Planet Collab

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Quick & Dirty: Cisco Modern Router (ISR, ASR) Software Upgrades

By Justin

Hello World!

Just a quick post today, and my usual apology for not posting more frequently.

If, like me, you find yourself doing ISR IOS XE upgrades, you realize that although it can be a quick process there is always room for improvement.

Today, while upgrading 15+ ISR 4451 CUBE routers, I decided to quickly “notepad script” my upgrade commands. For reference I am using an SFTP server for this upgrade but the plan works for FTP or TFTP if you wish.

My quick and dirty notepad script looks like this…

copy sftp: bootflash:
IP ADDRESS OF SFTP SERVER
USERNAME for SFTP SERVER
REMOTE SOFTWARE-PATH
LOCAL SOFTWARE-PATH
PASSWORD for SFTP SERVER
! (for Enter)

A quick copy and paste and the process has started. Once the copy is successful, a second quick and dirty script will change the boot path and then reboot your router.

config t
boot system bootflash:IOSXEFileName
exit
wr mem
reload
y

There is nothing special here, and there are far more elegant solutions but this works for me and hopefully it can work for you!

Justin

Python simple port scanner using socket module – port 22, 23 example with multiple IP addresses

By italchemy

Python simple port scanner using socket module – port 22, 23 example with multiple IP addresses

import socket

# socket.AF_INET = 1, socket.SOCK_STREAM = 2

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

ip_addresses = [“192.168.183.10”, “192.168.183.20”, “192.168.183.101”, “192.168.183.102”, “192.168.183.133”]
#ports = [22, 100]

for ip in ip_addresses:
for port in range (22, 23):
dest = (ip, port)

try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(3)
connection = s.connect(dest)
print(f”On {ip} Port {port} is open!”)
except:
print(f”On {ip}, port {port} is closed.”)

 

pynetauto@ubuntu20s1:~$ python3 simple_port_test.py
on 192.168.183.10, port 22 is open!
On 192.168.183.10, port 23 is closed.
on 192.168.183.20, port 22 is open!
On 192.168.183.20, port 23 is closed.
on 192.168.183.101, port 22 is open!
On 192.168.183.101, port 23 is closed.
on 192.168.183.102, port 22 is open!
On 192.168.183.102, port 23 is closed.
on 192.168.183.133, port 22 is open!
On 192.168.183.133, port 23 is closed.

Python simple port scanner using socket module – port 22, 23 example with multiple IP addresses

By italchemy

Python simple port scanner using socket module – port 22, 23 example with multiple IP addresses

import socket

# socket.AF_INET = 1, socket.SOCK_STREAM = 2

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

ip_addresses = [“192.168.183.10”, “192.168.183.20”, “192.168.183.101”, “192.168.183.102”, “192.168.183.133”]
#ports = [22, 100]

for ip in ip_addresses:
for port in range (22, 23):
dest = (ip, port)

try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(3)
connection = s.connect(dest)
print(f”On {ip} Port {port} is open!”)
except:
print(f”On {ip}, port {port} is closed.”)

 

pynetauto@ubuntu20s1:~$ python3 simple_port_test.py
on 192.168.183.10, port 22 is open!
On 192.168.183.10, port 23 is closed.
on 192.168.183.20, port 22 is open!
On 192.168.183.20, port 23 is closed.
on 192.168.183.101, port 22 is open!
On 192.168.183.101, port 23 is closed.
on 192.168.183.102, port 22 is open!
On 192.168.183.102, port 23 is closed.
on 192.168.183.133, port 22 is open!
On 192.168.183.133, port 23 is closed.

Cisco Switch/Router – mkdir, tscsh to create a test file

By italchemy

I wanted to create a test directory to place a file for python file deletion on Cisco Switch’s flash memory.

pythonsw02#show flash
Directory of flash:/

2 -rwx 7713393 Mar 1 1993 00:36:26 +00:00 c3560-advipservicesk9-mz.122-25.SED.bin
3 -rwx 12752928 Mar 1 1993 03:56:40 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
4 -rwx 796 Mar 1 1993 00:16:35 +00:00 vlan.dat
5 -rwx 4883 Mar 1 1993 00:43:17 +00:00 private-config.text
6 -rwx 4120 Mar 1 1993 00:43:17 +00:00 multiple-fs
8 -rwx 2093 Mar 1 1993 00:43:17 +00:00 config.text

32514048 bytes total (12032512 bytes free)

 

# Create new test directory called c3560-advipservicesk9-mz.122-40.SE
pythonsw02#mkdir flash:/c3560-advipservicesk9-mz.122-40.SE
Create directory filename [c3560-advipservicesk9-mz.122-40.SE]?
Created dir flash:/c3560-advipservicesk9-mz.122-40.SE
pythonsw02#dir
Directory of flash:/

2 -rwx 7713393 Mar 1 1993 00:36:26 +00:00 c3560-advipservicesk9-mz.122-25.SED.bin
3 -rwx 12752928 Mar 1 1993 03:56:40 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
4 -rwx 796 Mar 1 1993 00:16:35 +00:00 vlan.dat
5 -rwx 4883 Mar 1 1993 00:43:17 +00:00 private-config.text
6 -rwx 4120 Mar 1 1993 00:43:17 +00:00 multiple-fs
8 -rwx 2093 Mar 1 1993 00:43:17 +00:00 config.text
7 drwx 0 Mar 1 1993 00:45:10 +00:00 c3560-advipservicesk9-mz.122-40.SE

32514048 bytes total (12032512 bytes free)

 

# Use tcl shell (tclsh) to create a dummy test file
pythonsw02#tclsh
pythonsw02(tcl)#$puts [open “flash:c3560-advipservicesk9-mz.122-40.SE/c3560-advipservicesk9-mz.122-40.SE.txt” w+] {

+>THIS IS ONLY A TEST FILE FOR FILE DELETION AND IS BLANK.
+>PLESE IGNORE THIS FILE.
+>}

pythonsw02(tcl)#dir flash:/c3560-advipservicesk9-mz.122-40.SE/
Directory of flash:/c3560-advipservicesk9-mz.122-40.SE/

9 -rwx 0 Mar 1 1993 00:47:59 +00:00 c3560-advipservicesk9-mz.122-40.SE.txt

32514048 bytes total (12032000 bytes free)

 

# Use more flash:/file_path/file_name to view the content

pythonsw02#$more flash:/c3560-advipservicesk9-mz.122-40.SE/c3560-advipservicesk9-mz.122-40.SE.txt
THIS IS ONLY A TEST FILE FOR FILE DELETION AND IS BLANK.
PLESE IGNORE THIS FILE.

