Introduction Netmiko has support of textfsm, however it does not have every template to help the matching, to learn how to use textfsm is useful in this situation which you can create your own template without overly rely on module's limited template. TextFSM is created by google, it provides easier and more structured way of … Continue reading [python]Use TextFSM to easily get objects you need from unstructured data.
Introduction Nornir is a framework for network automation, it gels popular automation tools such as napalm, netmiko, paramiko and Ansible. However I could not find good examples on how to parse the result if I use show access-list with netmiko_send_command during task.run. There is a built in print_result() function which shows the status and output … Continue reading [python]How to capture results with nornir
Introduction On previous few posts, the ACL was push to the cisco asa with Nornir, but there was limitation that is only one source ip, one destination ip and one service are allowed, if there is more than one in any of these then only one rule is pushed. But there will be a number … Continue reading [python]Improve on ACL template.
Introduction Nornir is a framework for network automation, it gels netmiko, paramiko, ansible, yaml, ansible, napalm, netconf together, this is a must have package for doing network automation and it is not too difficult to learn. There will be time when specific configuration is for specific device in the inventory, in order to push to … Continue reading [python]Filter inventory – Nornir
I created an asa library which contains functions require to perform some asa operations, this is not a complete set, there are some sets which I have not tested yet, the below functions are all tested and working.
Introduction I am testing some functions for sending configuration over to cisco asa with netmiko. Netmiko support sending commands and sending commands as a set. In order to deliver the command as a set Jinja2 template engine is used to fill up the variables of the template. The purpose of this post is to record … Continue reading [python]Configuring cisco asa
I am using Cisco ASAv asa992-smp-k8.bin Generate RSA from Centos ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa. Then I get the contents of cisco_id_rsa.pub. Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion. On … Continue reading [cisco]Public key authentication on Cisco ASA
Introduction I came across this hashcorp vault which is a vault I need for storing network equipment credentials. There is an enterprise version and free version, the free version can be downloaded here. Hashicorp Vault has API for accessing the data stored in the vault, after the hashicorp vault is initialized 5 keys and 1 … Continue reading Set up Hashicorp Vault
For this lab I am using Firepower Threat Defence version 6.3 (FTD) and Firepower Management Center 6.3 (FMC). The FTD is a next generation firewall that does IPS/IDS, URL filtering and traditional firewall, the FTD itself can be managed individually with its own FTD manager, however it can also be managed with FMC. The IPS/IDS … Continue reading [cisco]Cisco Firepower lab setup
Regular expression reference Purchase the course by Sujith George The Complete Regular Expressions Course:Beginner to Advanced from Udemy Study this code from git hub, this code gives a good idea on how you should match access-list, from this course I realize the regex module can convert the matched data to dictionary. Read this documentation about … Continue reading [python]Match most of the Cisco ASA access list patterns with regular expression