Recently, I was faced with a situation in which I had to add the same configuration on numerous (read 150) devices. Of course I frequently hear about using “scripts” to achieve this sort of things; in fact, I have used Python before to accomplish something similar. However, that was ages ago. so I turned to my good friend for help—Google. Search results kept pointing to the same tool, Expect, and this article is the result of that quest.

CCNA Training – Resources (Intense)CCNA Training – Resources (Intense)

Disclaimer: Expect is used for general automation of interactive processes that is more than Cisco. I do not claim to be an expert with Expect but I know just enough to get the job done for Cisco-related configuration tasks.

Installing Expect on Windows OS

Although Expect was designed to run on UNIX/Linux systems, some of us use Windows OS and so I will explain how to get Expect installed and set up on Windows OS. I have used the Expect provided by ActiveState, so that is what I will be describing here.

CCNA Training – Resources (Intense)CCNA Training – Resources (Intense)

First, you need to install the ActiveTcl community edition (free). You can visit the download page for the different ActiveTcl versions here. I discovered that version 8.6 always “stopped working” when I ran a script, so I suggest you download version 8.4 (32 bit). Installing the ActiveTcl application is a matter of “Next…Next” so I won’t bother showing that here.

Now, we need to install the Expect package. The easiest way to do this is to open a command prompt and navigate to the bin folder of the directory where you installed ActiveTcl. The default directory is usually C:\Tcl.

From that command prompt, we then issue the following: teacup install Expect. This will pull the Expect package from a URL and then install that package.

I have encountered instances where a proxy server or some other filtering device did not allow the package to be pulled successfully. In that case, you can download the Expect package from here and then install it using the teacup install <package_name> e.g. teacup install package-Expect-5.43-win32-ix86.zip.

Note: If you will be using the second method of installing Expect, remember to put the downloaded package in the bin directory of Tcl; otherwise, specify the full path location of the package file.

That’s really all you have to do to install Expect on Windows OS. Now, we can begin writing our scripts (or downloading and modifying scripts). One thing to keep in mind when running Expect scripts on Windows is that you must add the following code to the beginning of your script file:

#!/bin/sh
# \
exec tclsh "$0" ${1+"$@"}
package require Expect

Basics of Expect Scripting

The name “Expect” actually describes what the scripting language does: you send a command and tell it what to expect. Therefore, the two basic commands when writing Expect scripts are expect and send. For example, when you are in the user EXEC mode on a router (prompt is “>”) and you type the “enable” command, you expect to get a password prompt to enter the enable mode password so that you can get into privilege EXEC mode.

There are other commands, such as set, which allows us define variables and send_user, which sends information to the user’s terminal (e.g., command prompt)

Sample Script with Network Scenario

Consider the following simple topology of two routers and one host connected to one of the routers.

Note that two routers alone may not be enough justification to use automation via scripting but this is just to illustrate the concept. In the network above, we want to enable SNMP on our routers so that they can be managed by our SNMP server. We will be configuring an SNMP community string of “SNMP_COMM” and also the SNMP server host IP addresses of “192.168.56.2”.

Note: It may not be wise to use Expect to configure sensitive information like passwords and community strings, especially if you are adding those passwords/community strings directly in your script. If that script gets into the wrong hands, your sensitive information is compromised. One way around this is to store your password in another file to be read by the script. This is also insecure but better than the first. Another way would be to program the script in such a way that it asks you for such information so that you type it in when the script is run. Since I am illustrating a concept, I won’t bother about security in this article—you can go and explore the other more secure options.

Hint: You may find that there is a script to do what you are trying to achieve online so be sure to check first. For example, the script I will be using in this article was taken from here and adapted to suit my needs.

The simple script I have written (edited) to achieve this goal is as follows:

#!/bin/sh
# \
exec tclsh "$0" ${1+"$@"}
package require Expect
# ###########################################################
# This simple Expect script will login into Cisco IOS devices
# and execute SNMP commands
# ###########################################################

# Define variables
set username "cisco"
set password "cisco"

# Define all the devices to be configured (separated by spaces)
set devices "192.168.56.100 192.168.12.2"

# Main loop
foreach device $devices {
puts "Processing device: $device";

# Open a telnet session to device. I use Plink.exe to telnet
# because I find that normal telnet may not work or in case
# you don't have telnet enabled on your system. Plink is the
# command line client of Putty. You can download plink from:
# http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
spawn plink -telnet $device

# Perform authentication to login into device
# My device configuration does not require enable password
# so I will be placed in privilege EXEC mode (#) not USER mode (>)
expect "Username:"
send "$username\r"

expect "Password:"
send "$password\r"
expect "#"

# Enter global configuration mode
send "conf t\r"
expect "(config)#"

# Send SNMP configuration
send "snmp-server community SNMP_COMM\r"
expect "(config)#"
send "snmp-server host 192.168.56.2 SNMP_COMM\r"
expect "(config)#"

# Return to privilege EXEC mode
send "exit\r"
expect "#"

# Exit Telnet session
send "exit\r"
expect eof

}

Hint: Notepad++ is a great tool that supports many languages, including Tcl. From the Menu bar, select Language and navigate to T and then click on TCL.

The comments in the script should be explanatory enough. Basically, the script will telnet to a list of devices specified by IP address, execute the SNMP configuration, and then exit the session.

Before I run this script, notice that I don’t have any SNMP configuration on my routers.

To run this script, we will be using the tclsh application in the bin directory. To make it easier for me, I will save my script as snmp-config.tcl in the same bin directory so that I avoid specifying a full file path. Finally, I will also save the Plink executable in the same bin directory.

The command to execute the script is simply “tclsh snmp-config.tcl. Notice that you can see the output of the script in the terminal. This can be valuable in case an error occurs.

Now when we check our routers, we will see the SNMP configuration:

This script works well when there are no errors, but what happens when something goes wrong? For example, what if I configure R2 to only require a password instead of a username and a password?

Notice that the script encountered an error and aborted. Imagine if you have numerous devices and some of them are not properly configured to work with your script: You will have a lot of issues. Therefore, in the next article, we will be looking at handling errors in Expect.

Summary

In this article, we have discussed how to use Expect, an extension of the Tcl scripting language, to automate configuration tasks on Cisco devices. We have seen that there are two major commands to use on Expect: send and expect.

In the next article, we will be looking at error handling with Expect. I hope you have found this article useful.

Resources, References and Further Reading