Cisco Switch/Router – mkdir, tscsh to create a test file

By italchemy

I wanted to create a test directory to place a file for python file deletion on Cisco Switch’s flash memory.

pythonsw02#show flash
Directory of flash:/

2 -rwx 7713393 Mar 1 1993 00:36:26 +00:00 c3560-advipservicesk9-mz.122-25.SED.bin
3 -rwx 12752928 Mar 1 1993 03:56:40 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
4 -rwx 796 Mar 1 1993 00:16:35 +00:00 vlan.dat
5 -rwx 4883 Mar 1 1993 00:43:17 +00:00 private-config.text
6 -rwx 4120 Mar 1 1993 00:43:17 +00:00 multiple-fs
8 -rwx 2093 Mar 1 1993 00:43:17 +00:00 config.text

32514048 bytes total (12032512 bytes free)

 

# Create new test directory called c3560-advipservicesk9-mz.122-40.SE
pythonsw02#mkdir flash:/c3560-advipservicesk9-mz.122-40.SE
Create directory filename [c3560-advipservicesk9-mz.122-40.SE]?
Created dir flash:/c3560-advipservicesk9-mz.122-40.SE
pythonsw02#dir
Directory of flash:/

2 -rwx 7713393 Mar 1 1993 00:36:26 +00:00 c3560-advipservicesk9-mz.122-25.SED.bin
3 -rwx 12752928 Mar 1 1993 03:56:40 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
4 -rwx 796 Mar 1 1993 00:16:35 +00:00 vlan.dat
5 -rwx 4883 Mar 1 1993 00:43:17 +00:00 private-config.text
6 -rwx 4120 Mar 1 1993 00:43:17 +00:00 multiple-fs
8 -rwx 2093 Mar 1 1993 00:43:17 +00:00 config.text
7 drwx 0 Mar 1 1993 00:45:10 +00:00 c3560-advipservicesk9-mz.122-40.SE

32514048 bytes total (12032512 bytes free)

 

# Use tcl shell (tclsh) to create a dummy test file
pythonsw02#tclsh
pythonsw02(tcl)#$puts [open “flash:c3560-advipservicesk9-mz.122-40.SE/c3560-advipservicesk9-mz.122-40.SE.txt” w+] {

+>THIS IS ONLY A TEST FILE FOR FILE DELETION AND IS BLANK.
+>PLESE IGNORE THIS FILE.
+>}

pythonsw02(tcl)#dir flash:/c3560-advipservicesk9-mz.122-40.SE/
Directory of flash:/c3560-advipservicesk9-mz.122-40.SE/

9 -rwx 0 Mar 1 1993 00:47:59 +00:00 c3560-advipservicesk9-mz.122-40.SE.txt

32514048 bytes total (12032000 bytes free)

 

# Use more flash:/file_path/file_name to view the content

pythonsw02#$more flash:/c3560-advipservicesk9-mz.122-40.SE/c3560-advipservicesk9-mz.122-40.SE.txt
THIS IS ONLY A TEST FILE FOR FILE DELETION AND IS BLANK.
PLESE IGNORE THIS FILE.

Cisco 3750/3850 install IOS using archive tar method

By italchemy

I have been working on Cisco 3850 and it has a new installation method called INSTALL mode which unpacks all files and save time during the book up and processing time. Since I do not have a Cisco 3850, the closest thing I can emulate this is the tar method used on older 3750 switches. My switches were running on BUNDLE mode, so had to archive tar the file to install the IOS on its seperate directory.

INSTALL method – decompress all files to the flash, similar to old tar method

BUNDLE mode – if you simply dump the IOS on the root of the flash:/ and your device is booting up from undecompressed image (.bin) file.

 

Read about 3850 INSTALL vs BUNDLE IOS upgrade and recovery process.

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/117552-technote-cat3850-00.html

========

Important Command used:

show switch

switch 1 renumber 2

show flash

archive tar /xtract tftp://192.168.254.10/c3750-ipbasek9-tar.122-55.SE1.tar flash:

========

 
Switch#show switch
Switch/Stack Mac Address : 0023.059d.de00
H/W Current
Switch# Role Mac Address Priority Version State
———————————————————-
*1 Master 0023.059d.de00 10 0 Ready

Switch#conf t
Switch(config)#no switch 1 priority 14
Changing the Switch Priority of Switch Number 1 to 1
Do you want to continue?[confirm]
New Priority has been set successfully
Switch(config)#switch 1 renumber 2
WARNING: Changing the switch number may result in a
configuration change for that switch.
The interface configuration associated with the old switch
number will remain as a provisioned configuration.
Do you want to continue?[confirm]
Changing Switch Number 1 to Switch Number 2
New Switch Number will be effective after next reboot
Switch#ping 192.168.254.10
Sending 5, 100-byte ICMP Echos to 192.168.254.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

Switch#show flash

Directory of flash:/

2 -rwx 13006601 Mar 1 1993 03:44:48 +00:00 c3750-ipservicesk9-mz.122-55.SE5.bin
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
4 -rwx 1048 Mar 1 1993 00:01:44 +00:00 multiple-fs

15998976 bytes total (2988544 bytes free)
Switch#delete flash:c3750-ipservicesk9-mz.122-55.SE5.bin
Delete filename [c3750-ipservicesk9-mz.122-55.SE5.bin]?
Delete flash:c3750-ipservicesk9-mz.122-55.SE5.bin? [confirm]
Switch#$archive tar /xtract tftp://192.168.254.10/c3750-ipbasek9-tar.122-55.SE1.tar flash:
Loading c3750-ipbasek9-tar.122-55.SE1.tar from 192.168.254.10 (via Vlan1): !
c3750-ipbasek9-mz.122-55.SE1/ (directory)
c3750-ipbasek9-mz.122-55.SE1/html/ (directory)
extracting c3750-ipbasek9-mz.122-55.SE1/html/layers.js (1616 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/html/title.js (577 bytes)
… [Ommitted for brevity]
extracting c3750-ipbasek9-mz.122-55.SE1/html/images/cna_icon4.gif (1072 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/html/images/205701.gif (17278 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin (12079771 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OOOOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOO
extracting c3750-ipbasek9-mz.122-55.SE1/info (681 bytes)O
extracting info (106 bytes)
[OK – 15257600 bytes]

Switch#show flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
4 -rwx 1048 Mar 1 1993 00:01:44 +00:00 multiple-fs
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info

15998976 bytes total (948224 bytes free)

 
Switch#show boot system
flash:c3750-ipservicesk9-mz.122-55.SE5.bin

Switch#conf t

Switch(config)# no boot system flash:c3750-ipservicesk9-mz.122-55.SE5.bin

Switch#wri
Building configuration…
[OK]
Switch#reload
Proceed with reload? [confirm]

*Mar 1 00:19:11.277: %SYS-5-RELOAD: Reload requested by console. Reload reason: Reload command
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:23:05:9d:de:00
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash…
flashfs[0]: 443 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 15053824
flashfs[0]: Bytes available: 945152
flashfs[0]: flashfs fsck took 38 seconds.
…done Initializing Flash.
done.
Loading “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”…@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@… [Ommitted for brevity]

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin” uncompressed and installed, entry point: 0x1000000
executing…

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

Initializing flashfs…

flashfs[1]: 443 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 15053824
flashfs[1]: Bytes available: 945152
flashfs[1]: flashfs fsck took 27 seconds.
flashfs[1]: Initialization complete….done Initializing flashfs.

