Archives For Cisco

VRFBackupTool shares the same broken function as VRFSearchAndBackup, so I decided I would update this one as well.

You can find the most recent version on it’s GitHub Repository.

As you might have noticed form this week’s blog posts, I enjoy writing code to automate tedious or time consuming tasks.  Well, maybe it might be a stretch to say I enjoy it — but I certainly reap the benefit of putting in the hard work to automate tasks that I otherwise hate performing.  I do, however, enjoy publishing much of this code on the Internet in hopes that others will find it useful and I occasionally hear from them stating such.

In a past life, as a Network Engineer, I wrote a small application which automates the ability to search a Cisco router for a VRF VPN profile and back it up to disk.  (If you’re making changes to your Cisco routers and you don’t back up your configurations before you change them, then you obviously haven’t broken one yet.)  I received a lot of feedback from other people who found this tool to be useful and use it regularly.  I also recently received word that it doesn’t work under Cisco IOS 15.4.

That sucks.

Specifically, it blows up right about here:


VRFSearchAndBackup.py v1.0.1 (2014-03-17)
-----------------------------------------

--> Index found and appears up to date.

Enter the VRF Name or IP Address you are searching for: USG-10195

+--------------------+--------------------+--------------------+
| VRF NAME | REMOTE IP ADDRESS | LOCAL IP ADDRESS |
+--------------------+--------------------+--------------------+
| ABC-12345 | 192.168.1.1 | 192.168.2.1 |
| ABC-12345 | 192.168.1.1 | 192.168.2.1 |
+--------------------+--------------------+--------------------+

Do you want to back up this configuration now? [Y/n]

--> Logging into 192.168.2.1...
--> Backing up ABC-12345 ...
Traceback (most recent call last):
 File "<string>", line 534, in <module>
 File "<string>", line 413, in searchIndex
 File "<string>", line 176, in backupVRF
AttributeError: 'NoneType' object has no attribute 'group'

C:\Applications>

Continue Reading…

If you’ve been working in IT any length of time, you understand that every once in a while a piece of hardware just needs a good kick in the pants.  I’ve generally found most Cisco products to be very reliable.  Cisco Prime Infrastructure, however, seems to be an exception.  I’ll spare you my biased opinion of this particular product and we’ll move on…

We have yet to fully implement Cisco Prime Infrastructure and use it for it’s intended purpose: making my life easier.  It’s made my life anything but easier, but I’m still hoping to see it operate in all it’s glory and witness it effortlessly deploy updates to thousands of routers simultaneously.  Before that can happen, we’re still continually updating devices which often required bulk imports containing hundreds of devices (either to add or update existing records) and the occasional deletion of devices.  For whatever (unknown) reason, the jobs often fail to complete thereby prohibiting you from submitting subsequent jobs.

Unfortunately, the only “solution” we have to date is to reload the box.  Only not-so-recently have I determined that there is a wrong way to reload Prime and a right way to do it.  Guess which method I’ve been using?

Continue Reading…

Earlier in the week I said

One of my favorite interview questions to ask network engineering candidates is “How many different ways can you describe to determine the serial number of a Cisco router?”

…and I got to thinking: How many ways do I know how to obtain the serial number of a Cisco router?  So I began writing them down and here is what I came up with:

  1. Locate the serial number tag on the router chassis.
  2. The serial number is displayed in the banner during boot.
  3. “show version” command. (Look for “Processor board ID”)
  4. “show inventory” command. (Look for “Hw Serial#” or “SN:”)
  5. “show diag” command. (Look for “Chassis Serial Number”)
  6. “show hardware” command. (Look for “Processor board ID”)
  7. “show tech-support” command. (Displayed MANY times)
  8. “show run | s snmp-server chassis-id” command. (Must have been manually set)

Continue Reading…

Last year I discovered a bug in the “show crypto debug-condition” command. This bug doesn’t impact the operation of the router and is purely cosmetic. By cosmetic, I mean the output from the show command isn’t correct although the setting in the router is.

Here is what I’m talking about (compare the profile name I set in line #1 “abcdefgh” to the output you see line #11):


Router#debug crypto condition isakmp profile abcdefgh
Router#
Router#show crypto debug-condition
Crypto conditional debug currently is turned ON
IKE debug context unmatched flag: OFF
GDOI group debug context unmatched flag: OFF
IPsec debug context unmatched flag: OFF
Crypto Engine debug context unmatched flag: OFF

Isakmp Profile filters:
abcdefgh^U#G^K

Router#

Continue Reading…

identity-crisisOne of my favorite interview questions to ask network engineering candidates is “How many different ways can you describe to determine the serial number of a Cisco router?”

