Network automation with expect

You need 3 files:

  • devices.txt (where you put IP addresses of your network devices)
  • config.sh (bash script)
  • exp-config.exp (expect script)

devices.txt would look like this:

192.168.0.100
192.168.0.101
192.168.0.102

config.sh would look like this:

!/bin/bash
Feed the expect script a device list & the collected passwords
for device in cat devices.txt; do
./exp-config.exp $device ;
done

exp-config.exp would look like this:

!/usr/bin/expect -f
############## First Segment
set hostname [lindex $argv 0]
set username “USERNAME”
set password “PASSWORD”
set Directory /home/user/log-directory
#Log results
#
#uncomment to use this to log every host separately
#log_file -a $Directory/session_$hostname.log
#
#uncomment to use all logs in one file
#log_file -a logfile.log
#
############## Second Segment
Announce which device we are working on and at what time
send_user “\n”
send_user “>>>>> Working on $hostname @ [exec dateo] <<<<<\n”
send_user “>>>>> Working on $hostname @ [exec dateo] <<<<<\n”
send_user “\n”
spawn telnet $hostname
expect {
timeout { send_user “\nTimeout Exceeded – Check Host\n”; exit 1 }
eof { send_user “\nTelnet Connection To $hostname Failed\n”; exit 1 }
ser” {
send “$username\n”
expect “assword:” { send “$password\n” expect “#”
}
}
}
############## Third Segment
#show command example
#uncomment to skip “press any key to continue” or “–More–“
#send “term len 0\n”
expect “#”
send “show ip route\n”
expect “#”
#
#
#configuration example
send “conf t\n”
expect “(config)#”
send “aaa authorization commands 1 default group tacacs+ local \n”
#
send “exit\n”
expect “:~\$”
exit

source1, source2

OpenSSL error while converting .p12 to .cer

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer>

Enter Import Password:
Error outputting keys and certificates
4087C8485B7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Try adding -legacy:

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer> -legacy

FMC deploy stucked/cannot login to FMC?

  1. ssh to FMC, expert, sudo su
  2. /etc/rc.d/init.d/console restart
  3. OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “
  4. OmniQuery.pl -db mdb -e ‘delete from notification where uuid=unhex(“HEX-NUMBER-FROM-OUTPUT”);’
  5. OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “

source1, source2

ACS 5.8 to ISE 3.0 migration: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.

You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security

Tnx to stackoverflow