NOTE:
I am documenting this port just for references purposes. not for everyone. it do requires some really good knowledge of bash scripting and cisco. These scripts were designed for very specific network with very targeted requirements. It may not run in your network as its really customized and made exclusively for that particular network to facilitate terminal and SMS base execution. I will add few sections later like php and playSMS/kannel. Regard's Syed Jahanzaib / 14-DEC-2015 / 1030 hours
Scenario:
Two Cisco 3750-E switches are installed in local area. SSH/TELNET access is enabled.
SNMP is also enabled with profile name ‘public‘.
Requirements:
Sometimes any port gets auto shut dueto flooding or manually by admin for management purposes. It is required that admin can disable or enable any port by using BASH script. Later it should be integrated with SMS using existing KANNEL gateway via playSMS app. so that admin can send an sms to his KANNEL gateway with the parameters and then system can act upon it as directed. in ubuntu, ‘EXPECT’ package is also installed which will be required in executing helper scripts so take a note of it.
SCRIPTS:
It requires 3 scripts.
master.sh
It will act as launcher which will check for 3 variables validity.It will also check the switch availability via ping, it will check for port status before doing any action and will act accordingly.ciscoup.sh [helper script for master]
It will SSH to cisco switch and execute shut/noshut command to turn the PORT UP.ciscodown.sh [helper script for master]
It will SSH to cisco switch and execute shut command to turn the PORT DOWN.
SCRIPT Example
./master.sh switch_number port_number ACTION_required
./master.sh SW1 24 DOWN
./master.sh SW1 24 UP
master.sh
#!/bin/bash # Script to manage CISCO 3750/xxxx model switch via bash script. # It can print all errors related to script, it can perform given Action like UP/DOWN for any given port on require switch. # Comes handy like you can integrate it with PHP or any frontend. # I made it for specific network where OP wanted to UP/DOWN the PORT via sending SMS to linux base system, and it will perform # action as directed. # Syed Jahanzaib # aacable at hotmail dot com # https://aacable.wordpress.com # Created = 11-DEC-2015 # Last Mofidied = 11-DEC-2015 # Enable set -x to enable SCRIPT DEBUG mode. #set -x # Setting various Variables # SWITCH IP Address VALUE # Check VAR1 and match value with valid data if [ "$1" != "SW1" ] && [ "$1" != "SW2" ]; then echo "Switch Value must be SW1 or SW2 Usage Example: ./master.sh SW1 24 UP" exit 1; fi # SWITCH IP ADDRESSES. CHANGE IT AS REQUIRED / ZAIB SW1IP="192.168.0.1" SW2IP="192.168.0.2" ########################################### # MAKE SURE YOU CHANGE THIS OID AS REQUIRED. SOME SWITCHES LIKE MB/GB MAY HAVE DIFFERNT OID IN UR NETWORK. PORTOID="1.3.6.1.2.1.2.2.1.8.101" # To get Port description, friendly text for port PORTDESC="1.3.6.1.2.1.31.1.1.1.18.101" # SWITCH IP variable # Check VAR1 and match value with valid data if [ "$1" = "SW1" ] ; then SWITCH="$SW1IP" fi if [ "$1" == "SW2" ] ; then SWITCH="$SW2IP" fi # SWITCH Variable # Check VAR1 and match value with valid data PORT="$2" if [[ "$PORT" =~ ^[0-9]+$ ]] && [[ "$PORT" -le 48 ]] ; then echo else echo "PORT value not correct. It must be in numeric format like 01 upto max 48 etc Usage Example: ./master.sh SW1 24 UP" exit 1; fi # ACTION Variable # Check VAR1 and match value with valid data ACTION="$3" if [ "$ACTION" != "UP" ] && [ "$ACTION" != "DOWN" ]; then echo "Action Value not correct, it must be either UP or DONW Usage Example: ./master.sh SW1 24 UP" exit 1; fi # Check PING status of switch. # Check if Mikrotik is accessibel or not, if not then EXIT immediately with error / zaib if [[ $(ping -q -c 2 $SWITCH) == @(*100% packet loss*) ]]; then echo "ALERT ..... $SWITCH is DOWN. cannot process further. check connectivity." exit else echo "$SWITCH is accessible OK." fi # Port Description infor to get more accurate idea about port info DESCR=`snmpwalk -v1 -c public $SWITCH $PORTDESC$PORT | sed -e 's/\"//' | sed -e 's/\"//' | awk '{print $4,$5,$6,$7,$8,$9}'` # Print Data gaterhed echo -e "Command Data Received. SWITCH = $1 = $SWITCH PORT = $PORT PORT DESCR = $DESCR REQUIRED