-
Router and FW Scripts
Hi
this is not really a security question but i am wondering if anyone has any suggestions. I work as a network engineer for an ISP. I have to configure new routers FW and switches on the daily basis. I have a certain way of configuring all of the routers and FW, that brings me to my question. Is there a way to script up the router and FW configs so that i can quickly change relevant information for a new setup. Something like a shell script, or a tcl. Basically i would like to generate a text config that i can then easily paste into the console. I am not really a programmer and i only have limited shell scripting skills on Linux based systems. I googled this extensively but i have only found TCL scripts to get the routers to do something but my aim is more to generate a config which i can then use.
-
We simply use text file template that contain a known working config, then we use FIND/REPLACE feature of text editor to make changes. You could use environment variables and shell scripts. Here's a brief example using the borne again shell...
Create a a text file (hostname.profile) that contains environment variables that you want substituted into the template router config text file (startup-cisco-template.sh).
In the config file instead of putting the literal values, put the variable names.
You "execute" the profile to set the variables.
. ./hostname.profile
Then "execute" the template and redirect the output to the router config file that you will tftp to the router.
./startup-cisco-template.sh > startup-config.txt
hostname.profile...
#!/bin/bash
#HOSTNAME="antionline.com"
#GATEWAYADDRESS="123.456.789.123"
#GWNETMASK="255.255.255.128"
#SYSLOGSERVER="10.10.10.5"
startup-cisco-template.sh...
#!/bin/bash
echo "hostname" $HOSTNAME
echo "logging" $SYSLOGSERVER
echo "!"
echo "interface Ethernet1"
echo "ip address" $GATEWAYADDRESS $GWNETMASK
echo "ip access-group 111 in"
echo " ip nat outside"
echo "ip inspect myfw out"
echo "ip virtual-reassembly"
echo "duplex auto"
echo "no cdp enable"
echo "!"
startup-config.txt...
hostname antionline.com
logging 10.10.10.5
!
interface Ethernet1
ip address 123.456.789.123 255.255.255.128
ip access-group 111 in
ip nat outside
ip inspect myfw out
ip virtual-reassembly
duplex auto
no cdp enable
!