oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Cisco Router Management Using Tcl on Mac OS X

by Michael J. Norton

Editor's Note: In his previous article, Network Test Automation with Mac OS X and Tcl, Michael Norton explained how to use Tcl and a utility that complements it, Expect, to help test and maintain networks. In this article, he builds upon that information by focusing more closely on Cisco Router Management.

In large-scale system test network environments, multiple tests could be executing in a test bed simultaneously. Cisco routers use a console to access each individual router. If one test network operator has the console to the router, then your access is postponed until the operator relinquishes the console. Another way to access the router, without the need for a router console, is through its HTTP server.

Were going to look at a library, written in Tcl, which will allow you to access your router's HTTP server and retrieve the same information as if you had a console. Although this article is geared for the Mac OS X user, Tcl is completely portable. In fact, I have run this library on a Win2K laptop, a Linux box, and a Sun Ultra 5 running Solaris 2.8.

IOS HTTP server

Related Reading

Managing IP Networks with Cisco Routers
Managing IP Networks with Cisco Routers
By Scott M. Ballew
Table of Contents
Sample Chapter
Full Description

Cisco Systems IOS operating system provides an HTTP server to access and manage your Cisco router(s). The router can be configured and modified using the HTTP server just as easily as if you were to sit at the router console and perform these operations. The only operation that can't be performed is a router reload (IOS jargon for performing a reboot).

Considerations need to be made here. First, as any network security guru will tell you, if they have access to a console, then they can easily compromise the network. Don't unwillingly provide a backdoor to hackers when activating the HTTP server. The HTTP server can be used internally if your network is secure behind a firewall. The IOS HTTP server's privileged access is maintainable under TACACS+. Second, if you're learning about the operation of the IOS HTTP server, set up a lab router to play around with. Never, ever, experiment on your live network. This is a good plan of approach for network security and your job security!

Graphic Representation of how Network Topology using TACACS+ works
Figure 1. Network Topology using TACACS+

HTTP server configuration

Comment on this articleAs Michael Norton said in the article, the possibilities are limitless when using Tcl in network testing and management. Do you have another example or situation that would be of interest?
Post your opinion

Before we proceed with the Tcl coding example, we'll need to establish an HTTP connection to our lab router using your browser. You will need console access to your lab router to make these configuration modifications. We will add the IOS IP HTTP server command to your router's configuration. Modifications to the routers configuration can only be added with exec mode access. The exec mode is typically password protected for obvious network security reasons.

lab_router> enable 

From the IOS exec mode, you can proceed to make modifications on your lab router. Type the IOS command, configure terminal or, shorthand, conf t.

lab_router #conf t 

Enter configuration commands, one per line. End with CNTL/Z.

lab_router (config)#ip http server 
lab_router (config)#end 

HTTP server authentication

Even though this is your lab router, I would like to re-enforce the issue of network security. In this example we'll configure basic HTTP authentication on our lab router. Again, from the IOS exec mode, we'll type:

lab_router #conf t 
Enter configuration commands, one per line.End with CNTL/Z. 
lab_router (config)#username spongebob password ixnay123 
lab_router (config)#end 

A more exhaustive description of configuring the IOS HTTP server can be found in the Cisco Systems documentation, Cisco IOS Web Browser Commands.

Testing the HTTP server configuration

Once you have entered the HTTP server configuration, you can use your browser to test your setup. In your browser, enter the IP address or the DNS alias of your lab router. If connection is established with your router via your browser, you should see a basic authentication window; see Figure 2. In this window, enter the username and password you configured on the router for HTTP server authentication. The example has username spongebob and password ixnay123.

Screenshot of Auth Window
Figure 2. A basic authentication window on Microsoft Internet Explorer.

Once your login is successful you will see contents in your browser similar to Figure 3. This is the standard home page for a Cisco router Web server. This page is also a useful starting point for examining URLs of various IOS router commands.

Screenshot of a typical Cisco IOS router Web server home page.
Figure 3. A typical Cisco IOS router Web server home page.

With your Web browser connection into your router working and verified, we're now ready to start some Tcl coding.

Pages: 1, 2

Next Pagearrow