Anyone who manages a network will benefit from having a plan in place to backup network device configurations. Switches, Routers, Load Balancers, Firewalls, and VPN devices all contain configurations that should have copies stored off the device itself.  By doing this, it provides a backup in case the device fails and needs to be replaced, or more commonly, a mis-configuration is performed on a device and you need to go back to where you started from.

In this example, we will use a very nice tool called Expect.  Expect has traditionally been run on Unix variants, but has also been ported to Windows.  Activestate, the company known for Perl on the Windows platform, also offers TCL for Windows – which includes Expect.  This particular article will cover the program running on the Linux platform, with the possibility of revisiting at a later date to explore whether we can run the same processes in Windows.

In today’s times, even if your a full blown Windows user, there are very easy ways to add Linux into your engineering toolbox.  This is most commonly done using Virtual technology, which is offered by multiple vendors.  The more common scenarios are to download a free ‘player’, such as the one provided by vmWare. Once you have an installed VM player, you can proceed by building a basic Linux machine from scratch (which will run on top of your Windows platform), or just download a pre-built ‘appliance’ from the vmWare website. You can easily download the latest and greatest versions of Linux, ready to run, by copying an image to your workstation, hit play on the vmPlayer, login and your ready to work!  It really is that easy!

First, let’s start with a simple expect script and then gradually move into something a little more flexible. For an Operating System, I am using Ubuntu 10.10 Server Edition. The Server Edition just installs the minimum requirements to run a linux machine with basic tools. There is no GUI in the installation, so everything is done at a command line. This keeps the footprint small, which is especially good for running inside a virtual machine like I am doing.

Ok, I am logged into the Linux machine and at a command prompt. In this example, we are going to create a very simple expect script to log into a Cisco router, that is pre-configured to allow a username and password only. After a sucessful login, we will immediately be in priviledged mode. If this is not the way your test device is setup, don’t worry – I will show you how to modify the script, following this example. The script itself contains many comments (lines preceded with the ‘#’ character), which explains what the following line accomplishes.

First, let’s create the script by typing the following command:

root@ubuntu:~/util# vi 1.exp

Once in the vi editor, press ‘i‘ to insert characters and type or paste the following commands: Note: To try this on an actual device, replace the IP address shown below (192.168.1.1) with a valid device address in your network. Also adjust the username and password (admin/cisco) as necessary for your environment.

#!/usr/bin/expect -f
#Tells interpreter where the expect program is located.  This may need adjusting according to
#your specific environment.  Type ' which expect ' (without quotes) at a command prompt
#to find where it is located on your system and adjust the following line accordingly.
#
#
#Use the built in telnet program to connect to an IP and port number
spawn telnet 192.168.1.1 23
#
#The first thing we should see is a User Name prompt
expect "User Name:"
#
#Send a valid username to the device
send "admin\n"
#
#The next thing we should see is a Password prompt
expect "Password:"
#
#Send a vaild password to the device
send "cisco\n"
#
#If the device automatically assigns us to a priviledged level after successful logon,
#then we should be at an enable prompt
expect "#"
#
#Tell the device to turn off paging
send "term length 0\n"
#
#After each command issued at the enable prompt, we expect the enable prompt again to tell us the
#command has executed and is ready for another command
expect "#"
#
#Show us the running configuration on the screen
send "show run\n"
#
#The interact command is part of the expect script, which tells the script to hand off control to the user.
#This will allow you to continue to stay in the device for issuing future commands, instead of just closing
#the session after finishing running all the commands.
interact

Once these commands have been typed, press ESC key to exit out of insert mode. Then press ‘:wq‘ to write to the file 1.exp and exit the vi editor.

If you test device requires an enable password, use this script instead (with the previous mentioned modifications):

#!/usr/bin/expect -f
#Tells interpreter where the expect program is located.  This may need adjusting according to
#your specific environment.  Type ' which expect ' (without quotes) at a command prompt
#to find where it is located on your system and adjust the following line accordingly.
#
#
#Use the built in telnet program to connect to an IP and port number
spawn telnet 192.168.1.1 23
#
#The first thing we should see is a User Name prompt
expect "User Name:"
#
#Send a valid username to the device
send "admin\n"
#
#The next thing we should see is a Password prompt
expect "Password:"
#
#Send a vaild password to the device
send "cisco\n"
#
#If the device requires us to enter an enable password, then we should currently be at a
#non-privileged prompt
expect ">"
#
#Send the command to enter enable mode
send "enable\n"
#
#We should see a prompt asking for the enable password
expect "Password:"
#
#Send the enable password
send "supercisco\n"
#We should be in privileged mode now reflected by a hash prompt
expect "#"
#
#Tell the device to turn off paging
send "term length 0\n"
#
#After each command issued at the enable prompt, we expect the enable prompt again to tell us the
#command has executed and is ready for another command
expect "#"
#
#Show us the running configuration on the screen
send "show run\n"
#
#The interact command is part of the expect script, which tells the script to hand off control to the user.
#This will allow you to continue to stay in the device for issuing future commands, instead of just closing
#the session after finishing running all the commands.
interact

Now, it is time to run our test script:

root@ubuntu:~/util# expect 1.exp

Here is a sample output:

root@ubuntu:~/util# expect 1.exp
spawn telnet 192.168.1.1 23
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

User Name:admin
Password:*****

Router#term length 0
Router#show run
Building configuration...

Current configuration : 3832 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret ****
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
no ip http server
no ip http secure-server
ip classless
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Router#

At the end of the script, we are left at the command prompt, so that we may continue interacting with the router.

In the next article, we will take the script to Version 2 (and beyond). Future enhancements include creating a separate file for all the devices and credentials, ability to use telnet or ssh for the connection, copy configurations from different vendors hardware.