaper

show qos capability meter

show qos policy

show qos port ALL

show rate-limit

# HARDWARE and SOFTWARE

show memory-utilization

show nvram block

show port-mirroring

show boot image

show interfaces gbic-info

show flash history

show flash history unit 2

show flash history unit 3

show flash history unit 4

show flash history unit 5

show flash history unit 6

show flash history unit 7

show flash history unit 8

# STACKING INFO

show stack-info

show stack-info uptime

show stack-monitor

show stack auto-unit-replacement-image

show stack port-statistics

show stack port-statistics unit 2

show stack port-statistics unit 3

show stack port-statistics unit 4

show stack port-statistics unit 5

show stack port-statistics unit 6

show stack port-statistics unit 7

show stack port-statistics unit 8

# TOPOLOGY

show autotopology nmm-table

# LLDP

show lldp

show lldp local-sys-data

show lldp mgmt-sys-data

show lldp neighbor

show lldp stats

# IP

show ip

show ip routing

show route-map

show ipmgr

show arp

show arp-table

show ip ipfix

show brouter

show ip directed-broadcast

show ip mgmt route

show ip arp-proxy interface

show ip arp-inspection

# MLT, SMLT, SLT and IST

show mlt

# DHCP

show ip dhcp-relay fwd-path

show ip dhcp-relay counters

show vlan dhcp-relay

show ip dhcp client lease

# IGMP

show ip igmp interface

show ip igmp group

show ip igmp snooping

# RIP

show ip rip

# OSPF

show ip ospf

# LACP

show lacp system

show lacp stats

show lacp port

show lacp stats

# VLACP

show vlacp

show vlacp interface

# VLAN

show vlan ip

show auto-pvid

show vlan configcontrol

show vlan summary

show vlan interface vids

show vlan interface info

show mac-address-table

# INTERFACES

show port-statistics

# STP

show spanning-tree mode

show spanning-tree config

show spanning-tree port-mode

show spanning-tree port

show spanning-tree vlans

# MSTP

show spanning-tree mstp config

show spanning-tree mstp status

show spanning-tree mstp statistics

show spanning-tree mstp port role

# BPDU

show spanning-tree bpdu-filtering

# SLPP

show slpp-guard

# POE

show poe-main-status

show poe-main-status unit 1

show poe-main-status unit 2

show poe-main-status unit 3

show poe-main-status unit 4

show poe-main-status unit 5

show poe-main-status unit 6

show poe-main-status unit 7

show poe-main-status unit 8

# END

terminal length 20

Sorting Excel by IP address

Posted on by
Reply

Select the column with the IP addresses in it and then choose Data>Text to Columns.

The first window should show the data is already Delimited. Click Next.

Set the delimiter to Other and put in a full stop (dot) in the box. Remove any other delimiters if selected. Click Next.

Change Destination to cover four new free columns. For example, enter $R:$U to send IP address octets to. Click Finish.

Select the column with the fourth octet in it and sort on it. This will sort all data based on this index.

Once you have broken down the IP address into octets you can sort the data based on 4th octet or 3rd octet which maybe required based on the network mask. Select a cell in the column you wish to sort and right click the mouse and select Sort.

 

EXOS ELRP-Client

Posted on by
Reply

Summit EXOS switches have a useful command to check for loops.

elrp

GNS3 setup above recreates a loop in VLAN DATA using ports 1 and 2 which are connected to a hub. Configure ELRP and generate test for a specific VLAN. Ports 1 and 2 are both members of VLAN DATA. No SPT protection (created VLAN and added ports to VLAN which is not bound to SPTD s0). Enable port 2 and test for loop.

#Configuring ELRP

enable elrp-client

conf elrp-client one-shot vlan DATA ports all interval 1 retry 5

EXOS-VM.5 # en port 2

* EXOS-VM.6 # conf elrp-client one-shot vlan DATA ports all interval 1 retry 5

Starting ELRP Poll

# LOOP DETECTED # — vlan “DATA” elrp statistics —

1 packets transmitted, 1 received, ingress port 2

. . .

Once finished disable it.

disable elrp-client

Note:

Make sure new VLANs are auto-bound with a Spanning Tree domain otherwise the ports may not be protected by SPT protocol and form loops.

enable stpd s0 auto-bind vlan DATA