Showing posts with label switch. Show all posts
Showing posts with label switch. Show all posts

Friday, April 19, 2019

Cisco switch configuration backup using PowerShell

In this article, I will briefly explain how to back up the running configuration of Cisco switches to a TFTP server location using PowerShell.

Prerequisites
  • A TFTP server should be configured and running.
  • PowerShell module Posh-SSH should be installed on the node from which the script is running.

Workflow
  1. Collect credentials to SSH into the switch
    $creds = Get-Credential
  2. Create a new SSH session to the first switch in the list
    $sw_ssh = New-SshSession -ComputerName <Management IP of Cisco switch> -Credential $creds -Force -ConnectionTimeout 300
  3. Invoke the command to backup running config to TFTP server over the SSH session
    $cmd_backup = "copy running-config tftp://<IP of TFTP server>/config_backup.txt vrf management"
    Invoke-sshcommand -Command $cmd_backup -SSHSession $sw_ssh

You can schedule this PS script using a task scheduler so that the running configuration of switches can be backed up automatically on a daily basis or as per requirements. Hope this was useful. Cheers!

Complete project reference
https://github.com/vineethac/cisco_switch_backup

Related article
Dell EMC switch configuration backup using PowerShell

Wednesday, March 13, 2019

Working with Cisco Nexus 9K switches using PowerShell

In this article, I will explain briefly about how to work with Cisco NX-API CLI through PowerShell. Before getting into the steps and sample PowerShell code, lets first familiarize with NX-API Developer Sandbox. You can access the sandbox by entering the management IP of your Cisco switch in a web browser. Provide user name and password. Once successfully logged in, you will get a page as shown below. The developer sandbox will convert the normal CLI commands into JSON request and will also provide result/ response in JSON format.

NX-API Developer Sandbox

In the above screenshot, I am using "show hostname" command. The message format is set to JSON and command type is set to cli_show to get a response in JSON. Once done, hit POST. You can see the corresponding request and response in JSON format.

Now, let's try to do the same using PowerShell.

#Step1:

<# 
To fix the connection issues <The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.>
#> 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
        }
    }
"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls11

#Step2:

$creds = Get-Credential

#Step3:

$request = @'
{
    "ins_api": {
          "version": "1.0",
          "type": "cli_show",
          "chunk": "0",
          "sid": "1",
          "input": "show hostname",
          "output_format": "json"
    }
}
'@

#Step4:

$result = Invoke-RestMethod -Uri "http://<IP of switch>/ins" -Method post -Credential $creds -ContentType "application/json" -Body $request


Output:


Hope it was useful. Cheers!

Reference:

Sunday, July 29, 2018

Switch configuration backup using PowerShell

In this article, I will briefly explain how to backup running configuration of your Dell switches to a TFTP server location using PowerShell.

Prerequisites

  • A TFTP server should be configured and running
Workflow
  1. Get a list of IP address of switches that needs to be backed up
    list = Get-Content .\switch_list.txt
  2. Collect credentials to SSH into the switch
    $creds = Get-Credential
  3. Create a new SSH session to the first switch in the list
    $sw_ssh = New-SshSession -ComputerName 192.168.10.2 -Credential $creds -Force -ConnectionTimeout 300
  4. Invoke the command to backup running config to TFTP server over the SSH session
    $filename =(Get-Date).tostring("dd-MM-yyyy-hh-mm-ss")
    $cmd_backup = "copy running-config tftp://192.168.11.33/sw01/$filename.txt"
    Invoke-sshcommand -Command $cmd_backup -SSHSession $sw_ssh
  5. Repeat step 3 and 4 for all the switches in the list
Complete project reference

Note
You can schedule this PS script using a task scheduler so that the running configuration of switches can be backed up automatically on a daily basis or as per requirements.

Hope this was useful. Cheers!

Related article
Cisco switch configuration backup using PowerShell

Monday, April 30, 2018

Infrastructure testing using Pester - Part 3

In this article, I will explain briefly about how to use Pester to validate your switching infrastructure/ switch configurations. If your switches have incorrect configurations, you will experience several problems like network disconnections, high latency, low throughput, etc. And all these will contribute towards network performance issues. In a hyper-converged infrastructure, incorrect switch configurations will affect both compute and storage performance. So it is very important to make sure your switches are configured in the right way according to best practice recommendations.

Using Pester tests, you can define the expected configuration rules and execute it against your existing switches to verify everything is configured correctly or not.

Here in this example, I will show how to verify the below.
  • Networking OS version (here I am using Dell EMC S5048F-ON switch)
  • The interfaces are Up (given a range)
  • A given set of VLANs are present and Up

Prerequisite PowerShell modules:
  • Pester - Version 4.3.1
  • Posh-SSH - Version 2.0.2

Note: I am using Powershell 5.1.14393.0

#Collect input 
#Provide interface range to verify status
[int]$Start_port = Read-host "Enter starting switch port number"
[int]$End_port = Read-host "Enter ending switch port number"
#Provide VLANs to verify status
[int[]]$vlans = 20,23
$check_vlans = @{}

#New SSH session to the Switch 
$sw_creds = Get-Credential -Message "Enter switch creds"

Write-Host "Creating new SSH session to Switch."
$SWssh = New-SSHSession -ComputerName 192.168.10.4 -Credential $sw_creds -Force -ConnectionTimeout 300
Write-Host "Collecting configuration details from Switch. This will take few seconds."
Start-Sleep -s 3

Write-Host "Collecting VLAN details from Switch. This will take few seconds."
for ($j=0; $j -lt $vlans.Count; $j++) {
    Write-Host "Collecting details of VLAN $($vlans[$j])"
    $cmd_vlan = "show interfaces vlan $($vlans[$j])"
    $check_vlan = invoke-sshcommand -Command $cmd_vlan -SSHSession $SWssh
    Start-Sleep -s 3
    $check_vlans[$j] = $check_vlan.Output
}

#Collecting networking OS info 
$Networking_OS = Invoke-SSHCommand -SSHSession $SWssh -Command "show system"
Start-Sleep -s 3

#Collecting interface status details
$interface_cmd =  "show interfaces twentyFiveGigE 1/$Start_port-1/$End_port"
$interface_status = Invoke-SSHCommand -SSHSession $SWssh -Command $interface_cmd

Write-Host "Configuration verification started.`n"

Describe "System basic checks" {
    Context "Check networking OS version" {
        It "Should be Dell EMC Networking OS Version : 9.12(1.0)" {
            ($Networking_OS.Output) -match 'Dell EMC Networking OS Version : 9\.12\(1\.0\)\s\s$' | Should be $true
        }
    }
}

$Global:i=1

Describe "Interface checks" {
    for ($i=$Start_port; $i -le $End_port; $i++{
        Context "Interface should be UP" {
            It "Interface 1/$i should be UP" {
                 $Global:c1 = "twentyFiveGigE 1/$i is up, line protocol is up"
                 $res = ($interface_status.Output) -match $c1
                 $res | should be $true
            }
        }
    }
}

Describe "VLAN checks" {
    for ($j=0; $j -lt $vlans.Count; $j++) {
        Context "Check VLAN $($vlans[$j])" {
             It "Should contain VLAN $($vlans[$j])" {
                  $check = ($check_vlans[$j]) -match '% Error: No such interface'
                  $check | should be $null
                  Write-host $check
             }
             It "VLAN $($vlans[$j]) should be UP" {
                  $tt = "Vlan $($vlans[$j]) is up, line protocol is up"
                  $t3 = ($check_vlans[$j]) -match $tt
                  $t3 | should be $true
             }
        }
    }
}

Remove-SSHSession -SSHSession $SWssh

#Sample output

You can write custom Pester tests according to your switching infrastructure configuration, where you can verify port channels, VLAN membership of switch ports, VLT configuration etc. Hope this was helpful. Cheers!