🥥 💅🏽 👩🏻‍🤝‍👨🏿 Automate input to SecureCRT using scripts 🎡 👧🏽 🛃

Network engineers often have the task of copying / pasting certain fragments from notepad to the console. Usually, you have to copy a few parameters: Username / Password and something else. The use of scripts allows you to speed up this process. BUT tasks of script writing and script execution in total should take less time than manual configuration, otherwise scripts are useless.

What is this article for? This article is from the Fast Start cycle and aims to save time for network engineers when setting up equipment (one task) on multiple devices. It uses SecureCRT software and built-in script execution functionality.

Introduction

A script execution engine is built into the SecureCRT program out of the box. Why do we need scripts in the terminal:

Automated input and output, and minimal check of input / output correctness.
To speed up the performance of routine tasks - reducing pauses between equipment setup. (De facto reduction of pauses caused by the time for copy / past actions on the same equipment, with 3 or more fragments of commands for use on the equipment.)

This document describes the tasks:

Creating simple scripts.
Running scripts on SecureCRT.
Examples of using simple and advanced scripts. (Practice from real life.)

Creating simple scripts.

The simplest scripts use only two Send and WaitForString commands. This functionality is enough for 90% (or more) of tasks performed.

Scripts can work in Python, JS, VBS (Visual Basic), Perl, etc.

Python

# $language = "Python"
# $interface = "1.0"
def main():
  crt.Screen.Synchronous = True
  crt.Screen.Send("\r")
  crt.Screen.WaitForString("name")
  crt.Screen.Send("admin\r")
  crt.Screen.WaitForString("Password:")
  crt.Screen.Send("Password")
  crt.Screen.Synchronous = False
main()

Usually a file with the extension "* .py"

Vbs

# $language = "VBScript"
# $interface = "1.0"
Sub Main
  crt.Screen.Synchronous = True
  crt.Screen.Send vbcr
  crt.Screen.WaitForString "name"
  crt.Screen.Send "cisco" & vbcr
  crt.Screen.WaitForString "assword"
  crt.Screen.Send "cisco" & vbcr
  crt.Screen.Synchronous = False
End Sub

Usually a file with the extension "* .vbs"

Creating a script by writing a script.

Allows you to automate the process of writing a script. You start the script recording. SecureCRT records the commands and the subsequent response of the equipment and displays a ready-made script.

and. Run script recording:
Menu SecureCRT => Script => Start Recording Script
b. Perform actions with the console (perform configuration steps in the CLI).
at. To finish recording the script:
Menu SecureCRT => Script => Stop Recording Script ...
Save the file with the script.

Example of executed commands and saved script:

Running scripts on SecureCRT.

After creating / editing the script, a logical question arises: How to apply the script?
There are several ways:

Manual start from the Script menu
Automatic start after connection (logon script)
Automatic logon without using a script
Manual start using a button in SecureCRT (a button has yet to be created and added to SecureCRT)

Manual start from the Script menu

SecureCRT menu => Script => Run ...
- The last 10 scripts are remembered and are available for quick launch:
SecureCRT menu => Script => 1 “Script file name”
SecureCRT menu => Script => 2 “Script file name”
SecureCRT menu => Script => 3 “File name with script”
Menu SecureCRT => Script => 4 “File name with script”
Menu SecureCRT => Script => 5 “File name with script”

Automatic start after connection (logon script)

The settings for the automatic logging script are configured for the saved session: Connection => Logon Actions => Logon script

Automatic logon without using a script

It is possible to automatically enter a password username without writing a script using only the built-in SecureCRT functionality. In the connection settings “Connection” => Logon Actions => Automate logon - you need to fill in several bundles - which involve pairs: “Expected text” + “Sent characters to this text” there can be many such pairs. (Example: 1st pair waiting for a username, second waiting for a password, third waiting for an invitation to privileged mode, fourth password from privileged mode.)

Example of automatic logon on Cisco ASA:

Manual start using a button in SecureCRT (a button has yet to be created and added to SecureCRT)

In SecureCRT, you can specify a script button. The button is added to a panel specially created for this purpose.

and. Add a panel to the interface: SecureCRT Menu => View => Button Bar
b. Add a button to the panel and add a script. - Right-click on the Button Bar and select "New button ..." in the context menu.
at. In the dialog box "Map Button" in the field "Action" Select the action (function) "Run Script".
Specify the signature for the button. Color for button icon. Finish the settings by clicking Ok.

Note:

The button bar is a very useful feature.

1. It is possible for Logon to indicate to a specific session which panel to open by default to this tab.

2. There is a possibility for standard actions with equipment to set predefined actions: show show version, show running-config, save the configuration.

No script is attached to these buttons. Only line with actions:

Settings - so that when switching to a session the necessary panel with buttons opens in the session settings:

It makes sense for the customer to configure individual scripts for Login and go to the panel with frequent commands for the vendor.

When you click the Cisco Go button, the panel switches to the Cisco Button Bar.

Examples of using simple and advanced scripts. (Practice from real life.)

Simple scripts are enough for almost all occasions. But once I needed to complicate the script a bit - to speed up the work. This complication only requested additional data in the dialog box from the user.

Requesting data from a user using a dialog box

I had 2 in the data request script. This is the Hostname and the 4th octet of the IP address. To perform this action - I googled how to do it and found it on the official website of SecureCRT (vandyke). - the functionality is called prompt.

	crt.Screen.WaitForString("-Vlanif200]")
	hostnamestr = crt.Dialog.Prompt("Enter hostname:", "hostname", "", False)
	ipaddressstr = crt.Dialog.Prompt("Enter ip address:", "ip", "", False)
	crt.Screen.Send("ip address 10.10.10.")
	crt.Screen.Send(ipaddressstr)
	crt.Screen.Send(" 23\r")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("sysname ")
	crt.Screen.Send(hostnamestr)
	crt.Screen.Send("\r")

This part of the script requested Hostname and numbers from the last octet. Since the equipment was 15 pcs. And the data was presented in the table, then I copied the values from the table and pasted into the dialog boxes. Further the script worked independently.

FTP copying to network equipment.

This script launched my command window (shell) and copied the data via FTP. Upon completion, he closed the session. It is impossible to use notepad for this, because copying takes a very long time and the data in the FTP buffer will not be stored so much:

# $language = "Python"
# $interface = "1.0"

# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.

def main():
	crt.Screen.Synchronous = True
	crt.Screen.Send("ftp 192.168.1.1\r")
	crt.Screen.WaitForString("Name")
	crt.Screen.Send("admin\r")
	crt.Screen.WaitForString("Password:")
	crt.Screen.Send("Password\r")
	crt.Screen.WaitForString("ftp")
	crt.Screen.Send("binary\r")
	crt.Screen.WaitForString("ftp")
	crt.Screen.Send("put S5720LI-V200R011SPH016.pat\r")
	crt.Screen.WaitForString("ftp")
	crt.Screen.Send("quit\r")
	crt.Screen.Synchronous = False
main()

Entering username / password using a script

At one customer, access to network equipment was directly closed. You could access the equipment by first connecting to the Default Gateway, and then from it then connecting to the equipment connected to it. To connect, we used the ssh client built into IOS / software equipment. Accordingly, the username and password were requested in the console. Using the script below, the username and password were entered automatically:

# $language = "Python"
# $interface = "1.0"

# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.

def main():
	crt.Screen.Synchronous = True
	crt.Screen.Send("snmpadmin\r")
	crt.Screen.WaitForString("assword:")
	crt.Screen.Send("Password\r")
	crt.Screen.Synchronous = False
main()

Note: The script was 2. One for the administrator account, the second for the eSIGHT account.

A script with the ability to directly append data during script execution.

The task was to add a static route on all network equipment. But the Internet gateway on each equipment had its own (and it was different from the default gateway). The following script displayed the routing table, entered the configuration mode and did not fully complete the command (gateway IP address on the Internet) - I added this part. After I pressed Enter, the script continued to execute the command.

# $language = "Python"
# $interface = "1.0"

# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.

def main():
	crt.Screen.Synchronous = True
	crt.Screen.Send("Zdes-mogla-bit-vasha-reklama\r")
	crt.Screen.WaitForString("#")
	crt.Screen.Send("show run | inc ip route\r")
	crt.Screen.WaitForString("#")
	crt.Screen.Send("conf t\r")
	crt.Screen.WaitForString("(config)#")
	crt.Screen.Send("ip route 10.10.10.8 255.255.255.252 ")
	crt.Screen.WaitForString("(config)#")
	crt.Screen.Send("end\r")
	crt.Screen.WaitForString("#")
	crt.Screen.Send("copy run sta\r")
	crt.Screen.WaitForString("[startup-config]?")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("#")
	crt.Screen.Send("exit\r")
	crt.Screen.Synchronous = False
main()

In this script, in the line: crt.Screen.Send (“ip route 10.10.10.8 255.255.255.252„), the IP address of the gateway is not added and there is no carriage return character. The script is waiting for the next line with the characters “(config) #” to appear. These characters appeared after I entered the ip address and enter.

Conclusion:

When writing a script and executing, the rule must certainly be followed: The time for writing the script and the script should never be longer than the time theoretically spent on doing the same work manually (copy / paste from notepad, writing and debugging a playbook for ansible, writing and debugging python script). That is, using a script should save time, and not waste time on one-time automation of processes (i.e., when the script is unique and there will be no more repetition). But if the script is unique and automation with the script and writing / debugging the script takes less time than execution in any other way (ansible, command window), then the script is the best solution.
Debugging a script. The script grows gradually, debugging occurs on a run on the first, second, third device and by the fourth the script will most likely be fully operational.

Running a script (with username + password) using the mouse is usually faster than copying Username and Password from Notepad. But not safe from a security point of view.
Another (real) example when using a script: You do not have direct access to network equipment. But there is a need to configure all network equipment (add to the monitoring system, configure additional Username / password / snmpv3username / password). There is access when you go to the Core switch, from it open SSH to other equipment. Why you can not use Ansible. - Because we run into a limit on the number of allowed simultaneous sessions on network equipment (line vty 0 4, user-interface vty 0 4) (another question is how to start different equipment in Ansible with the same SSH first hop).

The script reduces time during long operations - for example, copying files via FTP. After the copy is finished, the script immediately starts working. A person will need to see the end of copying, then realize the end of copying, then enter the appropriate commands. The script does this objectively faster.

The scripts are applicable where it is impossible to use the means of mass data delivery: Console. Or when some of the data for the equipment is unique: hostname, management ip address. Or when writing a program and debugging to it is more difficult than adding data received from the equipment while the script is running. - An example with a script for prescribing a route, when each equipment has its own Internet provider IP address. (My colleagues wrote such scripts - when DMVPN spoke for 3 hundreds. It was necessary to change the DMVPN settings).

Case study: Initial settings on a new switch through console ports:

A. I inserted the console cable into the device.
B. Launched the script
B. Waited for the script to complete
G. Drew the console cable to the next device.
D. If the switch is not the last, go to step B.

Total based on the results of the script:

The equipment has an initial password.
Username entered
entered a unique IP address for the device.

PS I had to repeat the operation. Because by default ssh was not configured / turned off. (Yes, this is my mistake.)

Used sources.

1. About creating scripts
2. Examples of scripts

Appendix 1: Examples of scripts.

An example of a long script, with two requests: Hostname and IP address. It was created for presetting equipment through the console (9600 baud). And also to prepare the connection of equipment to the network.

# $language = "Python"
# $interface = "1.0"

# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.