ACTION = $ACTION" # Query Present / Current PORT Status PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'` RESULT="$PORTQUERY" if [ "$RESULT" == "1" ]; then PRESULT="UP" echo -e "PORT Current Status = $PRESULT" else PRESULT="DOWN" echo -e "PORT Current Status = $PRESULT" fi # Match condition. If Action required is UP and port is already UP, then NO ACTION, just exit. PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'` RESULT="$PORTQUERY" if [ "$RESULT" == "1" ] && [ "$ACTION" == 'UP' ]; then echo "Port $PORT is already UP. No action is required. Exiting ..." fi # Match condition. If Action required is UP and port is DOWN , then run UP script. if [ "$RESULT" == "2" ] && [ "$ACTION" == 'UP' ]; then echo -e "PORT $PORT $PRESULT. doing UP Action..." /temp/ciscoup.sh $SWITCH $PORT $ACTION #> /dev/null 2>&1 fi # Match condition. If Action required is DOWN and port is also DOWN , then NO ACTION, Just EXIT. if [ "$RESULT" == "2" ] && [ "$ACTION" == 'DOWN' ]; then echo "PORT $PORT is already DOWN, no action required. Exiting ..." fi # Match condition. If Action required is DOWN and port is UP , then eyb UP script. if [ "$RESULT" == "1" ] && [ "$ACTION" == 'DOWN' ]; then echo "Doing DOWN Action..." /temp/ciscodown.sh $SWITCH $PORT $ACTION #> /dev/null 2>&1 fi # PRINT Final Status (after the above actions are done, so we can have idea whats the final result) PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'` RESULT="$PORTQUERY" if [ "$RESULT" == "1" ]; then echo echo "FINAL RESULT = UP ~~~~~~~~~~~~~~~~~" else echo echo "FINAL RESULT = DOWN ~~~~~~~~~~~~~~~~~" fi # SCRIPT END. # EXIT # JZ
ciscodown.sh [make sure you change username and password to match your switch credentials]
#!/usr/bin/expect -f set timeout 20 set IPaddress [lindex $argv 0] set Username "zaib" set Password "zaib" set PORT [lindex $argv 1] spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress expect "*assword: " send "$Password\r" expect ">" send "enable\r" expect "*assword: " send "$Password\r" send "conf term\r" send "interface gigabitEthernet 1/0/$PORT\r" expect "#" send "shut\r" expect "#" send "exit\r" expect "#" send "exit\r" send "wr\r" send "exit\r" # Exit Script exit
ciscoup.sh [make sure you change username and password to match your switch credentials]
#!/usr/bin/expect -f set timeout 20 set IPaddress [lindex $argv 0] set Username "zaib" set Password "zaib" set PORT [lindex $argv 1] spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress expect "*assword: " send "$Password\r" expect ">" send "enable\r" expect "*assword: " send "$Password\r" send "conf term\r" send "interface gigabitEthernet 1/0/$PORT\r" expect "#" send "shut\r" expect "#" send "no shut\r" expect "#" send "exit\r" expect "#" send "exit\r" expect ">" send "wr\r" send "exit\r" # Exit Script exit
RESULTS SCREENSHOT
.
DONE!
T.C
WINDOWS VBS TO EXECUTE PORT COMMAND, EXMAPLE ONLY
create file on your windows desktop or in any folder
cisco.vbs
paste the following contents in it.
set WshShell = WScript.CreateObject("WScript.Shell") WshShell.Run "cmd" WScript.Sleep 300 WshShell.AppActivate "C:\Windows\system32\cmd.exe" WScript.Sleep 300 WshShell.SendKeys "telnet 192.168.0.1{ENTER}" WScript.Sleep 300 WshShell.SendKeys "zaib" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "zaib" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "enable" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "zaib" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "configure terminal" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "interface gigabitEthernet 1/0/24" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "shut" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "exit" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "exit" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "wr" WshShell.SendKeys "{ENTER}" WScript.Sleep 300 WshShell.SendKeys "exit" WshShell.SendKeys "{ENTER}" WScript.Sleep 300
Adjust the key stroke as required. some switches access requires user name and password both, and some requires only password. SO YOU MUST SET THE CONTENTS ACCORDINGLY. best is to open command prompt and run script in cmd so that you can see the errors. DON’T INTERRUPT after RUNNING THE FILE.
Screenshot.
Regard’s
Syed Jahanzaib