In [1]:
%%html
<style>
h1, h2, h3, h4, h5 {
    color: darkblue;
    font-weight: bold !important;
}
h2 {
    border-bottom: 8px solid darkblue !important;
    padding-bottom: 8px;
}
h3 {
    border-bottom: 2px solid darkblue !important;
    padding-bottom: 6px;
}
.info, .success, .warning, .error {
    border: 1px solid;
    margin: 10px 0px;
    padding:15px 10px;
}
.info {
    color: #00529b;
    background-color: #bde5f8;
}
.success {
    color: #4f8a10;
    background-color: #dff2bf;
}
.warning {
    color: #9f6000;
    background-color: #FEEFB3;
}
.error {
    color: #D8000C;
    background-color: #FFBABA;
}
.language-bash {
    font-weight: 900;
}
.ex {
    font-weight: 900;
    color: rgba(27,27,255,0.87) !important;
}
.mn {
    font-family: Menlo, Consolas, "DejaVu Sans Mono", monospace
}
table {
    margin-left: 0 !important;}
</style>

# Day 3: Up and Running with Python

## 3.3 Netmiko

-   Most modern network devices support REST APIs but there are still many legacy network devices that could not be replaced easily.  Network engineers have to use CLI via SSH, telnet or serial interfaces to connect to those devices.  Netmiko is an open source library to automatate interface via CLI, telnet or serial[<sup>1</sup>](#fn1) to those devices.

-   Netmiko is a multi-vendor network automation library for Python.
-   It support SSH (via Paramiko library) and Telnet connection
-   It provides the following features:
    -   Establish SSH/Telnet connection to network device(s)
    -   Establish SSH connection via proxy SSH server
    -   Execution of show commands and retrieval of output data
    -   Execution of configuration commands
    
<span id="fn1">**1**:</span> Telnet and serial are not available in some more popular network devices.
    
### Installation

```bash
pip install netmiko
python -c "import netmiko; print(netmiko.__version__)"
```

In [3]:
import netmiko

netmiko.Netmiko??

[1;31mSignature:[0m [0mnetmiko[0m[1;33m.[0m[0mNetmiko[0m[1;33m([0m[1;33m*[0m[0margs[0m[1;33m,[0m [1;33m**[0m[0mkwargs[0m[1;33m)[0m[1;33m[0m[1;33m[0m[0m
[1;31mSource:[0m   
[1;32mdef[0m [0mConnectHandler[0m[1;33m([0m[1;33m*[0m[0margs[0m[1;33m,[0m [1;33m**[0m[0mkwargs[0m[1;33m)[0m[1;33m:[0m[1;33m
[0m    [1;34m"""Factory function selects the proper class and creates object based on device_type."""[0m[1;33m
[0m    [1;32mif[0m [0mkwargs[0m[1;33m[[0m[1;34m"device_type"[0m[1;33m][0m [1;32mnot[0m [1;32min[0m [0mplatforms[0m[1;33m:[0m[1;33m
[0m        [1;32mraise[0m [0mValueError[0m[1;33m([0m[1;33m
[0m            [1;34m"Unsupported device_type: "[0m[1;33m
[0m            [1;34m"currently supported platforms are: {}"[0m[1;33m.[0m[0mformat[0m[1;33m([0m[0mplatforms_str[0m[1;33m)[0m[1;33m
[0m        [1;33m)[0m[1;33m
[0m    [0mConnectionClass[0m [1;33m=[0m [0mssh_dispatcher[0m[1;33m([0m[0

In [4]:
netmiko.BaseConnection??

[1;31mInit signature:[0m
[0mnetmiko[0m[1;33m.[0m[0mBaseConnection[0m[1;33m([0m[1;33m
[0m    [0mip[0m[1;33m=[0m[1;34m''[0m[1;33m,[0m[1;33m
[0m    [0mhost[0m[1;33m=[0m[1;34m''[0m[1;33m,[0m[1;33m
[0m    [0musername[0m[1;33m=[0m[1;34m''[0m[1;33m,[0m[1;33m
[0m    [0mpassword[0m[1;33m=[0m[1;32mNone[0m[1;33m,[0m[1;33m
[0m    [0msecret[0m[1;33m=[0m[1;34m''[0m[1;33m,[0m[1;33m
[0m    [0mport[0m[1;33m=[0m[1;32mNone[0m[1;33m,[0m[1;33m
[0m    [0mdevice_type[0m[1;33m=[0m[1;34m''[0m[1;33m,[0m[1;33m
[0m    [0mverbose[0m[1;33m=[0m[1;32mFalse[0m[1;33m,[0m[1;33m
[0m    [0mglobal_delay_factor[0m[1;33m=[0m[1;36m1[0m[1;33m,[0m[1;33m
[0m    [0muse_keys[0m[1;33m=[0m[1;32mFalse[0m[1;33m,[0m[1;33m
[0m    [0mkey_file[0m[1;33m=[0m[1;32mNone[0m[1;33m,[0m[1;33m
[0m    [0mpkey[0m[1;33m=[0m[1;32mNone[0m[1;33m,[0m[1;33m
[0m    [0mpassphrase[0m[1;33m=[0m[1;32mNone[0m[1;33m,[0m[1;3

### Documentation

-   There are many parameters and new ones may be added in the later release. We normally only need a few of them. Do read the docstring to find out more about the parameters.


-   **`device_type`** indicates the type of network device types that Netmiko is connected to.
    The list of supported device types are found in [`ssh_dispatcher.py`](https://github.com/ktbyers/netmiko/blob/e4669fa7b73660c1ecb2874ee2f66c71cf840691/netmiko/ssh_dispatcher.py).
    -   Common device types supporting ssh login include:
        -   `arista_eos`
        -   `cisco_saos`, `cisco_asa`, `cisco_ios`, `cisco_nxos`, `cisco_s300`, `cisco_tp`, `cisco_tp`, `cisco_wlc`, `cisco_xe`, `cisco_xr`
        -   `f5_ltm`, `f5_tmsh`, `f5_linux`
        -   `fortinet`
        -   `hp_comware`, `hp_procurve`
        -   `huawei`, `huawei_vrpv8`,
        -   `juniper`, `juniper_junos`
    -   Common device types supporting file transfer include:
        -   `arista_eos`
        -   `cisco_asa`, `cisco_ios`, `cisco_nxos`, `cisco_xe`, `cisco_xr`
        -   `juniper_junos`
        -   `linux`
    -   Common device types supporting telnet include:
        -   `apresia_aeos_telnet`
        -   `arista_eos_telnet`
        -   `cisco_ios_telnet`
        -   `hp_procurve_telnet`, `hp_comware_telnet`
        -   `juniper_junos_telnet`
        -   `huawei_telnet`
    -   Common device types supporting serial include:
        -   `cisco_ios_serial`
    -   Common device types supporting ssh terminal server include:
        -   `terminal_server`
        -   `autodetect`

<span class="ex">Example: <span class='mn'>send_command()</span></span>

In [12]:
from netmiko import Netmiko
from getpass import getpass

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password=getpass(),              # class
    device_type='cisco_ios',
    verbose=True,
    secret='class'
)

output = device.send_command("show ip int brief")
print(output)

Enter IP address:  192.168.99.2
 ·····


SSH connection established to 192.168.99.2:22
Interactive SSH session established
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  administratively down down    
Vlan99                 192.168.99.2    YES NVRAM  up                    up      
FastEthernet0/1        unassigned      YES unset  down                  down    
FastEthernet0/2        unassigned      YES unset  down                  down    
FastEthernet0/3        unassigned      YES unset  down                  down    
FastEthernet0/4        unassigned      YES unset  down                  down    
FastEthernet0/5        unassigned      YES unset  down                  down    
FastEthernet0/6        unassigned      YES unset  up                    up      
FastEthernet0/7        unassigned      YES unset  down                  down    
FastEthernet0/8        unassigned      YES unset  down                  down    
FastEthernet0/9        unas

**Available command from device**

In [7]:
print(dir(device))

['RESPONSE_RETURN', 'RETURN', 'TELNET_RETURN', '__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__enter__', '__eq__', '__exit__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_autodetect_fs', '_build_ssh_client', '_connect_params_dict', '_first_line_handler', '_lock_netmiko_session', '_modify_connection_params', '_open', '_read_channel', '_read_channel_expect', '_read_channel_timing', '_sanitize_output', '_session_locker', '_session_log_close', '_session_log_fin', '_test_channel_read', '_timeout_exceeded', '_try_session_preparation', '_unlock_netmiko_session', '_use_ssh_config', '_write_channel', '_write_session_log', 'allow_agent', 'allow_auto_change', 'alt_host_keys', 'alt_key_file', 'ansi_escape_codes', 'auth_timeout', 'banner_timeout', 'base_pr

### Unexpected Command Prompt

The above command works because the command prompt after execution of the command is expected.

However, when the command asks for input or generate other non-expected text, the missing "expected-prompt" will cause the function `send_command()` fails.

For example, if we executes the following command via `send_command()`:

<pre>
<span class='ex'>copy flash:/c880data-universalk9-mz.154-2.T1.bin flash:/test1.bin</span>
</pre>

The output of this command looks as follows (on the router's CLI):

<pre>
<span class='ex'>
# copy flash:/c880data-universalk9-mz.154-2.T1.bin flash:/test1.bin
Destination filename [test1.bin]? 
Copy in progress...CCCCCCCCCCCCCCCCCCCC
...   [large number of C's omitted]
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
42628912 bytes copied in 143.676 secs (296702 bytes/sec)
</span>
</pre>

In this case, we could use the `'expect_string'` argument to `send_command()`, which tells Netmiko what to look for in the output.

<span class='ex'>Example: Use <span class='mn'>expect_string</span> to end expected command completion</span>

In [None]:
from netmiko import Netmiko
from getpass import getpass

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password='class',
    device_type='cisco_ios',
    verbose=False,
    secret='class'
)

cmd = 'copy flash:/c880data-universalk9-mz.154-2.T1.bin flash:/test1.bin'

output = device.send_command(
    cmd,
    expect_string=r'Destination filename'
)
try:
    output += device.send_command('\n', expect_string=r'#')
except:
    pass
finally:
    device.disconnect()
    print(output)

### Longer Command Response Time

-   Some commands may take longer to return. We could use `delay_factor` to let Netmiko to wait longer.


-   `delay_factor` is an argument to `send_command()`, which multiple existing timeout.

<span class='ex'>Example: Use <span class='mn'>delay_factor</span> to increase command response time</span>

In [None]:
from netmiko import Netmiko
from getpass import getpass

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password='class',
    device_type='cisco_ios'
    verbose=False,
    secret='class'
)

output = device.send_command(
    "show ip int brief",
    delay_factor=2
)
device.disconnect()
print(output)

-   We could also use `global_delay_factor` which multiple **ALL** timeout.

<span class='ex'>Example: Use <span class='mn'>global_delay_factor</span> to increase all response time</span>

In [10]:
from netmiko import Netmiko
from getpass import getpass

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password='class',
    device_type='cisco_ios',
    verbose=False,
    secret='class'
    global_delay_factor=2
)

output = device.send_command("show run")
device.disconnect()
print(output)

Enter IP address:  192.168.99.2
 ·····


Building configuration...

Current configuration : 3369 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S0
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xGd.$hw0bSk2IJ6YHvxQ1l8MBu1
!
username admin privilege 15 secret 5 $1$75ik$vGlB0QFiczaSL4VU05J870
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
ip domain-name Singtel.com
!
!
crypto pki trustpoint TP-self-signed-821044096
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-821044096
 revocation-check none
 rsakeypair TP-self-signed-821044096
!
!
crypto pki certificate chain TP-self-signed-821044096
!
!
!
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 

<span class='ex'>Example: Save command output to file</span>

In [11]:
from netmiko import Netmiko
from getpass import getpass

outputfile = 'cisco.log'

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password='class',
    device_type='cisco_ios',
    secret='class',                  # privilege password
    verbose=False,
    global_delay_factor=1,
)

cmds = [
    'show run',
    'show int',
    'show ip int'
]

with open(outputfile, 'w') as f:
    for cmd in cmds:
        f.write(device.send_command(cmd))

device.disconnect()

Enter IP address:  192.168.99.2
 ·····


<span class='ex'>Example: Use <span class='mn'>send_config_set()</span> to send configuration commands</span>

In [18]:
from netmiko import Netmiko
from getpass import getpass

outputfile = 'cisco.log'

device = Netmiko(
    ip=input('Enter IP address: '),  # 192.168.99.2
    username='admin',
    password='class',
    device_type='cisco_ios',
    secret='class',                  # privilege password
    verbose=True,
    global_delay_factor=1,
)
device.enable()

cfg_commands = [
    'no logging console',              # Disable console logging
    'logging buffered 64000',          # Configure 64 kb logging buffer
    'logging buffered informational',  # Access-list violation logging    
]

output = device.send_config_set(cfg_commands)

device.disconnect()

with open(outputfile, 'w') as f:
    f.write(output)

Enter IP address:  192.168.99.2
 ·····


SSH connection established to 192.168.99.2:22
Interactive SSH session established


<span class='ex'>Example: Use <span class='mn'>send_config_from_file()</span> to send configuration commands from file</span>