Checking for Bootloader upgrade.. not needed
POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

Waiting for Stack Master Election…
POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Passed

POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: No Cable found on stack port 1
POST: No Cable found on stack port 2

POST: PortASIC Stack Port Loopback Tests : Begin
POST: PortASIC Stack Port Loopback Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Election Complete
Switch 2 booting as Master
Waiting for Port download…Complete
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750-24P (PowerPC405) processor (revision R0) with 131072K bytes of memory.
Processor board ID FDO1235X4KN
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:23:05:9D:DE:00
Motherboard assembly number : 73-9672-10
Power supply part number : 341-0029-05
Motherboard serial number : FDO123502G1
Power supply serial number : DTN122545WP
Model revision number : R0
Motherboard revision number : A0
Model number : WS-C3750-24PS-S
System serial number : FDO1235X4KN
Top Assembly Part Number : 800-25860-05
Top Assembly Revision Number : A0
Version ID : V06
CLEI Code Number : COMU410ARA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 2 26 WS-C3750-24P 12.2(55)SE1 C3750-IPBASEK9-M
Press RETURN to get started!
*Mar 1 00:01:35.319: %STACKMGR-4-SWITCH_ADDED: Switch 2 has been ADDED to the stack
*Mar 1 00:01:42.374: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:01:43.725: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:01:47.055: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:01:47.315: %STACKMGR-5-SWITCH_READY: Switch 2 is READY
*Mar 1 00:01:47.315: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN
*Mar 1 00:01:47.315: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state DOWN
*Mar 1 00:01:47.709: %STACKMGR-5-MASTER_READY: Master Switch 2 is READY
*Mar 1 00:01:47.978: %SYS-5-RESTART: System restarted —
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
*Mar 1 00:01:50.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/24, changed state to up
*Mar 1 00:01:51.786: %LINK-3-UPDOWN: Interface FastEthernet2/0/24, changed state to up% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

*Mar 1 00:02:08.135: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Mar 1 00:02:10.291: %PKI-6-AUTOSAVE: Running configuration saved to NVRAM
*Mar 1 00:02:19.821: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Switch>
Switch>en
Switch#sh flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info
450 -rwx 1939 Mar 1 1993 00:02:13 +00:00 private-config.text
451 -rwx 3096 Mar 1 1993 00:02:13 +00:00 multiple-fs
452 -rwx 2493 Mar 1 1993 00:02:11 +00:00 config.text

15998976 bytes total (941568 bytes free)
Switch#sh ver
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch uptime is 28 minutes
System returned to ROM by power-on
System image file is “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750-24P (PowerPC405) processor (revision R0) with 131072K bytes of memory.
Processor board ID FDO1235X4KN
Last reset from power-on
1 Virtual Ethernet interface
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:23:05:9D:DE:00
Motherboard assembly number : 73-9672-10
Power supply part number : 341-0029-05
Motherboard serial number : FDO123502G1
Power supply serial number : DTN122545WP
Model revision number : R0
Motherboard revision number : A0
Model number : WS-C3750-24PS-S
System serial number : FDO1235X4KN
Top Assembly Part Number : 800-25860-05
Top Assembly Revision Number : A0
Version ID : V06
CLEI Code Number : COMU410ARA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 2 26 WS-C3750-24P 12.2(55)SE1 C3750-IPBASEK9-M
Configuration register is 0xF

Switch#show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch uptime is 28 minutes
System returned to ROM by power-on
System image file is “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you

Switch#sh flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info
450 -rwx 1939 Mar 1 1993 00:02:13 +00:00 private-config.text
451 -rwx 3096 Mar 1 1993 00:02:13 +00:00 multiple-fs
452 -rwx 2493 Mar 1 1993 00:02:11 +00:00 config.text

15998976 bytes total (941568 bytes free)

 

Switch#dir flash:c3750-ipbasek9-mz.122-55.SE1
Directory of flash:/c3750-ipbasek9-mz.122-55.SE1/

513 drwx 4608 Mar 1 1993 01:55:17 +00:00 html
4 -rwx 12079771 Mar 1 1993 02:08:32 +00:00 c3750-ipbasek9-mz.122-55.SE1.bin
7 -rwx 681 Mar 1 1993 02:08:32 +00:00 info

32514048 bytes total (17454080 bytes free)

Cisco 3750/3850 install IOS using archive tar method

By italchemy

I have been working on Cisco 3850 and it has a new installation method called INSTALL mode which unpacks all files and save time during the book up and processing time. Since I do not have a Cisco 3850, the closest thing I can emulate this is the tar method used on older 3750 switches. My switches were running on BUNDLE mode, so had to archive tar the file to install the IOS on its seperate directory.

INSTALL method – decompress all files to the flash, similar to old tar method

BUNDLE mode – if you simply dump the IOS on the root of the flash:/ and your device is booting up from undecompressed image (.bin) file.

 

Read about 3850 INSTALL vs BUNDLE IOS upgrade and recovery process.

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/117552-technote-cat3850-00.html

========

Important Command used:

show switch

switch 1 renumber 2

show flash

archive tar /xtract tftp://192.168.254.10/c3750-ipbasek9-tar.122-55.SE1.tar flash:

========

 
Switch#show switch
Switch/Stack Mac Address : 0023.059d.de00
H/W Current
Switch# Role Mac Address Priority Version State
———————————————————-
*1 Master 0023.059d.de00 10 0 Ready

Switch#conf t
Switch(config)#no switch 1 priority 14
Changing the Switch Priority of Switch Number 1 to 1
Do you want to continue?[confirm]
New Priority has been set successfully
Switch(config)#switch 1 renumber 2
WARNING: Changing the switch number may result in a
configuration change for that switch.
The interface configuration associated with the old switch
number will remain as a provisioned configuration.
Do you want to continue?[confirm]
Changing Switch Number 1 to Switch Number 2
New Switch Number will be effective after next reboot
Switch#ping 192.168.254.10
Sending 5, 100-byte ICMP Echos to 192.168.254.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

Switch#show flash

Directory of flash:/

2 -rwx 13006601 Mar 1 1993 03:44:48 +00:00 c3750-ipservicesk9-mz.122-55.SE5.bin
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
4 -rwx 1048 Mar 1 1993 00:01:44 +00:00 multiple-fs

15998976 bytes total (2988544 bytes free)
Switch#delete flash:c3750-ipservicesk9-mz.122-55.SE5.bin
Delete filename [c3750-ipservicesk9-mz.122-55.SE5.bin]?
Delete flash:c3750-ipservicesk9-mz.122-55.SE5.bin? [confirm]
Switch#$archive tar /xtract tftp://192.168.254.10/c3750-ipbasek9-tar.122-55.SE1.tar flash:
Loading c3750-ipbasek9-tar.122-55.SE1.tar from 192.168.254.10 (via Vlan1): !
c3750-ipbasek9-mz.122-55.SE1/ (directory)
c3750-ipbasek9-mz.122-55.SE1/html/ (directory)
extracting c3750-ipbasek9-mz.122-55.SE1/html/layers.js (1616 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/html/title.js (577 bytes)
… [Ommitted for brevity]
extracting c3750-ipbasek9-mz.122-55.SE1/html/images/cna_icon4.gif (1072 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/html/images/205701.gif (17278 bytes)
extracting c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin (12079771 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OOOOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOO!OOOOOOOOOOO
extracting c3750-ipbasek9-mz.122-55.SE1/info (681 bytes)O
extracting info (106 bytes)
[OK – 15257600 bytes]

Switch#show flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
4 -rwx 1048 Mar 1 1993 00:01:44 +00:00 multiple-fs
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info

15998976 bytes total (948224 bytes free)

 
Switch#show boot system
flash:c3750-ipservicesk9-mz.122-55.SE5.bin

Switch#conf t

Switch(config)# no boot system flash:c3750-ipservicesk9-mz.122-55.SE5.bin

Switch#wri
Building configuration…
[OK]
Switch#reload
Proceed with reload? [confirm]

*Mar 1 00:19:11.277: %SYS-5-RELOAD: Reload requested by console. Reload reason: Reload command
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:23:05:9d:de:00
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash…
flashfs[0]: 443 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 15053824
flashfs[0]: Bytes available: 945152
flashfs[0]: flashfs fsck took 38 seconds.
…done Initializing Flash.
done.
Loading “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”…@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@… [Ommitted for brevity]

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin” uncompressed and installed, entry point: 0x1000000
executing…

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

Initializing flashfs…

flashfs[1]: 443 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 15053824
flashfs[1]: Bytes available: 945152
flashfs[1]: flashfs fsck took 27 seconds.
flashfs[1]: Initialization complete….done Initializing flashfs.

