Contents (source: https://github.com/mpenning/ciscoconfparse)
Introduction: What is ciscoconfparse?
ciscoconfparse is a Python library, which parses through Cisco IOS-style (and other vendor) configurations. It can:
- Audit existing router / switch / firewall / wlc configurations
- Retrieve portions of the configuration
- Modify existing configurations
- Build new configurations
The library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.
What if we don’t use Cisco?
Don’t let that stop you.
As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse understands these configurations:
- Juniper Networks Junos
- Palo Alto Networks Firewall configurations
- F5 Networks configurations
CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:
- Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
- Arista EOS
- Brocade
- HP Switches
- Force 10 Switches
- Dell PowerConnect Switches
- Extreme Networks
- Enterasys
- Screenos
Docs
- The latest copy of the docs are archived on the web
- There is also a CiscoConfParse Tutorial
Pre-requisites
ciscoconfparse requires Python versions 2.6, 2.7 or 3.2+; the OS should not matter. If you want to run it under a Python virtualenv, it’s been heavily tested in that environment as well.
Installation and Downloads
The best way to get ciscoconfparse is with setuptools or pip. If you already have setuptools, you can install as usual:
# Substitute whatever ciscoconfparse version you like... easy_install -U ciscoconfparse==1.3.14
Alternatively you can install into Python2.x with pip:
pip install --upgrade ciscoconfparse
Use pip3
for Python3.x…
pip3 install --upgrade ciscoconfparse
Otherwise download it from PyPi, extract it and run the setup.py
script:
python setup.py install
If you’re interested in the source, you can always pull from the github repo or bitbucket repo:
- From github:
git clone git://github.com//mpenning/ciscoconfparse
FAQ
- QUESTION: I want to use ciscoconfparse with Python3; is that safe? ANSWER: As long as you’re using Python 3.3 or higher, it’s safe. I test every release against Python 3.2+; however, Python 3.2 is currently exposed to a small bug for some configurations (see Github Issue #14).
- QUESTION: Some of the code in the documentation looks different than what I’m used to seeing. Did you change something? ANSWER: Yes, starting around ciscoconfparse v0.9.10 I introducted more methods directly on
IOSConfigLine()
objects; going forward, these methods are the preferred way to use ciscoconfparse. Please start using the new methods shown in the example, since they’re faster, and you type much less code this way. - QUESTION: ciscoconfparse saved me a lot of time, I want to give money. Do you have a donation link? ANSWER: I love getting emails like this; helping people get their jobs done is why I wrote the module. However, I’m not accepting donations.
- QUESTION: Is there a way to use this module with perl? ANSWER: Yes, I do this myself. Install the python package as you normally would and import it into perl with
Inline.pm
andInline::Python
from CPAN. - QUESTION: When I use
find_children("interface GigabitEthernet3/2")
, I’m getting all interfaces beginning with 3/2, including 3/21, 3/22, 3/23 and 3/24. How can I limit my results? ANSWER: There are two ways… the simplest is to use the ‘exactmatch’ option…find_children("interface GigabitEthernet3/2", exactmatch=True)
. Another way is to utilize regex expansion that is native to many methods…find_children("interface GigabitEthernet3/2$")
Other Resources
- Dive into Python3 is a good way to learn Python
- Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
- Cisco’s Guide to hardening IOS devices
- Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)
Bug Tracker and Support
- Please report any suggestions, bug reports, or annoyances with ciscoconfparse through the github bug tracker.
- If you’re having problems with general python issues, consider searching for a solution on Stack Overflow. If you can’t find a solution for your problem or need more help, you can ask a question.
- If you’re having problems with your Cisco devices, you can open a case with Cisco TAC; if you prefer crowd-sourcing, you can ask on the Stack Exchange Network Engineering site.
Unit-Tests
Travis CI project tests ciscoconfparse on Python versions 2.6 through 3.6, as well as a pypy JIT executable.
Click the image below for details; the current build status is:
License and Copyright
ciscoconfparse is licensed GPLv3; Copyright David Michael Pennington, 2007-2018.
ciscoconfparse is not affiliated with Cisco Systems in any way; the word “Cisco” is a registered trademark of Cisco Systems
Author and Thanks
ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [/dot] net).
Special thanks:
- Thanks to David Muir Sharnoff for his suggestion about making a special case for IOS banners.
- Thanks to Alan Cownie for his API suggestions.
- Thanks to CrackerJackMack for reporting Github Issue #13
- Soli Deo Gloria