In [19]:
%%file ./console_logging.txt
logging buffered 8000
logging console

Writing ./console_logging.txt


In [20]:
from netmiko import Netmiko
from getpass import getpass

output = 'cisco.log'
config = 'console_logging.txt'

devcfg = {
    'ip'                 : input('Enter IP address: '),  # 192.168.99.2
    'username'           : 'admin',
    'password'           : getpass(),
    'device_type'        : 'cisco_ios',
    'secret'             : 'class',
    'verbose'            : False,
    'global_delay_factor': 1
}

device = Netmiko(**devcfg)
device.enable()

cfg_commands = {
    'no logging console',              # Disable console logging
    'logging buffered 64000',          # Configure 64 kb logging buffer
    'logging buffered informational',  # Access-list violation logging    
}

output = device.send_config_from_file(config)

device.disconnect()

with open(outputfile, 'w') as f:
    f.write(output)

Enter IP address:  192.168.99.2
 ·····


## netmiko_tools

-   The author of netmiko has written [3 scripts](
https://github.com/ktbyers/netmiko_tools/tree/master/netmiko_tools) to faclitate common network automation commands, without writing any Python code:

    1.  `netmiko-show`
    1.  `netmiko-grep`
    1.  `netmiko-cfg`

-   These scripts uses GNU grep.  You may download a Windows binary from [here](http://gnuwin32.sourceforge.net/packages/grep.htm).  *You may want to use a virus scanner to scan for virus or trojan house in these binaries. I normally use [Virus Total].(https://www.virustotal.com/#/home/upload)*


-   You may modify these scripts to refer to a local copy of `./grep.exe`

```Bash
GREP = '/bin/grep'
if os.name == 'nt':
    GREP = r'C:\MyLesson\NAWP\netmiko_tools\grep.exe'
elif not os.path.exists(GREP):
    GREP = '/usr/bin/grep'
NETMIKO_BASE_DIR = '~/.netmiko'
ERROR_PATTERN = "%%%failed%%%"
__version__ = '0.1.0'
```


-   These scripts will look for `.netmiko.yml` in the current directory or user's home directory for network devices.


-   A sample of `.netmiko.yml` is shown below.

In [22]:
%%file .netmiko.yml
---
# Device connection information
web01:
    ip         : 192.168.99.2
    username   : admin
    password   : class
    device_type: cisco_ios
    secret     : class

web02:
    ip         : 192.168.99.3
    username   : admin
    password   : class
    device_type: cisco_ios
    secret     : class

web03:
    ip         : 192.168.99.4
    username   : admin
    password   : class
    device_type: cisco_ios
    secret     : class
        
# Lists of groups of devices:
cisco:
    - web01
    - web02

san:
    - web02
    - web03
    
all:
    - web01
    - web02
    - web03

Writing .netmiko.yml


<span class='ex'>Example: <span class='mn'>netmiko-show.py</span></span>

In [23]:
!python ./netmiko_tools/netmiko-show.py --cmd "sh ver" cisco

web01.txt:Cisco IOS Software, C2960 Software (C2960-LANLITEK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
web01.txt:Technical Support: http://www.cisco.com/techsupport
web01.txt:Copyright (c) 1986-2014 by Cisco Systems, Inc.
web01.txt:Compiled Wed 09-Apr-14 03:40 by prod_rel_team
web01.txt:ROM: Bootstrap program is C2960 boot loader
web01.txt:BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44r)SE4, RELEASE SOFTWARE (fc1)
web01.txt:S0 uptime is 7 hours, 6 minutes
web01.txt:System returned to ROM by power-on
web01.txt:System image file is "flash:c2960-24-TC-S-lanlitek9-mz.150-2.SE6.bin"
web01.txt:This product contains cryptographic features and is subject to United
web01.txt:States and local country laws governing import, export, transfer and
web01.txt:use. Delivery of Cisco cryptographic products does not imply
web01.txt:third-party authority to import, export, distribute or use encryption.
web01.txt:Importers, exporters, distributors and users are responsible for
web01.txt:c

In [None]:
!python ./netmiko_tools/netmiko-show.py --cmd "sh ver" web02

In [27]:
!python ./netmiko_tools/netmiko-grep.py --cmd "sh ip int" "administratively down" web02

Vlan1 is administratively down, line protocol is down


In [28]:
!python ./netmiko_tools/netmiko-cfg.py --cmd "logging buffered 64000" web02

config term
Enter configuration commands, one per line.  End with CNTL/Z.
S1(config)#logging buffered 64000
S1(config)#end
S1#