Checking for Bootloader upgrade.. not needed
POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed

POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed

POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed

Waiting for Stack Master Election…
POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Passed

POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed

POST: No Cable found on stack port 1
POST: No Cable found on stack port 2

POST: PortASIC Stack Port Loopback Tests : Begin
POST: PortASIC Stack Port Loopback Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

Election Complete
Switch 2 booting as Master
Waiting for Port download…Complete
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750-24P (PowerPC405) processor (revision R0) with 131072K bytes of memory.
Processor board ID FDO1235X4KN
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:23:05:9D:DE:00
Motherboard assembly number : 73-9672-10
Power supply part number : 341-0029-05
Motherboard serial number : FDO123502G1
Power supply serial number : DTN122545WP
Model revision number : R0
Motherboard revision number : A0
Model number : WS-C3750-24PS-S
System serial number : FDO1235X4KN
Top Assembly Part Number : 800-25860-05
Top Assembly Revision Number : A0
Version ID : V06
CLEI Code Number : COMU410ARA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 2 26 WS-C3750-24P 12.2(55)SE1 C3750-IPBASEK9-M
Press RETURN to get started!
*Mar 1 00:01:35.319: %STACKMGR-4-SWITCH_ADDED: Switch 2 has been ADDED to the stack
*Mar 1 00:01:42.374: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:01:43.725: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:01:47.055: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:01:47.315: %STACKMGR-5-SWITCH_READY: Switch 2 is READY
*Mar 1 00:01:47.315: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN
*Mar 1 00:01:47.315: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state DOWN
*Mar 1 00:01:47.709: %STACKMGR-5-MASTER_READY: Master Switch 2 is READY
*Mar 1 00:01:47.978: %SYS-5-RESTART: System restarted —
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
*Mar 1 00:01:50.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/24, changed state to up
*Mar 1 00:01:51.786: %LINK-3-UPDOWN: Interface FastEthernet2/0/24, changed state to up% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

*Mar 1 00:02:08.135: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Mar 1 00:02:10.291: %PKI-6-AUTOSAVE: Running configuration saved to NVRAM
*Mar 1 00:02:19.821: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Switch>
Switch>en
Switch#sh flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info
450 -rwx 1939 Mar 1 1993 00:02:13 +00:00 private-config.text
451 -rwx 3096 Mar 1 1993 00:02:13 +00:00 multiple-fs
452 -rwx 2493 Mar 1 1993 00:02:11 +00:00 config.text

15998976 bytes total (941568 bytes free)
Switch#sh ver
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch uptime is 28 minutes
System returned to ROM by power-on
System image file is “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750-24P (PowerPC405) processor (revision R0) with 131072K bytes of memory.
Processor board ID FDO1235X4KN
Last reset from power-on
1 Virtual Ethernet interface
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:23:05:9D:DE:00
Motherboard assembly number : 73-9672-10
Power supply part number : 341-0029-05
Motherboard serial number : FDO123502G1
Power supply serial number : DTN122545WP
Model revision number : R0
Motherboard revision number : A0
Model number : WS-C3750-24PS-S
System serial number : FDO1235X4KN
Top Assembly Part Number : 800-25860-05
Top Assembly Revision Number : A0
Version ID : V06
CLEI Code Number : COMU410ARA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 2 26 WS-C3750-24P 12.2(55)SE1 C3750-IPBASEK9-M
Configuration register is 0xF

Switch#show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch uptime is 28 minutes
System returned to ROM by power-on
System image file is “flash:/c3750-ipbasek9-mz.122-55.SE1/c3750-ipbasek9-mz.122-55.SE1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you

Switch#sh flash

Directory of flash:/

2 drwx 192 Mar 1 1993 00:17:41 +00:00 c3750-ipbasek9-mz.122-55.SE1
3 -rwx 676 Mar 1 1993 00:03:56 +00:00 vlan.dat
449 -rwx 106 Mar 1 1993 00:17:42 +00:00 info
450 -rwx 1939 Mar 1 1993 00:02:13 +00:00 private-config.text
451 -rwx 3096 Mar 1 1993 00:02:13 +00:00 multiple-fs
452 -rwx 2493 Mar 1 1993 00:02:11 +00:00 config.text

15998976 bytes total (941568 bytes free)

 

Switch#dir flash:c3750-ipbasek9-mz.122-55.SE1
Directory of flash:/c3750-ipbasek9-mz.122-55.SE1/

513 drwx 4608 Mar 1 1993 01:55:17 +00:00 html
4 -rwx 12079771 Mar 1 1993 02:08:32 +00:00 c3750-ipbasek9-mz.122-55.SE1.bin
7 -rwx 681 Mar 1 1993 02:08:32 +00:00 info

32514048 bytes total (17454080 bytes free)

Python Network Automation: pyATS/Genie on GNS3

By italchemy

As network automation is getting hotter in the market, Cisco has been responding with free tools to help the network Engineers to test their tools. The tools is called pyATS/Genie.  These are some short descriptions of the tool.

  • Network and Cisco devices.
  • Operational/Test cases
  • Verification tool
  • “Profile” before change, Change, “Profile” after, DIFF
  • Genie is part opyATS library. A python testing library.
  • Genie extends ATS specific to Networking, has the ability to do many different things. parse, show commands, snapshots and compare, test in virtual environment in VIRL environment.
  • Works best on Linux. 1 core 1GB requirement.

 

Lab topology using both VIRL L2 image and 3725 IOS. Follow along and you will see the true power of this tool, however, this is more of mornitoring and auditing tool than a real programming tool. So you are still a driver and not a mechanic. If you want to become a mechanic too, start learning Python!!! Have a fun.

 

genie_lab1
#### Create a test folder called genie
pynetauto@ubuntu20s:~$ pwd
/home/pynetauto
pynetauto@ubuntu20s:~$ mkdir genie
pynetauto@ubuntu20s:~$ cd genie

#### Install python3-venv using apt-get
pynetauto@ubuntu20s:~/genie$ sudo apt-get install python3-venv
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
python3.8-venv
[… omitted for brevity]
Setting up python3.8-venv (3.8.2-1ubuntu1.1) …
Setting up python3-venv (3.8.2-0ubuntu2) …
#### Create a virtual environment to run your lab and activate
pynetauto@ubuntu20s:~/genie$ python3 -m venv .
pynetauto@ubuntu20s:~/genie$ source bin/activate
#### Install pyATS with the library
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install pyATS[library]
Collecting pyATS[library]
Downloading pyats-20.6-cp38-cp38-manylinux1_x86_64.whl (2.0 MB)
|████████████████████████████████| 2.0 MB 1.5 MB/s
[… omitted for brevity]
Receiving objects: 100% (688/688), 1.01 MiB | 1.00 MiB/s, done.
Resolving deltas: 100% (355/355), done.
(genie) pynetauto@ubuntu20s:~/genie$
#### Run some basic job examples
(genie) pynetauto@ubuntu20s:~/genie$ pyats run job examples/basic/basic_example_job.py
2020-07-17T02:18:11: %EASYPY-INFO: Starting job run: basic_example_job
[… omitted for brevity]
2020-07-17T02:18:13: %EASYPY-INFO: Done!

Pro Tip
——-
Try the following command to view your logs:
pyats logs view
#### Install extra libraries for excel
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install xlrd xlwt xlsxwriter
Collecting xlrd
Downloading xlrd-1.2.0-py2.py3-none-any.whl (103 kB)
|████████████████████████████████| 103 kB 3.4 MB/s
Collecting xlwt
Downloading xlwt-1.3.0-py2.py3-none-any.whl (99 kB)
|████████████████████████████████| 99 kB 6.5 MB/s
Collecting xlsxwriter
Downloading XlsxWriter-1.2.9-py2.py3-none-any.whl (141 kB)
|████████████████████████████████| 141 kB 6.8 MB/s
Installing collected packages: xlrd, xlwt, xlsxwriter
Successfully installed xlrd-1.2.0 xlsxwriter-1.2.9 xlwt-1.3.0
#### Genie uses a YAMAL testbed json file for device connection and authentication.
#### Install pyats.contrib (This is a requirement)
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install pyats.contrib
Collecting pyats.contrib
Downloading pyats.contrib-20.6-py3-none-any.whl (32 kB)
Requirement already satisfied: xlsxwriter in ./lib/python3.8/site-packages (from pyats.contrib) (1.2.9)
[… omitted for brevity]
Installing collected packages: pycparser, cffi, cryptography, ansible, pyats.contrib
Successfully installed ansible-2.9.10 cffi-1.14.0 cryptography-2.9.2 pyats.contrib-20.6 pycparser-2.20

Create testbed.yml file for authentication
#### This is how the yaml file looks like
(pynetauto) pynetauto@ubuntu20s:~$ pyats create testbed interactive –output testbed.yml –encode-password

Start creating Testbed yaml file …
Do all of the devices have the same username? [y/n] n
Do all of the devices have the same default password? [y/n] n
Do all of the devices have the same enable password? [y/n] n

Device hostname: myrouter1
IP (ip, or ip:port): 192.168.30.254
Username: pynetauto
Default Password (leave blank if you want to enter on demand):
Enable Password (leave blank if you want to enter on demand):
Protocol (ssh, telnet, …): telnet
OS (iosxr, iosxe, ios, nxos, linux, …): ios
More devices to add ? [y/n] n
Testbed file generated:
testbed.yml

(pynetauto) pynetauto@ubuntu20s:~$ cat testbed.yml
devices:
myrouter1:
connections:
cli:
ip: 192.168.30.254
protocol: telnet
credentials:
default:
password: ‘%ENC{w5PDosOUw5fDosKQwpbCmA==}’
username: pynetauto
enable:
password: ‘%ENC{w5PDosOUw5fDosKQwpbCmA==}’
os: ios
type: ios

####Now, run the show command
(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices[hostname]
OR
(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices myrouter1
0%| | 0/1 [00:00<?, ?it/s]{
“version”: {
“chassis”: “3725”,
“chassis_sn”: “FTX0945W0MY”,
“compiled_by”: “prod_rel_team”,
“compiled_date”: “Tue 17-Aug-10 12:08”,
“curr_config_register”: “0x2102”,
“hostname”: “myrouter1”,
“image_id”: “C3725-ADVENTERPRISEK9-M”,
“image_type”: “production image”,
“main_mem”: “124928”,
“number_of_intfs”: {
“FastEthernet”: “2”
},
“os”: “IOS”,
“platform”: “3700”,
“processor_board_flash”: “55K”,
“processor_type”: “R7000”,
“rom”: “3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)”,
“rtr_type”: “3725”,
“system_image”: “tftp://255.255.255.255/unknown”,
“uptime”: “44 minutes”,
“version”: “12.4(15)T14”,
“version_short”: “12.4”
}
}
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 1.19it/s]

(pynetauto) pynetauto@ubuntu20s:~$

===================================================
#### This is from VIRL

(pynetauto) pynetauto@ubuntu20s:~$ pyats create testbed interactive –output testbed.yml –encode-password
Start creating Testbed yaml file …
Do all of the devices have the same username? [y/n] n
Do all of the devices have the same default password? [y/n] n
Do all of the devices have the same enable password? [y/n] n

Device hostname: switch10
IP (ip, or ip:port): 192.168.30.200
Username: pynetauto
Default Password (leave blank if you want to enter on demand):
Enable Password (leave blank if you want to enter on demand):
Protocol (ssh, telnet, …): telnet
OS (iosxr, iosxe, ios, nxos, linux, …): ios
More devices to add ? [y/n] n
Testbed file generated:
testbed.yml

(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices[hostname]
0%| | 0/1 [00:00<?, ?it/s]{
“version”: {
“chassis_sn”: “9XSH5U9XEOH”,
“compiled_by”: “mmen”,
“compiled_date”: “Wed 22-Mar-17 08:38”,
“curr_config_register”: “0x101”,
“hostname”: “switch10”,
“image_id”: “vios_l2-ADVENTERPRISEK9-M”,
“image_type”: “developer image”,
“last_reload_reason”: “Unknown reason”,
“mem_size”: {
“non-volatile configuration”: “256”
},
“number_of_intfs”: {
“Gigabit Ethernet”: “16”,
“Virtual Ethernet”: “1”
},
“os”: “IOS”,
“platform”: “vios_l2”,
“processor_board_flash”: “0K”,
“returned_to_rom_by”: “reload”,
“rom”: “Bootstrap program is IOSv”,
“system_image”: “flash0:/vios_l2-adventerprisek9-m”,
“uptime”: “55 minutes”,
“version”: “15.2(20170321:233949)”,
“version_short”: “15.2”
}
}
100%|██████████████████████████████████████████████████████

 

=============== THE TRUE POWER is in PYTON =======================

Now, here’s the power of Python. You combine this with python regular expression and use any of the values as a varialbes or store them into excel files as you wish. This example will only demonstrate an re example to fish out an information.

 

>> import os
>>> show_ver = os.popen(‘genie parse “show version” –testbed-file testbed.yml –devices[hostname]’)
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 1.81it/s]

>>> output =show_ver.read()
>>> print(output)
{
“version”: {
“chassis_sn”: “9XSH5U9XEOH”,
“compiled_by”: “mmen”,
“compiled_date”: “Wed 22-Mar-17 08:38”,
“curr_config_register”: “0x101”,
“hostname”: “switch10”,
“image_id”: “vios_l2-ADVENTERPRISEK9-M”,
“image_type”: “developer image”,
“last_reload_reason”: “Unknown reason”,
“mem_size”: {
“non-volatile configuration”: “256”
},
“number_of_intfs”: {
“Gigabit Ethernet”: “16”,
“Virtual Ethernet”: “1”
},
“os”: “IOS”,
“platform”: “vios_l2”,
“processor_board_flash”: “0K”,
“returned_to_rom_by”: “reload”,
“rom”: “Bootstrap program is IOSv”,
“system_image”: “flash0:/vios_l2-adventerprisek9-m”,
“uptime”: “1 hour, 19 minutes”,
“version”: “15.2(20170321:233949)”,
“version_short”: “15.2”
}
}

 

### The output is a long string.

>>> type(output)
<class ‘str’>

# Import re module and use one of the cool regular expressions to capture only the information you require. Here I am using look behind feature (?<=). Lookbehind will bes used in string search but some parts will not be included. I am trying to capture the uptime for this device only.
>>> import re

>>> p = re.compile(r'(?<=\”uptime\”: ).+’)
>>> m = p.findall(output)
>>> m
[‘”1 hour, 19 minutes”,’]

 

 

Python Network Automation: pyATS/Genie on GNS3

By italchemy

As network automation is getting hotter in the market, Cisco has been responding with free tools to help the network Engineers to test their tools. The tools is called pyATS/Genie.  These are some short descriptions of the tool.