def main():
	crt.Screen.Synchronous = True
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("name")
	crt.Screen.Send("admin\r")
	crt.Screen.WaitForString("Password:")
	crt.Screen.Send("Password\r")
	crt.Screen.Send("sys\r")
	crt.Screen.WaitForString("]")
	crt.Screen.Send("interface Vlanif 1\r")
	crt.Screen.WaitForString("Vlanif1]")
	crt.Screen.Send("undo ip address\r")
	crt.Screen.Send("shutdown\r")
	crt.Screen.Send("vlan 100\r")
	crt.Screen.Send(" description description1\r")
	crt.Screen.Send(" name description1\r")
	crt.Screen.Send("vlan 110\r")
	crt.Screen.Send(" description description2\r")
	crt.Screen.Send(" name description2\r")
	crt.Screen.Send("vlan 120\r")
	crt.Screen.Send(" description description3\r")
	crt.Screen.Send(" name description3\r")
	crt.Screen.Send("vlan 130\r")
	crt.Screen.Send(" description description4\r")
	crt.Screen.Send(" name description4\r")
	crt.Screen.Send("vlan 140\r")
	crt.Screen.Send(" description description5\r")
	crt.Screen.Send(" name description5\r")
	crt.Screen.Send("vlan 150\r")
	crt.Screen.Send(" description description6\r")
	crt.Screen.Send(" name description6\r")
	crt.Screen.Send("vlan 160\r")
	crt.Screen.Send(" description description7\r")
	crt.Screen.Send(" name description7\r")
	crt.Screen.Send("vlan 170\r")
	crt.Screen.Send(" description description8\r")
	crt.Screen.Send(" name description8\r")               
	crt.Screen.Send("vlan 180\r")
	crt.Screen.Send(" description description9\r")
	crt.Screen.Send(" name description9\r")
	crt.Screen.Send("vlan 200\r")
	crt.Screen.Send(" description description10\r")
	crt.Screen.Send(" name description10\r")
	crt.Screen.Send("vlan 300\r")
	crt.Screen.Send(" description description11\r")
	crt.Screen.Send(" name description11\r")
	crt.Screen.Send("quit\r")
	crt.Screen.WaitForString("]")
	crt.Screen.Send("stp region-configuration\r")
	crt.Screen.Send("region-name desc\r")
	crt.Screen.Send("active region-configuration\r")
	crt.Screen.WaitForString("mst-region]")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("stp instance 0 priority 57344\r")
	crt.Screen.WaitForString("]")
	crt.Screen.Send("interface range GigabitEthernet 0/0/1 to GigabitEthernet 0/0/42\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("description Users\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port link-type hybrid\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("voice-vlan 100 enable\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("voice-vlan legacy enable\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port hybrid pvid vlan 120\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port hybrid tagged vlan 100\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port hybrid untagged vlan 120\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("stp edged-port enable\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("trust 8021p\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control action block\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control enable trap\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("interface range GigabitEthernet 0/0/43 to GigabitEthernet 0/0/48\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("description Printers\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port link-type access\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port default vlan 130\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("stp edged-port enable\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("trust 8021p\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control action block\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control enable trap\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("interface range XGigabitEthernet 0/0/1 to XGigabitEthernet 0/0/2\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("description uplink\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port link-type trunk\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port trunk allow-pass vlan 100 110 120 130 140 150 160 170 180 200\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("port trunk allow-pass vlan 300\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control broadcast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control multicast min-rate 1000 max-rate 1500\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control action block\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("storm-control enable trap\r")
	crt.Screen.WaitForString("port-group]")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("ntp-service unicast-server 10.10.10.4\r")
	crt.Screen.Send("ntp-service unicast-server 10.10.10.2\r")
	crt.Screen.Send("ntp-service unicast-server 10.10.10.134\r")
	crt.Screen.Send("ip route-static 0.0.0.0 0.0.0.0 10.10.10.254\r")
	crt.Screen.Send("interface Vlanif 200\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("-Vlanif200]")
        hostnamestr = crt.Dialog.Prompt("Enter hostname:", "hostname", "", False)
        ipaddressstr = crt.Dialog.Prompt("Enter ip address:", "ip", "", False)
	crt.Screen.Send("ip address 10.10.10.")
	crt.Screen.Send(ipaddressstr)
	crt.Screen.Send(" 24\r")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("sysname ")
	crt.Screen.Send(hostnamestr)
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("]")
	crt.Screen.Synchronous = False
main()

Such scripts are usually not needed, but the amount of equipment is 15. Allowed to speed up the setup. Configuring hardware further was faster with the SecureCRT Command window.

Account setup for ssh.

Another example. Setup also through the console.

# $language = "Python"
# $interface = "1.0"

# Connect to a telnet server and automate the initial login sequence.
# Note that synchronous mode is enabled to prevent server output from
# potentially being missed.

def main():
	crt.Screen.Synchronous = True
	crt.Screen.Send("\r")
	crt.Screen.WaitForString("name")
	crt.Screen.Send("admin\r")
	crt.Screen.WaitForString("Password:")
	crt.Screen.Send("Password\r")
	crt.Screen.WaitForString(">")
	crt.Screen.Send("sys\r")
	crt.Screen.Send("stelnet server enable\r")
	crt.Screen.Send("aaa\r")
	crt.Screen.Send("local-user admin service-type terminal ftp http ssh\r")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("user-interface vty 0 4\r")
	crt.Screen.Send("authentication-mode aaa\r")
	crt.Screen.Send("quit\r")
	crt.Screen.Send("quit\r")
	crt.Screen.Synchronous = False
main()

About SecureCRT:

: 99$ ( SecureCRT )

1 , ( ), .

Mac OS X Windows.

( )
Command Window
Serial/Telnet/SSH1/SSH2/Shell

Automate input to SecureCRT using scripts