[afnog] I would be interested in Cisco (and non-Cisco) Config Management Scripts - RE: AS filtering question

Jeff Mason jmason at Nashville-MDHA.org
Thu Sep 5 13:51:00 UTC 2013 

FYI, if you do write professional configuration scripts for any level of Cisco routers, I would be very interested in those scripts. At a previous job, I wrote scripts that automated password changes on all Cisco switches, routers & firewalls. Granted, there's no direct ability to script in any "elegant" manner; i.e., I had to write scripts based on partially "feeding" input via TFTP & telnet/ssh and so forth. I know there are expensive tools you can purchase (CiscoWorks, is that the right name?) - we tried that, and it lets you manage a certain number of devices (50? before you have to purchase a licensed version); and we had more devices than the "free version" supported; and it did not seem to be as robust and/or flexible as what we wanted. At any rate, I had written a set of scripts that more or  less automated Cisco/ASA firewall, switch, router & concentrator changes (as well as config changes, as needed). 

What solutions for scripting Cisco router/firewall/switch changes are most common among the Afnog community?

NOTE: I have begun publishing on Microsoft's Technet Script Gallery some of my scripts (none of the Cisco scripts yet - I will have to dig them out of the cobwebs and dust - LOL)
It is  free to publish on Technet, and you do get some form of "professional/industry" recognition. Also, it's a great repository to find existing scripts and keep from re-inventing the wheel.

Below are my 6 script contributions so far.

SHAMELESS PLUG: *PLEASE CLICK AND, IF INCLINED, DOWNLOAD THESE AND TELL ME WHAT YOU THINK*
[YES, the number of downloads gives me better ratings and, eventually, more "achievements" - i.e., when I hit 100, 250, etc. - Currently I'm at 68 downloads]

Windows Shell script (.bat) to Copy Local Security Policy from one Computer to another; for cases where you may have workgroups that are not able to use domain/GPO.
http://gallery.technet.microsoft.com/Windows-bat-script-to-Copy-1403b3ef

PowerShell Get Local User SID from remote computers no prompting for credentials
http://gallery.technet.microsoft.com/Get-Local-User-SID-from-ec384cc1

Windows Shell Script (.bat) to List all Scheduled Tasks on All Remote Servers
http://gallery.technet.microsoft.com/Windows-Shell-Script-to-ffac3649

PowerShell script to list Memory Slot Information for a remote computer
http://gallery.technet.microsoft.com/PowerShell-script-to-list-82f88d0e

VBScript to remotely capture a list of local computer admins to a csv file (Audit the local "administrators" group members on a list of remote computers)
http://gallery.technet.microsoft.com/Remotely-capture-a-list-of-bb7a1cd4

Windows Batch Command script to configure power management remotely
http://gallery.technet.microsoft.com/Windows-Batch-Command-13fa1a41

As I said, I would LOVE to see any scripts you may have for Cisco (or non-Cisco) network devices, and to understand what tools are best for managing those devices.

Jeff Mason, MCSE, BBA CIS
MDHA Systems Administrator
615-780-7031
jmason at nashville-mdha.org


-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of Mark Tinka
Sent: Thursday, September 05, 2013 6:44 AM
To: Philip Smith
Cc: Nishal Goburdhan; African Network Operators
Subject: Re: [afnog] AS filtering question

On Thursday, September 05, 2013 01:19:18 PM Philip Smith
wrote:

> I wished, nay, asked for many years that Cisco would add named as-path 
> filters, like we have named access-lists and prefix-lists. I still 
> have a v long wish list. :-(

They fixed that in IOS XR. Some examples:

as-path-set as-path-inbound-some-network
  ios-regex '^(65001_)+$'
end-set
!
as-path-set as-path-inbound-other-network
  ios-regex '^(65002_)+$'
end-set
!
as-path-set as-path-inbound-another-network
  ios-regex '^(65003_)+$',
  ios-regex '^(65003_)+(65004_)+$',
  ios-regex '^(65003_)+(65005_)+$',
  ios-regex '^(65003_)+(65006_)+$',
  ios-regex '^(65003_)+(65007_)+$'
end-set

> Got scars, but no good advice apart from keep it simple.
> I use off-line master config file, keep it well documented with 
> detailed comments about what each as-path filter does. Seems to work 
> for me, but then I'm v used to that process.

Agree - best way in IOS and IOS XE, to be honest.

Mark.

**********************************************************************
Although MDHA has taken reasonable precautions to ensure no viruses are present in
this email, MDHA cannot accept responsibility for any loss or damage arising from the
use of this email or attachments.

This communication is confidential and may contain privileged information intended 
solely for the named addressee(s). It may not be used or disclosed except for the 
purpose for which it has been sent. If you are not the intended recipient, you must not 
copy, distribute or take any action in reliance on it. Please note that any views or 
opinions presented in this email are solely those of the author and do not necessarily 
represent those of MDHA. If you have received this communication in error, please 
notify MDHA by emailing systemadministrator at nashville-mdha.org, quoting the sender, 
and then delete the message and any attached documents. MDHA accepts no liability or 
responsibility for any onward transmission or use of emails and attachments having left 
the MDHA domain.
**********************************************************************

More information about the afnog mailing list