  • Network and Cisco devices.
  • Operational/Test cases
  • Verification tool
  • “Profile” before change, Change, “Profile” after, DIFF
  • Genie is part opyATS library. A python testing library.
  • Genie extends ATS specific to Networking, has the ability to do many different things. parse, show commands, snapshots and compare, test in virtual environment in VIRL environment.
  • Works best on Linux. 1 core 1GB requirement.

 

Lab topology using both VIRL L2 image and 3725 IOS. Follow along and you will see the true power of this tool, however, this is more of mornitoring and auditing tool than a real programming tool. So you are still a driver and not a mechanic. If you want to become a mechanic too, start learning Python!!! Have a fun.

 

genie_lab1
#### Create a test folder called genie
pynetauto@ubuntu20s:~$ pwd
/home/pynetauto
pynetauto@ubuntu20s:~$ mkdir genie
pynetauto@ubuntu20s:~$ cd genie

#### Install python3-venv using apt-get
pynetauto@ubuntu20s:~/genie$ sudo apt-get install python3-venv
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
python3.8-venv
[… omitted for brevity]
Setting up python3.8-venv (3.8.2-1ubuntu1.1) …
Setting up python3-venv (3.8.2-0ubuntu2) …
#### Create a virtual environment to run your lab and activate
pynetauto@ubuntu20s:~/genie$ python3 -m venv .
pynetauto@ubuntu20s:~/genie$ source bin/activate
#### Install pyATS with the library
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install pyATS[library]
Collecting pyATS[library]
Downloading pyats-20.6-cp38-cp38-manylinux1_x86_64.whl (2.0 MB)
|████████████████████████████████| 2.0 MB 1.5 MB/s
[… omitted for brevity]
Receiving objects: 100% (688/688), 1.01 MiB | 1.00 MiB/s, done.
Resolving deltas: 100% (355/355), done.
(genie) pynetauto@ubuntu20s:~/genie$
#### Run some basic job examples
(genie) pynetauto@ubuntu20s:~/genie$ pyats run job examples/basic/basic_example_job.py
2020-07-17T02:18:11: %EASYPY-INFO: Starting job run: basic_example_job
[… omitted for brevity]
2020-07-17T02:18:13: %EASYPY-INFO: Done!

Pro Tip
——-
Try the following command to view your logs:
pyats logs view
#### Install extra libraries for excel
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install xlrd xlwt xlsxwriter
Collecting xlrd
Downloading xlrd-1.2.0-py2.py3-none-any.whl (103 kB)
|████████████████████████████████| 103 kB 3.4 MB/s
Collecting xlwt
Downloading xlwt-1.3.0-py2.py3-none-any.whl (99 kB)
|████████████████████████████████| 99 kB 6.5 MB/s
Collecting xlsxwriter
Downloading XlsxWriter-1.2.9-py2.py3-none-any.whl (141 kB)
|████████████████████████████████| 141 kB 6.8 MB/s
Installing collected packages: xlrd, xlwt, xlsxwriter
Successfully installed xlrd-1.2.0 xlsxwriter-1.2.9 xlwt-1.3.0
#### Genie uses a YAMAL testbed json file for device connection and authentication.
#### Install pyats.contrib (This is a requirement)
(genie) pynetauto@ubuntu20s:~/genie$ pip3 install pyats.contrib
Collecting pyats.contrib
Downloading pyats.contrib-20.6-py3-none-any.whl (32 kB)
Requirement already satisfied: xlsxwriter in ./lib/python3.8/site-packages (from pyats.contrib) (1.2.9)
[… omitted for brevity]
Installing collected packages: pycparser, cffi, cryptography, ansible, pyats.contrib
Successfully installed ansible-2.9.10 cffi-1.14.0 cryptography-2.9.2 pyats.contrib-20.6 pycparser-2.20

Create testbed.yml file for authentication
#### This is how the yaml file looks like
(pynetauto) pynetauto@ubuntu20s:~$ pyats create testbed interactive –output testbed.yml –encode-password

Start creating Testbed yaml file …
Do all of the devices have the same username? [y/n] n
Do all of the devices have the same default password? [y/n] n
Do all of the devices have the same enable password? [y/n] n

Device hostname: myrouter1
IP (ip, or ip:port): 192.168.30.254
Username: pynetauto
Default Password (leave blank if you want to enter on demand):
Enable Password (leave blank if you want to enter on demand):
Protocol (ssh, telnet, …): telnet
OS (iosxr, iosxe, ios, nxos, linux, …): ios
More devices to add ? [y/n] n
Testbed file generated:
testbed.yml

(pynetauto) pynetauto@ubuntu20s:~$ cat testbed.yml
devices:
myrouter1:
connections:
cli:
ip: 192.168.30.254
protocol: telnet
credentials:
default:
password: ‘%ENC{w5PDosOUw5fDosKQwpbCmA==}’
username: pynetauto
enable:
password: ‘%ENC{w5PDosOUw5fDosKQwpbCmA==}’
os: ios
type: ios

####Now, run the show command
(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices[hostname]
OR
(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices myrouter1
0%| | 0/1 [00:00<?, ?it/s]{
“version”: {
“chassis”: “3725”,
“chassis_sn”: “FTX0945W0MY”,
“compiled_by”: “prod_rel_team”,
“compiled_date”: “Tue 17-Aug-10 12:08”,
“curr_config_register”: “0x2102”,
“hostname”: “myrouter1”,
“image_id”: “C3725-ADVENTERPRISEK9-M”,
“image_type”: “production image”,
“main_mem”: “124928”,
“number_of_intfs”: {
“FastEthernet”: “2”
},
“os”: “IOS”,
“platform”: “3700”,
“processor_board_flash”: “55K”,
“processor_type”: “R7000”,
“rom”: “3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)”,
“rtr_type”: “3725”,
“system_image”: “tftp://255.255.255.255/unknown”,
“uptime”: “44 minutes”,
“version”: “12.4(15)T14”,
“version_short”: “12.4”
}
}
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 1.19it/s]

(pynetauto) pynetauto@ubuntu20s:~$

===================================================
#### This is from VIRL

(pynetauto) pynetauto@ubuntu20s:~$ pyats create testbed interactive –output testbed.yml –encode-password
Start creating Testbed yaml file …
Do all of the devices have the same username? [y/n] n
Do all of the devices have the same default password? [y/n] n
Do all of the devices have the same enable password? [y/n] n

Device hostname: switch10
IP (ip, or ip:port): 192.168.30.200
Username: pynetauto
Default Password (leave blank if you want to enter on demand):
Enable Password (leave blank if you want to enter on demand):
Protocol (ssh, telnet, …): telnet
OS (iosxr, iosxe, ios, nxos, linux, …): ios
More devices to add ? [y/n] n
Testbed file generated:
testbed.yml