Surprisingly, a majority of candidates never get beyond physically inspecting the router to obtain the serial number.  A few give me the obvious answer of using the “show version” command and a rare handful have ever given me more than two commands that might display that information.

Yet, despite the many ways to determine the serial number of a Cisco router and the thousands of Cisco routers that I’ve managed, I finally came across this unsociable router.

Continue Reading…

Yesterday I discovered an error in my DownloadRouterConfig application where it would terminate abnormally if a variable (a path name) in the settings.cfg file was left blank.  Should no path name be specified, the application should have used it’s current working directory.  Instead, it just crashed.

In fixing the code, I realized that all my other applications used this same function — so I corrected all of them as well.  (I also took care of a few other miscellaneous things while I was in there.  See the CHANGELOG, if interested.)  If you happen to be using any of these applications to help manage your own Cisco routers, you’ll want to pull the latest code down to prevent any possible errors in the future.

BuildVRFIndex v0.0.9-alpha (2014-03-17)
DownloadRouterConfig.py v2.2.3 (2014-03-17)
RunRouterCommand.py v1.2.0 (2014-03-17)
VRFBackupTool v0.0.9-alpha (2014-03-17)
VRFSearchAndBackup v1.0.1 (2014-03-17)
VRFSearchTool v0.0.18-beta (2014-03-17)

This isn’t a new tool, just newly discussed on my blog. 🙂

If you’ve been following any of my other Python applications I’ve written to automate tedious tasks on a Cisco router, you might have noticed that they all seem related.  Between BuildVRFIndex.py, VRFBackupTool.py and VRFSearchTool.py — you may have wondered why all these weren’t combined into a single application.  With the exception of BuildVRFIndex.py, it was always my intention to combine the VRFBackupTool and VRFSearchTool into one application.

It’s been more than 10 years before I’ve written any meaningful amount of code and that was last done in C++.  Learning Python has been an enjoyable experience — but I’m still learning the language.  I wasn’t certain that I would be able to easily (or cleanly) create the application I had in mind with Search AND Backup functionality — so I broke these functions out into separate applications until I was certain that this would be something I could accomplish with as little frustration as possible.

Having said all that, the VRFSearchAndBackup tool is the combination of the search and backup features of the other two and, in my opinion, supersedes both of the prior tools in functionality.  You can still search for a VRF Name to determine where it is without having to back it up (the application prompts you to backup upon a successful search).

There is a lot more I could say about this application but since it’s been out several weeks now and I’m just now catching up on blogging about it, you can head on over to it’s GitHub repository if you’d like to learn more or see it in action.

This isn’t a new tool, just newly discussed on my blog. 🙂

Building on the experiences of my other Python applications (namely the VRFSearchTool), I took this knowledge to the next level and created an entirely new application.  Similar in functionality to the VRFSearchTool, the VRFBackupTool will back up the VRF VPN configuration of a Cisco router when provided with the VRF Name.  Unlike the VRFSearchTool, it does not display any information regarding the VRF Name provided — it simply locates it among the index file, connects to the router(s) holding the configuration specific to the VRF Name and backs it up to a directory specified in the configuration file.

There is a lot more I could say about this application but since it’s been out several weeks now and I’m just now catching up on blogging about it, you can head on over to it’s GitHub repository if you’d like to learn more or see it in action.

My VRF Search Tool is proving to be quite useful on the job and I was looking for a way to automate some of the functionality of the tool so that it can be extended for use in other applications.  As it stands now, the index of VRF Names is only updated once a day by the first person to run the tool each day.  Since the tool is being used in a 24/7 environment, engineers working late may be working with old information.

Therefore, I’ve sought to automate the buildIndex() function of the VRF Search Tool and created BuildVRFIndex.py.  Just like the VRF Search Tool, BuildVRFIndex builds a CSV file of the VRF Name, Remote Peer IP and Local Peer IP of each VPN tunnel — but it lacks the functionality to search the index.

Unlike my other Python applications, this is the first time I’ve ventured into the use of a configuration file.  The configuration file will allow the user to pre-set the path and name of the files the application needs to run.  You can also set the username and password that will be used to log in to each of the routers.  NOTE: The password must be base64-encoded.  You can use a website like http://www.base64encode.org/ to translate your password into a base64-encoded string.

Continue Reading…