Device


Cisco Management

ASA-Alarm
Auto-Save
Catalyst-Hardware-Rev
CCM-Alarm
Cisco-Alarm
Count-Associated-Clients
Find-QOS-Drops
Inv-ROM
Mod-Config
Mod-Interface
QOS-Drops-Alarm
Redundancy-Testing
Red-Reboot
Proxy-Ping-Alarm
Save-Config
Show-CDP-Neighbors
Show-Standby
Show-Tunnels
Switch Power Alarm
Tunnel-Alarm
UC-Version
Unconf-Modules-Alarm
Unity-Alarm
Unsnooped-Vlan-Alarm
Upgrade-IOS
Write-Mem


Other Open Source Projects

COSI

Pancho


Cisco Management

The Scripts

These PERL scripts help us manage our flock of Cisco switches, routers, and VPN concentrators.

ASA-Alarm takes a list of Cisco ASA appliances as arguments and scans various MIB variables for hardware problems, producing a report -- if it detects any problems, it notifies via e-mail.

Auto-Save takes a list of devices as arguments and compares startup-config to the version saved on the tftp server. If they are different, updates the version saved on the tftp server and stores both 'before' and 'after' copies to a changetree.

Catalyst-Hardware-Rev takes a list of Catalyst stackable switches as arguments, looks for various hardware / firmware revision signifiers, produces a report.

CCM-Alarm takes a list of Cisco Communications Manager servers as arguments, looks for various problems, produces a report -- and if it detects problems, notifies via e-mail.

Cisco-Alarm takes a list of Cisco devices as arguments and scans various MIB variables for hardware problems, producing a report -- if it detects any, it notifies via e-mail.

Count-Associated-Clients takes a list of Cisco WLC and WiSM as arguments and uses CISCO-LWAPP-DOT11-CLIENT-MIB::cldcClientStatus to count the number of associated WiFi clients, produce a report, and append to a log file.

Find-QOS-Drops takes list of devices as arguments and looks for ports which have dropped QoS-tagged frames.

Inv-ROM takes a list of devices as arguments, grabs the ROM version, and produces a report.

Mod-Config takes a file name and a list of devices as arguments; it uploads the file to each target, merging it with running-config.

Mod-Interface takes a file name and a list of devices as arguments, plus numerous command-line switches. It replaces wildcards in the file name with VLAN and port-specific parameters, and then uploads the result to each target, merging it with running-config. The goal is to allow one to apply policy to switch ports -- this is one of the most feature-rich scripts in the Netops collection.

QOS-Drops-Alarm takes list of devices as arguments and looks for ports which have dropped QoS-tagged frames, alarming when it finds them.

We run Redundancy-Testing from cron every month to test the redundant aspects of our packet infrastructure. This script employes red-reboot (see below) to reboot a list of devices in order, waiting to see that the rebooted device returns to life before continuing. While a device reboots, the script pings an address located *behind* the rebooting device, tracking how many pings are lost when the device goes down and how many are lost when the device comes back up again. The script logs the results and produces a report. The next day, a human analyzes the network management station's logs to see whether or not the redundant packet infrastructure performed as expected.

Red-Reboot performs the heavy lifting for redundancy-testing (see above).

Proxy-Ping-Alarm takes a list of addresses and a VRF name as arguments, uses the CISCO-PING-MIB to ping those addresses via the VRF, produces a report, and alarms if it detects problems. The point is to watch interfaces living in a VRF which is inaccessible from the management host.

Save-Config takes a list of devices as arguments and uses tftp to save their config files to a change tree.

Show-CDP-Neighbors takes a list of devices as arguments and produces a report listing those devices CDP neighbors.

Show-Standby takes a list of devices as arguments and produces a report listing information about the HSRP status of interfaces on these devices.

Show-Tunnels takes a list of devices as arguments and produces a report listing information about the IPSec tunnels terminated on these devices.

Switch-Power-Alarm watches power utilization on switches, warning if a switch exceeds a defined percentage of its power budget. Switches typically exceed their power budget if their power supplies are not sized appropriately to support their installed modules or attachedattached PoE devices.

Tunnel-Alarm takes a list of devices as arguments and queries them for IPSec-tunnel specific parameters, producing a report and e-mailing interested parties if it detects problems.

UC-Version takes a list of Communications Manager servers, and their hangers' on, and produces a report listing version numbers.

Unconf-Modules-Alarm takes list of devices as arguments and looks for ports which belong to VLAN1 or which do not have 'portfast' enabled on them or on which PoE is disabled, producing a report and e-mailing if needed.

Unity-Alarm takes a list of Cisco Unity servers as arguments, looks for various problems, produces a report -- and if it detects problems, notifies via e-mail.

Unsnooped-Vlans-Alarm takes list of devices as arguments, looks for VLANS for which DHCP snooping has not been enabled, and e-mails interested parties if it finds any.

Upgrade-IOS takes an image file name plus a list of devices as arguments and uses SNMP to upgrade the OS sitting on the devices' flash. The script has been tested on: MSFC1, MSFC2, C5KRSM, cat650x, cat450x, cisco2620, cisco3640, cisco3900, cisco7206VXR. It does not support Nexus.

Write-Mem takes a list of devices as arguments and performs the SNMP equivalent of 'copy running-config startup-config'.


Other Open Source Projects

Here are links to other sites which are hosting scripts for managing Cisco devices.

Cisco-centric Open Source Exchange Community (COSI)

Pancho


Prepared by:
Stuart Kendrick

Last modified: 2017-February-15