Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Network Change & Configuration Management

Reply

HP Procurve and SNMPv3

Authority
Posts: 7
6839     0

Folks,

 

Has anyone been able to successfully script the enabling of SNMPv3 on HP Procurve switches? I'm running into trouble triggering commands on output from the CLI. Here is what the process looks like from the CLI:

 

hp-switch# conf t
hp-switch(config)# snmpv3 enable
SNMPv3 Initialization process.
Creating user 'initial'
Authentication Protocol: MD5
Enter authentication password: ******
Privacy protocol is DES
Enter privacy password: ******

User 'initial' has been created
Would you like to create a user that uses SHA? [y/n] n

User creation is done. SNMPv3 is now functional.
Would you like to restrict SNMPv1 and SNMPv2c messages to have read only
access (you can set this later by the command 'snmp restrict-access')? [y/n] n
hp-switch(config)#

 

Yes, it runs a mini-script while you are in config mode. So, I've got my triggers to look for the prompts which require some input, but all I've been able to achieve is the device timing out while it's waiting for the first input (Enter authentication passwordSmiley Happy.

 

I'm assuming there is something wrong with my trigger-template, to explain why the trigger-command isn't running. Or is it possible that NetMRI doesn't realize that the device is waiting for some new input because of the non-standard prompt?

 

###########################################################################
## Export of Script: HP_SNMPv3
## Script-Level: 1
## Script-Category: 
## Script-Language: CCS
###########################################################################

Script:
	HP_SNMPv3

Script-Description:
	'Enable and configure SNMPv3 on HP Procurve devices'

Script-Filter:
	$Vendor eq "HP"

Script-Variables:
	$authpass	string "Authentication Password"
	$privpass	string "Privacy Password"

########################################################################
Action:
	Enable snmpv3 on HP Procurve Switch

Action-Commands:
	SET:$updatemade = "no"
	conf t
	snmpv3 enable 

Output-Triggers:
	Authentication Password
########################################################################
Trigger:
	Authentication Password

Trigger-Template:
	Enter authentication password:

Trigger-Commands: {$updatemade eq "no"}
	$authpass

 

Re: HP Procurve and SNMPv3

Adviser
Posts: 65
6840     0

Hi,

 

I believe the best approach for you is in the following section of the CCS scripting guide. Unde the "Script for Copying a File to a Device via SCP" section.

 

There is the option to use "Trigger-Prompt:" which will allow you to deal with each line as a separate prompt.

Re: HP Procurve and SNMPv3

[ Edited ]
Authority
Posts: 7
6840     0

Ingmar, 

 

Thank you for the reply. I spent some time this morning solving the problem with a python script, as I found something close, and modified it to fit my needs. It's basic and can be improved, but it gets the job done for now. Smiley Happy 

 

from netmiko import ConnectHandler
from datetime import datetime
import time

ip_addr01 = '10.10.10.10'


hp1 = {
'device_type': 'hp_procurve',
'ip': ip_addr02,
'username': "username",
'password': "password",
}

all_devices = [hp1]

start_time = datetime.now()
print ("Start Time = {}".format(start_time))


for a_device in all_devices:
    net_connect = ConnectHandler(**a_device)
    print("----------------------------------------BEGIN {0}----------------------------------------".format(a_device['ip']))
    print ("\n>>>>>>>>> Enabling SNMPv3 on - {0} <<<<<<<<<".format(a_device['ip']))

    print ("\n>>>>>>>>> Entering config mode - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.config_mode()
   
    time.sleep(5)
    print ("\n>>>>>>>>> Begin SNMPv3 Script - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.send_command_timing("snmpv3 enable", strip_command=False, strip_prompt=False)

    time.sleep(10)
    print ("\n>>>>>>>>> Send Auth Pass - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.send_command_timing("123456", strip_command=False, strip_prompt=False)
 
    time.sleep(10)
    print ("\n>>>>>>>>> Send Priv Pass - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.send_command_timing("123456", strip_command=False, strip_prompt=False)

    time.sleep(10)
    print ("\n>>>>>>>>> Send First Nope - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.send_command_timing("n", strip_command=False, strip_prompt=False)

    time.sleep(10)
    print ("\n>>>>>>>>> Send Second Nope - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv31 = net_connect.send_command_timing("n", strip_command=False, strip_prompt=False)

    time.sleep(10)
    print ("\n>>>>>>>>> Send Proper SNMPv3 Commands - {0} <<<<<<<<<".format(a_device['ip']))

    snmpv31 += net_connect.send_command("snmpv3 user testuser auth md5 md5pass priv aes privpass")
    snmpv31 += net_connect.send_command("snmpv3 group managerpriv user testuser sec-model ver3")
    snmpv31 += net_connect.send_command("no snmpv3 user initial")
    print ("\n>>>>>>>>> Exiting Config Mode - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv32 = net_connect.exit_config_mode()
    print ("\n>>>>>>>>> Writing to NVRAM - {0} <<<<<<<<<".format(a_device['ip']))
    snmpv32 = net_connect.send_command("wr mem\r\r")
    print ("----------------------------------------END {0}----------------------------------------".format(a_device['ip']))


end_time = datetime.now()
total_time = end_time - start_time
print ("Total Time = {}".format(total_time))
Showing results for 
Search instead for 
Did you mean: 

Recommended for You