-
February 1st, 2009, 06:21 PM
#1
Router and FW Scripts
Hi
this is not really a security question but i am wondering if anyone has any suggestions. I work as a network engineer for an ISP. I have to configure new routers FW and switches on the daily basis. I have a certain way of configuring all of the routers and FW, that brings me to my question. Is there a way to script up the router and FW configs so that i can quickly change relevant information for a new setup. Something like a shell script, or a tcl. Basically i would like to generate a text config that i can then easily paste into the console. I am not really a programmer and i only have limited shell scripting skills on Linux based systems. I googled this extensively but i have only found TCL scripts to get the routers to do something but my aim is more to generate a config which i can then use.
----------------------------------------------------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford
-
February 1st, 2009, 07:55 PM
#2
We simply use text file template that contain a known working config, then we use FIND/REPLACE feature of text editor to make changes. You could use environment variables and shell scripts. Here's a brief example using the borne again shell...
Create a a text file (hostname.profile) that contains environment variables that you want substituted into the template router config text file (startup-cisco-template.sh).
In the config file instead of putting the literal values, put the variable names.
You "execute" the profile to set the variables.
. ./hostname.profile
Then "execute" the template and redirect the output to the router config file that you will tftp to the router.
./startup-cisco-template.sh > startup-config.txt
hostname.profile...
#!/bin/bash
#HOSTNAME="antionline.com"
#GATEWAYADDRESS="123.456.789.123"
#GWNETMASK="255.255.255.128"
#SYSLOGSERVER="10.10.10.5"
startup-cisco-template.sh...
#!/bin/bash
echo "hostname" $HOSTNAME
echo "logging" $SYSLOGSERVER
echo "!"
echo "interface Ethernet1"
echo "ip address" $GATEWAYADDRESS $GWNETMASK
echo "ip access-group 111 in"
echo " ip nat outside"
echo "ip inspect myfw out"
echo "ip virtual-reassembly"
echo "duplex auto"
echo "no cdp enable"
echo "!"
startup-config.txt...
hostname antionline.com
logging 10.10.10.5
!
interface Ethernet1
ip address 123.456.789.123 255.255.255.128
ip access-group 111 in
ip nat outside
ip inspect myfw out
ip virtual-reassembly
duplex auto
no cdp enable
!
In God We Trust....Everything else we backup.
Similar Threads
-
By n00bius in forum The Security Tutorials Forum
Replies: 10
Last Post: July 24th, 2007, 03:48 PM
-
By KuiXing-2005 in forum Network Security Discussions
Replies: 2
Last Post: April 4th, 2005, 04:44 PM
-
By thehorse13 in forum Network Security Discussions
Replies: 31
Last Post: June 8th, 2004, 08:19 AM
-
By Simo in forum Miscellaneous Security Discussions
Replies: 7
Last Post: October 28th, 2003, 03:47 PM
-
By NUKEM6 in forum Non-Security Archives
Replies: 1
Last Post: February 3rd, 2002, 11:28 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|