ciscoconfparse
Contents
Introduction: What is ciscoconfparse?
Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your configurations:
- What interfaces are shutdown?
- Which interfaces are in trunk mode?
- What address and subnet mask is assigned to each interface?
- Which interfaces are missing a critical command?
- Is this configuration missing a standard config line?
It can help you:
- Audit existing router / switch / firewall / wlc configurations
- Modify existing configurations
- Build new configurations
Speaking generally, the library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.
Usage
The following code will parse a configuration stored in 'exampleswitch.conf' and select interfaces that are shutdown.
from ciscoconfparse import CiscoConfParse
parse = CiscoConfParse('exampleswitch.conf', syntax='ios')
for intf_obj in parse.find_objects_w_child('^interface', '^\s+shutdown'):
print("Shutdown: " + intf_obj.text)The next example will find the IP address assigned to interfaces.
from ciscoconfparse import CiscoConfParse
parse = CiscoConfParse('exampleswitch.conf', syntax='ios')
for intf_obj in parse.find_objects('^interface'):
intf_name = intf_obj.re_match_typed('^interface\s+(\S.+?)$')
# Search children of all interfaces for a regex match and return
# the value matched in regex match group 1. If there is no match,
# return a default value: ''
intf_ip_addr = intf_obj.re_match_iter_typed(
r'ip\saddress\s(\d+\.\d+\.\d+\.\d+)\s', result_type=str,
group=1, default='')
print("{0}: {1}".format(intf_name, intf_ip_addr))What if we don't use Cisco?
Don't let that stop you.
As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse can parse these configurations:
- Juniper Networks Junos
- Palo Alto Networks Firewall configurations
- F5 Networks configurations
CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:
- Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
- Arista EOS
- Brocade
- HP Switches
- Force 10 Switches
- Dell PowerConnect Switches
- Extreme Networks
- Enterasys
- Screenos
Docs
- The latest copy of the docs are archived on the web
- There is also a CiscoConfParse Tutorial
Building the Package
cdinto the root ciscoconfparse directory- Edit the version number in pyproject.toml (as required)
git commitall pending changesmake testmake repo-pushmake pypi
Pre-requisites
ciscoconfparse requires Python versions 3.5+ (note: version 3.7.0 has a bug - ref Github issue #117, but version 3.7.1 works); the OS should not matter.
Installation and Downloads
Use
poetryfor Python3.x...python -m pip install ciscoconfparse
If you're interested in the source, you can always pull from the github repo:
From github source download:
git clone git://github.com/mpenning/ciscoconfparse cd ciscoconfparse/ python -m pip install .
Other Resources
- Dive into Python3 is a good way to learn Python
- Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
- Cisco's Guide to hardening IOS devices
- Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)
Bug Tracker and Support
- Please report any suggestions, bug reports, or annoyances with ciscoconfparse through the github bug tracker.
- If you're having problems with general python issues, consider searching for a solution on Stack Overflow. If you can't find a solution for your problem or need more help, you can ask a question.
- If you're having problems with your Cisco devices, you can open a case with Cisco TAC; if you prefer crowd-sourcing, you can ask on the Stack Exchange Network Engineering site.
Unit-Tests
Github workflow tests ciscoconfparse on Python versions 3.6 and higher, as well as a pypy JIT executable.
Click the image below for details; the current build status is:
License and Copyright
ciscoconfparse is licensed GPLv3
- Copyright (C) 2021-2022 David Michael Pennington
- Copyright (C) 2020-2021 David Michael Pennington at Cisco Systems
- Copyright (C) 2019 David Michael Pennington at ThousandEyes
- Copyright (C) 2012-2019 David Michael Pennington at Samsung Data Services
- Copyright (C) 2011-2012 David Michael Pennington at Dell Computer Corp
- Copyright (C) 2007-2011 David Michael Pennington
The word "Cisco" is a registered trademark of Cisco Systems
Author and Thanks
ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [/dot] net).
Special thanks:
- Thanks to David Muir Sharnoff for his suggestion about making a special case for IOS banners.
- Thanks to Alan Cownie for his API suggestions.
- Thanks to CrackerJackMack for reporting Github Issue #13
- Soli Deo Gloria
