Results 1 to 2 of 2

Thread: Router and FW Scripts

  1. #1
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206

    Router and FW Scripts

    Hi

    this is not really a security question but i am wondering if anyone has any suggestions. I work as a network engineer for an ISP. I have to configure new routers FW and switches on the daily basis. I have a certain way of configuring all of the routers and FW, that brings me to my question. Is there a way to script up the router and FW configs so that i can quickly change relevant information for a new setup. Something like a shell script, or a tcl. Basically i would like to generate a text config that i can then easily paste into the console. I am not really a programmer and i only have limited shell scripting skills on Linux based systems. I googled this extensively but i have only found TCL scripts to get the routers to do something but my aim is more to generate a config which i can then use.
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  2. #2
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    We simply use text file template that contain a known working config, then we use FIND/REPLACE feature of text editor to make changes. You could use environment variables and shell scripts. Here's a brief example using the borne again shell...

    Create a a text file (hostname.profile) that contains environment variables that you want substituted into the template router config text file (startup-cisco-template.sh).
    In the config file instead of putting the literal values, put the variable names.
    You "execute" the profile to set the variables.

    . ./hostname.profile

    Then "execute" the template and redirect the output to the router config file that you will tftp to the router.

    ./startup-cisco-template.sh > startup-config.txt


    hostname.profile...
    #!/bin/bash
    #HOSTNAME="antionline.com"
    #GATEWAYADDRESS="123.456.789.123"
    #GWNETMASK="255.255.255.128"
    #SYSLOGSERVER="10.10.10.5"

    startup-cisco-template.sh...
    #!/bin/bash
    echo "hostname" $HOSTNAME
    echo "logging" $SYSLOGSERVER
    echo "!"
    echo "interface Ethernet1"
    echo "ip address" $GATEWAYADDRESS $GWNETMASK
    echo "ip access-group 111 in"
    echo " ip nat outside"
    echo "ip inspect myfw out"
    echo "ip virtual-reassembly"
    echo "duplex auto"
    echo "no cdp enable"
    echo "!"

    startup-config.txt...
    hostname antionline.com
    logging 10.10.10.5
    !
    interface Ethernet1
    ip address 123.456.789.123 255.255.255.128
    ip access-group 111 in
    ip nat outside
    ip inspect myfw out
    ip virtual-reassembly
    duplex auto
    no cdp enable
    !
    In God We Trust....Everything else we backup.

Similar Threads

  1. Cisco Router Enumeration
    By n00bius in forum The Security Tutorials Forum
    Replies: 10
    Last Post: July 24th, 2007, 03:48 PM
  2. Auditing Routers: The Checklist - Looking for Feeback
    By KuiXing-2005 in forum Network Security Discussions
    Replies: 2
    Last Post: April 4th, 2005, 04:44 PM
  3. Linksys Router Owners - HEADS UP!
    By thehorse13 in forum Network Security Discussions
    Replies: 31
    Last Post: June 8th, 2004, 08:19 AM
  4. anyone want to help me with some cisco hw?
    By Simo in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: October 28th, 2003, 03:47 PM
  5. how to hack cisco a router... wow
    By NUKEM6 in forum Non-Security Archives
    Replies: 1
    Last Post: February 3rd, 2002, 11:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •