Syed Jahanzaib Personal Blog to Share Knowledge !

December 14, 2015

Manage Cisco Ports from PHP/VBS/BASH or incoming SMS using kannel/playSMS


linux


 

NOTE:
I am documenting this port just for references purposes. not for everyone. it do requires
some really good knowledge of bash scripting and cisco. These scripts were designed
for very specific network with very targeted requirements. It may not run in your 
network as its really customized and made exclusively for that particular 
network to facilitate terminal and SMS base execution. I will add few sections later
like php and playSMS/kannel.
Regard's
Syed Jahanzaib / 14-DEC-2015 / 1030 hours

 

Scenario:

Two Cisco 3750-E switches are installed in local area. SSH/TELNET access is enabled.
SNMP is also enabled with profile name ‘public‘.

Requirements:

Sometimes any port gets auto shut dueto flooding or manually by admin for management purposes.  It is required that admin can disable or enable any port by using BASH script. Later it should be integrated with SMS using existing KANNEL gateway via playSMS app. so that admin can send an sms to his KANNEL gateway with the parameters and then system can act upon it as directed. in ubuntu, ‘EXPECT’ package is also installed which will be required in executing helper scripts so take a note of it.

SCRIPTS:

It requires 3 scripts.

master.sh
It will act as launcher which will check for 3 variables validity.It will also check the switch availability via ping, it will check for port status before doing any action and will act accordingly.

ciscoup.sh     [helper script for master]
It will SSH to cisco switch and execute shut/noshut command to turn the PORT UP.

ciscodown.sh     [helper script for master]
It will SSH to cisco switch and execute shut command to turn the PORT DOWN.

 

SCRIPT Example

./master.sh switch_number port_number ACTION_required

./master.sh SW1 24 DOWN
./master.sh SW1 24 UP


master.sh

#!/bin/bash
# Script to manage CISCO 3750/xxxx model switch via bash script.
# It can print all errors related to script, it can perform given Action like UP/DOWN for any given port on require switch.
# Comes handy like you can integrate it with PHP  or any frontend.
# I made it for specific network where OP wanted to UP/DOWN the PORT via sending SMS to linux base system, and it will perform
# action as directed.
# Syed Jahanzaib
# aacable at hotmail dot com
# https://aacable.wordpress.com
# Created = 11-DEC-2015
# Last Mofidied = 11-DEC-2015

# Enable set -x to enable SCRIPT DEBUG mode.
#set -x

# Setting various Variables

# SWITCH IP Address VALUE
# Check VAR1 and match value with valid data
if [ "$1" != "SW1" ] && [ "$1" != "SW2" ];
then
echo "Switch Value must be SW1 or SW2
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# SWITCH IP ADDRESSES. CHANGE IT AS REQUIRED / ZAIB
SW1IP="192.168.0.1"
SW2IP="192.168.0.2"

###########################################
# MAKE SURE YOU CHANGE THIS OID AS REQUIRED. SOME SWITCHES LIKE MB/GB MAY HAVE DIFFERNT OID IN UR NETWORK.
PORTOID="1.3.6.1.2.1.2.2.1.8.101"
# To get Port description, friendly text for port
PORTDESC="1.3.6.1.2.1.31.1.1.1.18.101"

# SWITCH IP variable
# Check VAR1 and match value with valid data
if [ "$1" = "SW1" ] ; then
SWITCH="$SW1IP"
fi

if [ "$1" == "SW2" ] ; then
SWITCH="$SW2IP"
fi

# SWITCH Variable
# Check VAR1 and match value with valid data
PORT="$2"
if [[ "$PORT" =~ ^[0-9]+$ ]] && [[ "$PORT" -le 48 ]] ; then
echo
else
echo "PORT value not correct. It must be in numeric format like 01 upto max 48 etc
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# ACTION Variable
# Check VAR1 and match value with valid data
ACTION="$3"

if [ "$ACTION" != "UP" ] && [ "$ACTION" != "DOWN" ];
then
echo "Action Value not correct, it must be either UP or DONW
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# Check PING status of switch.
# Check if Mikrotik is accessibel or not, if not then EXIT immediately with error / zaib
if [[ $(ping -q -c 2 $SWITCH) == @(*100% packet loss*) ]]; then
echo "ALERT ..... $SWITCH is DOWN. cannot process further. check connectivity."
exit
else
echo "$SWITCH is accessible OK."
fi

# Port Description infor to get more accurate idea about port info
DESCR=`snmpwalk -v1 -c public $SWITCH $PORTDESC$PORT | sed -e 's/\"//' | sed -e 's/\"//' | awk '{print $4,$5,$6,$7,$8,$9}'`

# Print Data gaterhed
echo -e "Command Data Received.
SWITCH = $1 = $SWITCH
PORT = $PORT
PORT DESCR = $DESCR
REQUIRED ACTION = $ACTION"

# Query Present / Current PORT Status
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
PRESULT="UP"
echo -e "PORT Current Status = $PRESULT"
else
PRESULT="DOWN"
echo -e "PORT Current Status = $PRESULT"
fi

# Match condition. If Action required is UP and port is already UP, then NO ACTION, just exit.
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'UP' ];
then
echo "Port $PORT is already UP. No action is required. Exiting ..."
fi

# Match condition. If Action required is UP and port is DOWN , then run UP script.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'UP' ];
then
echo -e "PORT $PORT $PRESULT. doing UP Action..."
/temp/ciscoup.sh  $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# Match condition. If Action required is DOWN and port is also DOWN , then NO ACTION, Just EXIT.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'DOWN' ];
then
echo "PORT $PORT is already DOWN, no action required. Exiting ..."
fi


# Match condition. If Action required is DOWN and port is UP , then eyb UP script.
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'DOWN' ];
then
echo "Doing DOWN Action..."
/temp/ciscodown.sh $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# PRINT Final Status (after the above actions are done, so we can have idea whats the final result)
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
echo
echo "FINAL RESULT = UP
~~~~~~~~~~~~~~~~~"

else
echo
echo "FINAL RESULT = DOWN
~~~~~~~~~~~~~~~~~"
fi

# SCRIPT END.
# EXIT
# JZ

ciscodown.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

send "wr\r"
send "exit\r"

# Exit Script
exit

ciscoup.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "no shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

expect ">"
send "wr\r"
send "exit\r"

# Exit Script
exit

RESULTS SCREENSHOT

down-switch

 

.

UP

DONE!

T.C


 

WINDOWS VBS TO EXECUTE PORT COMMAND, EXMAPLE ONLY

create file on your windows desktop or in any folder

cisco.vbs

paste the following contents in it.


set  WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd"
WScript.Sleep 300
WshShell.AppActivate "C:\Windows\system32\cmd.exe"
WScript.Sleep 300
WshShell.SendKeys "telnet 192.168.0.1{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "enable"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "configure terminal"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "interface gigabitEthernet 1/0/24"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "shut"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "wr"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

Adjust the key stroke as required. some switches access requires user name and password both, and some requires only password. SO YOU MUST SET THE CONTENTS ACCORDINGLY. best is to open command prompt and run script in cmd so that you can see the errors.  DON’T INTERRUPT after RUNNING THE FILE.

Screenshot.

vbs


 

 

Regard’s
Syed Jahanzaib

Advertisements

2 Comments »

  1. “………….
    send “interface gigabitEthernet 1/0/$PORT\r”
    expect “#”
    send “shut\r”
    expect “#”
    …………..”

    Will be better if you consider some self-defense just in case when administrator incidentally shuts port form script is running. Something like if $PORT == $PORT_MNG then echo “Don’t do it pls!”

    Like

    Comment by Eol — December 18, 2015 @ 6:47 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: