Basic VTP

VTP stands for VLAN Trunk Protocol.  VTP is used to propagate VLAN cconfiguration. VTP advertisements are multicasted. They are sent every 5 minutes or whenever there is a change in VLAN configuration. VTP revision number is included in these advertisements. Whenever a client receives a VTP advertisement with a higher revision number, the client will update its vlan configuration with the vlan information being advertised.

There are 3 modes:

  1. Server
  2. Client
  3. Transparent

VLAN cannot be edited on a switch operating as a client.

VLAN can be edited on a switch operating as a server. This information is propagated to the switches operating as clients.

VLAN can be edited on a switch operating in transparent mode. However, these changes are not propagated. Switches operating in transparent mode do not update their configuration based on advertisements from the switch operating in server mode. All change are local for a switch operating in transparent mode.

 

Basic DHCP Configuration

This is a simple DHCP configuration on a Layer 3 Switch:

SW1(config)# ip dhcp excluded-address 10.10.10.1

SW1(config)# ip dhcp pool VLAN20POOL

SW1(dhcp-config)# network 10.10.10.0 255.255.255.0

SW1(dhcp-config)# default-router 10.10.10.1

SW1(dhcp-config)# lease 2

Lease is in hours. Default-router IP indicates the default hop for the 10.10.10.0/24 network. The excluded-address will not be available to the DHCP client hosts.

DHCP negotiation utilizes the following DHCP messages:

DISCOVER – Broadcast – Client to Server

OFFER – Unicast – Server to Client

REQUEST – Broadcast – Client to Server

ACK – Unicast – Server to Client

Cisco Nexus – Ping Sweep

The following script can be utilized to execute a ping sweep of a /24 network on Cisco Nexus switch. This has been tested and verified on Cisco Nexus 7K running 6.2.8a code version.

Actual script:

tclsh
for {set i 1} {$i < 255} {incr i} {
cli "ping 192.168.1.$i count 2 time 1 vrf VRF_A"
}

Script execution on a Cisco Nexus 7000 switch:

N7K_SW1# tclsh
N7K_SW1-tcl# for {set i 1} {$i < 255} {incr i} {  
> cli "ping 192.168.1.$i count 2 time 1 vrf VRF_A"
> }

Ansible – Config Generator III

For Part I & Part II of this series.

The goal of this playbook is to be able to generate unique configuration for each switch. In this case, we are configuring a port to work as an access-port for a specific vlan. The port and vlan variable is different for each switch.

config-gen.yml

---
- hosts: 127.0.0.1
  connection: local
  gather_facts: no

  tasks:
  - name: GET DATA
    include_vars: ./host_vars/file.yml

  - name: GENERATE CONFIG
    template:
      src: ./templates/accessvlan.j2
      dest: ./config-output/{{ item.switch }}.conf
    with_items: "{{ file_vlan }}"

file.yml

---
file_vlan:
- { switch: switch-1, port: Gi1/8,  vlan: 395 }
- { switch: switch-1, port: Gi1/23, vlan: 388 }
- { switch: switch-2, port: Gi1/8,  vlan: 395 }
- { switch: switch-2, port: Gi1/23, vlan: 388 }
- { switch: switch-3, port: Gi1/9,  vlan: 395 }
- { switch: switch-3, port: Gi1/24, vlan: 388 }
- { switch: switch-4, port: Gi1/9,  vlan: 395 }
- { switch: switch-4, port: Gi1/24, vlan: 388 }

accessvlan.j2

{% for grouper, host in file_vlan|groupby('switch') %}
{% if item.switch == grouper %}
{% for item in host %}            
int {{ item.port }}                   
switchport access vlan {{ item.vlan }}
{% endfor %}
{% endif %}
{% endfor %}

When the “config-gen.yml” playbook is executed:

ansible-playbook config-gen.yml

we get the following output files:

~/ansible_play/config-output$ cat switch-1.conf 
            
int Gi1/1                   
switchport access vlan 195
            
int Gi1/10                   
switchport access vlan 188
 
~/ansible_play/config-output$ cat switch-2.conf 
            
int Gi1/2                   
switchport access vlan 295
            
int Gi1/20                   
switchport access vlan 288
 
~/ansible_play/config-output$ cat switch-3.conf 
            
int Gi1/3                   
switchport access vlan 395
            
int Gi1/30                   
switchport access vlan 388
 
~/ansible_play/config-output$ cat switch-4.conf 
            
int Gi1/4                   
switchport access vlan 495
            
int Gi1/40                   
switchport access vlan 488

Identifying the Right Module – Cisco Nexus

N7K.LON# locator-led ?
chassis               Blink chassis led
fan                      Blink Fan led
module              Blink module led
powersupply   Blink powersupply led
xbar                   Xbar

When you are in a remote location and the data center tech can’t identify the right module, “locator-led” command in Nexus 7000 can be used to identify the right module. In other platforms, “blink” command is utilized.

