Nornir config access ports

Dependencies

    pip3 install nornir
    pip3 install nornir_utils
    pip3 install nornir_jinja2
    pip3 install nornir_netmiko

    pip3 install rich
    pip3 install ntc-templates

Overview

This script is built around Nornir 3.0 and its various plugins. For ease of use and readability, getpass and rich were also incorporated. This Python script will run three tasks:

  • get_access_ports
  • generate_config
  • push_config

For each host we will gather all switchports and filter only the access ports. Once the ports are gathered, we will generate configuration for the host device based on the jinja2 template. The jinja2 template consists of general host configuration and interface configuration. Last but not least, we push the generated configuration to the hosts.

Related Sandbox

Related DevNet Sandbox:

IOS XE on Catalyst 9000

Links to DevNet Learning Labs

Python introduction Learning Labs:

Intro Python: Part 1

Intro Python - Part 2

Get to know jinja2 templating:

NAPALM with Templates

Solutions on Ecosystem Exchange

Related solutions on DevNet Ecosystem Exchange:

Nornir 3 Filtering Demo

Nornir3_802.1x_configuration

How to Use

Note: Using the ntc-templates through PyPI never worked out for me. To ease the set-up I have copied the ntc_templates folder directly in the same destination folder. The corresponding code can be found at line 52. You may have better luck than me by using the PyPI-version.

Step 1 - Download the repository

Choose a path of your liking and clone the GitHub repositoy in this path:
git clone https://github.com/brammeskens/nornir_config_access_ports.git

Step 2 - Create your Python virtual environment

It's generally cleaner to use Python virtual environments as each virtual environment has its own Python binary and independent packages. So we will create one:
python3 -m venv nornir_config_access_ports

Step 3 - Activate your Python virutal environment

After the creation of the virtual environment, we should activate it so we can actually make use of it:

cd nornir_config_access_ports
source bin/activate

Step 4 - Install the dependencies

Let's install the dependencies with the requirements.txt file from the repo:
pip3 install -r requirements

Step 5 - Create your Nornir 3 inventory

General usage of Nornir is required. Please see nornir.tech or nornir-automation. Example files have already been supplied at the inventory folder. Alter these files to match your environment:

inventory/defaults.yaml
inventory/groups.yaml
inventory/hosts.yaml

Step 6 - Filter your Nornir 3 inventory to your liking

It's a good idea to start small and not run your script on your whole inventory. That's where Nornir 3's filtering comes into play. In case you would like to filter your hosts based on their parent group, you may want to add the following code after Nornir initialization (line 54):
nr = nr.filter(F(has_parent_group='afg'))
For further Nornir 3 filtering examples and practice see Nornir 3 Filtering Demo.

Step 7 - Change the jinja2 template to the configuration you want

Alter the jinja2 template file located at templates/8021x_mon.j2 or create a new jinja2 file to your liking in the folder. In our example 8021x_mon.j2 file you will find a general part of the configuration we want to send to the host (change it as needed). Next you will find a section to generate the specific configuration to the access ports:

{% for i in host["access_ports"] %}
interface {{i['interface']}}
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout tx-period 8
spanning-tree portfast
!
{% endfor %}

Your custom access port configuration should be inserted between interface {{i['interface']}} and !. If your have changed the template's name or are using a new jinja2 template file, alter the name at line 64 next to j2template=:
result_gen_config = nr.run(task = generate_config, j2path= "templates/", j2template = "8021x_mon.j2")

Step 8 - Run the script

You should be ready to run the script now. If you feel uncertain about the push_config task, we advise you to comment out lines 68 and 69 by inserting # at the beginning of the line before you run the script. To run the script you simply enter:
python3 config_access_ports.py
The script will prompt you for the user's (defined in inventory/defaults.yaml) password and will run the following tasks by default:

get_access_ports
generate_config
push_config

As always, test your changes to a demo host in a lab environment before actually using it in a production environment.

View code on GitHub
  • Owner

  • Contributors

    +1Github contributor
  • Categories

  • Products

    IOS XE
  • Programming Languages

    Python
  • License

    MIT License

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.