(pynetauto) pynetauto@ubuntu20s:~$ genie parse “show version” –testbed-file testbed.yml –devices[hostname]
0%| | 0/1 [00:00<?, ?it/s]{
“version”: {
“chassis_sn”: “9XSH5U9XEOH”,
“compiled_by”: “mmen”,
“compiled_date”: “Wed 22-Mar-17 08:38”,
“curr_config_register”: “0x101”,
“hostname”: “switch10”,
“image_id”: “vios_l2-ADVENTERPRISEK9-M”,
“image_type”: “developer image”,
“last_reload_reason”: “Unknown reason”,
“mem_size”: {
“non-volatile configuration”: “256”
},
“number_of_intfs”: {
“Gigabit Ethernet”: “16”,
“Virtual Ethernet”: “1”
},
“os”: “IOS”,
“platform”: “vios_l2”,
“processor_board_flash”: “0K”,
“returned_to_rom_by”: “reload”,
“rom”: “Bootstrap program is IOSv”,
“system_image”: “flash0:/vios_l2-adventerprisek9-m”,
“uptime”: “55 minutes”,
“version”: “15.2(20170321:233949)”,
“version_short”: “15.2”
}
}
100%|██████████████████████████████████████████████████████

 

=============== THE TRUE POWER is in PYTON =======================

Now, here’s the power of Python. You combine this with python regular expression and use any of the values as a varialbes or store them into excel files as you wish. This example will only demonstrate an re example to fish out an information.

 

>> import os
>>> show_ver = os.popen(‘genie parse “show version” –testbed-file testbed.yml –devices[hostname]’)
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:00<00:00, 1.81it/s]

>>> output =show_ver.read()
>>> print(output)
{
“version”: {
“chassis_sn”: “9XSH5U9XEOH”,
“compiled_by”: “mmen”,
“compiled_date”: “Wed 22-Mar-17 08:38”,
“curr_config_register”: “0x101”,
“hostname”: “switch10”,
“image_id”: “vios_l2-ADVENTERPRISEK9-M”,
“image_type”: “developer image”,
“last_reload_reason”: “Unknown reason”,
“mem_size”: {
“non-volatile configuration”: “256”
},
“number_of_intfs”: {
“Gigabit Ethernet”: “16”,
“Virtual Ethernet”: “1”
},
“os”: “IOS”,
“platform”: “vios_l2”,
“processor_board_flash”: “0K”,
“returned_to_rom_by”: “reload”,
“rom”: “Bootstrap program is IOSv”,
“system_image”: “flash0:/vios_l2-adventerprisek9-m”,
“uptime”: “1 hour, 19 minutes”,
“version”: “15.2(20170321:233949)”,
“version_short”: “15.2”
}
}

 

### The output is a long string.

>>> type(output)
<class ‘str’>

# Import re module and use one of the cool regular expressions to capture only the information you require. Here I am using look behind feature (?<=). Lookbehind will bes used in string search but some parts will not be included. I am trying to capture the uptime for this device only.
>>> import re

>>> p = re.compile(r'(?<=\”uptime\”: ).+’)
>>> m = p.findall(output)
>>> m
[‘”1 hour, 19 minutes”,’]

 

 

Python – Defining class for Cisco routers and switches

By italchemy

# This is just a sample of defining  class for cisco routers and switches. Expand on this idea to make a good use.

 

r1 = Router(“r1”, “192.168.0.1”, “Cisco”, “router”, “2925”)
r2 = Router(“r2”, “192.168.1.1”, “Cisco”, “router”, “3945”)

# Define a class for routers

class Router:
# Use python constructor to avoid the attribute mistakes
def __init__(self, hostname, ip_add, brand, dev_type, mod_no):
self.hostname = hostname
self.ip_add = ip_add
self.brand = brand
self.dev_type = dev_type
self.mod_no = mod_no

def routers(self):
print(self.hostname) # same as this in java.
print(self.ip_add)
print(self.brand)
print(self.dev_type)
print(self.mod_no)

 

r1.routers()
r2.routers()

 

====================

sw1 = Switch(“sw1”, “192.168.0.10”, “Cisco”, “switch”, “3750”, True, “NY”)
sw2 = Switch(“sw2”, “192.168.1.10”, “Cisco”, “switch”, “3850”, False, “SYD”)

# Now define a cass for switches

class Switch:
def __init__(self, hostname, ip_add, brand, dev_type, mod_no, on_off, site):
self.hostname = hostname
self.ip_add = ip_add
self.brand = brand
self.dev_type = dev_type
self.mod_no = mod_no
self.on_off = on_off
self.site = site

def switches(self):
print(self.hostname) # same as this in java.
print(self.ip_add)
print(self.brand)
print(self.dev_type)
print(self.mod_no)
print(self.on_off)
print(self.site)

def on(self):
self.on_off = True
def off(self):
self.on_off = False

sw1.switches()
sw2.switches()

print(type(sw1))

Python – Defining class for Cisco routers and switches

By italchemy

# This is just a sample of defining  class for cisco routers and switches. Expand on this idea to make a good use.

 

r1 = Router(“r1”, “192.168.0.1”, “Cisco”, “router”, “2925”)
r2 = Router(“r2”, “192.168.1.1”, “Cisco”, “router”, “3945”)

# Define a class for routers

class Router:
# Use python constructor to avoid the attribute mistakes
def __init__(self, hostname, ip_add, brand, dev_type, mod_no):
self.hostname = hostname
self.ip_add = ip_add
self.brand = brand
self.dev_type = dev_type
self.mod_no = mod_no

def routers(self):
print(self.hostname) # same as this in java.
print(self.ip_add)
print(self.brand)
print(self.dev_type)
print(self.mod_no)

 

r1.routers()
r2.routers()

 

====================

sw1 = Switch(“sw1”, “192.168.0.10”, “Cisco”, “switch”, “3750”, True, “NY”)
sw2 = Switch(“sw2”, “192.168.1.10”, “Cisco”, “switch”, “3850”, False, “SYD”)

# Now define a cass for switches

class Switch:
def __init__(self, hostname, ip_add, brand, dev_type, mod_no, on_off, site):
self.hostname = hostname
self.ip_add = ip_add
self.brand = brand
self.dev_type = dev_type
self.mod_no = mod_no
self.on_off = on_off
self.site = site

def switches(self):
print(self.hostname) # same as this in java.
print(self.ip_add)
print(self.brand)
print(self.dev_type)
print(self.mod_no)
print(self.on_off)
print(self.site)

def on(self):
self.on_off = True
def off(self):
self.on_off = False

sw1.switches()
sw2.switches()

print(type(sw1))

Catpure Gigabit interface only – GigabitEthernet\d[/]\d\d?

By italchemy

s= “””

Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan10 10.193.40.11 YES NVRAM up up
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset up up
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down

“””

 

>>> m = re.findall(r”(GigabitEthernet\d[/]\d\d?)”, s)

>>> m

[‘GigabitEthernet0/1’, ‘GigabitEthernet0/2’, ‘GigabitEthernet0/3’, ‘GigabitEthernet0/4’, ‘GigabitEthernet0/5’, ‘GigabitEthernet0/6’, ‘GigabitEthernet0/7’, ‘GigabitEthernet0/8’, ‘GigabitEthernet0/9’, ‘GigabitEthernet0/10’]

Catpure Gigabit interface only – GigabitEthernet\d[/]\d\d?