Automating Cisco Switch Changes

Recently, I was involved in a project to re-architect the VLANs for 1000+ Servers. The idea was to move about 1000+ servers to their new VLANs in batches of about 250 servers. This process involved creating:

  • New VLANs
  • Configuring the ports of multiple switches

Each server was dual-homed to 2 switches (odd & even switches – switch1 & switch2) in different cabinets for redundancy. Some of the batches required making changes to 100+ switches at a time.

I used the following scripts to make the changes:

  • Bash Script to obtain the TACACS username/password in order to log into the switch.
  • Expect Script to create new VLANs.
  • Expect Script to configure the ports.

This is the bash script that is utilized to obtain the TACACS username/password from the user and to  log into each switch in the “switch-list.txt”. “switch-list.txt” is a normal file that contains the list of switches that require configuration changes.

VLAN Configuration Changes:

  1. Create a list of switches that needs to be changed. I utilized “vi” edit tool to open up a file “switch-list.txt” and paste the list of switch names. You can also use the IP addresses of the switches.

Example of switch-list.txt:


 $ cat switch-list.txt
 switch1
 switch2
 switch3
 switch4
 

2. Create a bash script that will use the “switch-list.txt” file, obtain the username/password from the user and utilize the VLANConfig.exp expect script to create VLANs in the switches in the “switch-list.txt” file.


 #!/bin/bash
 # Collect the current user's ssh and enable passwords
 echo -n "Enter the SSH password for $(whoami) "
 read -s -e password
 echo -ne '\n'
 echo -n "Enter the Enable password for $(whoami) "
 read -s -e enable
 echo -ne '\n'
 # Feed the expect script a device list & the collected passwords
 for device in `cat ~/switch-list.txt`; do
 ./VLANConfig.exp $device $password $enable ;
 done
 

3. This “VLANConfig.exp” Expect Script will create the right VLANs and this expect script is utilized in the bash script.


#!/usr/bin/expect -f
# Set variables
 set hostname [lindex $argv 0]
 set username $env(USER)
 set password [lindex $argv 1]
 set enablepassword [lindex $argv 2]
# Log results
 log_file -a ~/results-VLAN1300.log
# Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
 send "enable\n"
 expect "*assword"
 send "$enablepassword\n"
 expect "*#"
 }
 }
# Configuration Changes
 send "conf t\n"
 expect "(config)#"
 send "vlan 1300\n"
 expect "(config-vlan)#"
 send "name VLAN-WEB-1300\n"
 expect "(config-vlan)#"
 send "end\n"
 expect "#"
 send "write mem\n"
 expect "#"
 send "exit\n"
 expect ":~\$"
 exit

PORT Configuration Changes:

  1. This is the bash script that is utilized to collect the username/password and feed it to the expect script that will change the ports.

 #!/bin/bash
 # Collect the current user's TELNET and enable passwords
 echo -n "Enter the TELNET password for $(whoami) "
 read -s -e password
 echo -ne '\n'
 echo -n "Enter the Enable password for $(whoami) "
 read -s -e enable
 echo -ne '\n'
 # Feed the expect script passwords
 ./PORTConfig.exp $password $enable

2. This “PORTConfig.exp” Expect Script will change the relevant ports. In this script, the array contains the switch name and the ports that needs to be changed.


#!/usr/bin/expect -f
# Set variables
 set username $env(USER)
 set password [lindex $argv 0]
 set enablepassword [lindex $argv 1]
# Log results
 log_file -a ~/results-port.log
#Add switch & interfaces
 array set interface {
 switch1 "int range g1/3"
 switch2 "int range g1/3"
 switch3 "int range g1/6, g1/8, g1/10, g1/12"
 switch4 "int range g1/6, g1/8, g1/10, g1/12"
 }
foreach hostname [array names interface] {
 # Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>> Working on $hostname @ [exec date] <<<<" {
 send "enable\n"
 expect "*assword"
 send "$enablepassword\n"
 expect "*#"
 }
 }
# Configuration Changes
 send "conf t\n"
 expect "(config)#"
 send "$interface($hostname)\n"
 expect "(config-if-range)#"
 send "switchport access vlan 1300\n"
 expect "(config-if-range)#"
 send "end\n"
 expect "#"
 send "write mem\n"
 expect "#"
 send "exit\n"
 expect ":~\$"
 }
 exit

Reference: Blog