By italchemy

s= “””

Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan10 10.193.40.11 YES NVRAM up up
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset up up
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down

“””

 

>>> m = re.findall(r”(GigabitEthernet\d[/]\d\d?)”, s)

>>> m

[‘GigabitEthernet0/1’, ‘GigabitEthernet0/2’, ‘GigabitEthernet0/3’, ‘GigabitEthernet0/4’, ‘GigabitEthernet0/5’, ‘GigabitEthernet0/6’, ‘GigabitEthernet0/7’, ‘GigabitEthernet0/8’, ‘GigabitEthernet0/9’, ‘GigabitEthernet0/10’]

Install FTP server (vsftpd) on Ubuntu 20.04 – Six Steps

By italchemy

Step 1: Update repository and install vsftpd
sudo apt update && sudo apt install vsftpd

To check enable & status:
sudo systemctl enable vsftpd
sudo systemctl status vsftpd

step 2: Configure firewall
sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 49000:49999/tcp
sudo ufw allow 990/tcp (Optional, if using TLS)

sudo ufw enable
sudo ufw status

Step 3: Create FTP User
sudo adduser ftpuser1

Modify sshd_config file:
sudo nano /etc/ssh/sshd_config
# Add the following line at the end to block ftpuser1 using SSH and SFTP.
DenyUsers ftpuser1

sudo service sshd restart
Step 4: Give directory permissions
Two options here, 1. to user1 home folder, 2. use web server.
Only using home folder.

# Create a dedicate directory, ftp
sudo mkdir /home/ftpuser1/ftp

# Set the ownership to nogody:nogroup so, other users cannot access this directory. Lockind down 2.
sudo chown nobody:nogroup /home/ftpuser1/ftp

# Remove (-), all(a), write(w) permission from everyone. Locking down 1
sudo chmod a-w /home/ftpuser1/ftp

# Now create new directories to upload/download files
sudo mkdir /home/ftpuser1/ftp/ios
sudo mkdir /home/ftpuser1/ftp/backups
sudo mkdir /home/ftpuser1/ftp/logs

# Assign ownership to ftpuser1 to provide write access.
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/ios
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/backups
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/logs

Step 4: vsftpd server configuration
# make a backup of the original vsftpd.conf file by renaming it.
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

# create new vsftpd.conf file
sudo nano /etc/vsftpd.conf

# Cut and paste the following:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=49000
pasv_max_port=49999
# ADDED BY SYSTEM ADMIN
# Tell vsftpd know that the root FTP folder is /ftp under /home/ftpuser1/.
user_sub_token=$USER
local_root=/home/$USER/ftp

# Restare vsftpd server
sudo systemctl restart vsftpd

Step 6: Download FileZilla Client and login.
# *Make sure that you are logging in “Active” transfer mode. Got to FileZilla Settings.

Edit >>> Settings >>> Connection >>> FTP >>> under “Transfer Mode”, change Passive to Active. OK

*** At this point, you should be able to upload/download files with no issues. ***

# To check vsftpd server logs
sudo tail /var/log/vsftpd.log -n 100

Install FTP server (vsftpd) on Ubuntu 20.04 – Six Steps

By italchemy

Step 1: Update repository and install vsftpd
sudo apt update && sudo apt install vsftpd

To check enable & status:
sudo systemctl enable vsftpd
sudo systemctl status vsftpd

step 2: Configure firewall
sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 49000:49999/tcp
sudo ufw allow 990/tcp (Optional, if using TLS)

sudo ufw enable
sudo ufw status

Step 3: Create FTP User
sudo adduser ftpuser1

Modify sshd_config file:
sudo nano /etc/ssh/sshd_config
# Add the following line at the end to block ftpuser1 using SSH and SFTP.
DenyUsers ftpuser1

sudo service sshd restart
Step 4: Give directory permissions
Two options here, 1. to user1 home folder, 2. use web server.
Only using home folder.

# Create a dedicate directory, ftp
sudo mkdir /home/ftpuser1/ftp

# Set the ownership to nogody:nogroup so, other users cannot access this directory. Lockind down 2.
sudo chown nobody:nogroup /home/ftpuser1/ftp

# Remove (-), all(a), write(w) permission from everyone. Locking down 1
sudo chmod a-w /home/ftpuser1/ftp

# Now create new directories to upload/download files
sudo mkdir /home/ftpuser1/ftp/ios
sudo mkdir /home/ftpuser1/ftp/backups
sudo mkdir /home/ftpuser1/ftp/logs

# Assign ownership to ftpuser1 to provide write access.
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/ios
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/backups
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/logs

Step 4: vsftpd server configuration
# make a backup of the original vsftpd.conf file by renaming it.
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

# create new vsftpd.conf file
sudo nano /etc/vsftpd.conf

# Cut and paste the following:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=49000
pasv_max_port=49999
# ADDED BY SYSTEM ADMIN
# Tell vsftpd know that the root FTP folder is /ftp under /home/ftpuser1/.
user_sub_token=$USER
local_root=/home/$USER/ftp

# Restare vsftpd server
sudo systemctl restart vsftpd

Step 6: Download FileZilla Client and login.
# *Make sure that you are logging in “Active” transfer mode. Got to FileZilla Settings.

Edit >>> Settings >>> Connection >>> FTP >>> under “Transfer Mode”, change Passive to Active. OK

*** At this point, you should be able to upload/download files with no issues. ***

# To check vsftpd server logs
sudo tail /var/log/vsftpd.log -n 100

To SSH in from one router(switch) to another. ssh -l UserID -p 22 IP_address

By italchemy

 

R1#show run | in bchoi
username bchoi privilege 15 secret 5 $1$yGsS$QzihG2DB3CIniWtdQzj.m/

R1#show run | be line vty
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
logging synchronous
login local
transport input ssh

ssh

Log in using -l and -p options!!!

R2#ssh -l bchoi -p 22 192.168.30.182

Password:
ITAlchemy.com Access only.
R1#

 

To SSH in from one router(switch) to another. ssh -l UserID -p 22 IP_address

By italchemy

 

R1#show run | in bchoi
username bchoi privilege 15 secret 5 $1$yGsS$QzihG2DB3CIniWtdQzj.m/

R1#show run | be line vty
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
logging synchronous
login local
transport input ssh

ssh

Log in using -l and -p options!!!

R2#ssh -l bchoi -p 22 192.168.30.182

Password:
ITAlchemy.com Access only.
R1#

 

Cisco Meeting Server – Part 8: Call Bridge Groups

By ben

Call Bridge groups allows call bridges that are clustered to load balance in/outgoing calls, apply the smarts behind load sharing resources. We then link services or functions to the Call Bridge Groups. (as seen is later steps)

1. Using the an API Tool like POSTMAN, create a Call Bridge Group, and store the Call Bridge Group ID somewhere on your PC for later use. The command to use is POST https://172.18.27.24:445/api/v1/callbridgegroups.
2. Collect the Call Bridge IDs that will be members of the Call Bridge Group using the GET cmd.

cms-cbg-1

3. Modify the Call Bridges to add the Call Bridge Group ID

PUT -> api/v1/callbridges/call_bridge_id/
BODY – > callBridgeGroup = call_bridge_group_id

cms-cbg-2

4. Next we enable load balancing for the Call Bridge Group.

PUT -> api/v1/callbridgegroups/callbridgegroup_id
BODY -> loadbalancingEnabled = true
BODY -> loadbalancOutgoingCalls = true

cms-cbg-3

❌