Cisco Router Management Using Tcl on Mac OS X
Pages: 1, 2
Connecting to the router's HTTP server using Tcl
Our first Tcl coding project will demonstrate how to connect to the Cisco router's IOS HTTP server. The Tcl routines we need have been placed into a library file, IOSHttp.tcl. This file needs to be sourced in our Tcl script. The library
IOSHttp.tcl initializes the Tcl HTTP library. The library also contains routines for basic HTTP authentication; see Website Password Authentication with Tcl by Tony Darugar. Darugar's libraries, base64.tcl and http_pwd_encode.tcl, are loaded for base 64 authentication. The first line of the coding example looks like:
This loads our library of canned HTTP routines into the Tcl interpreter. Next, we set up the router IP address and authentication ID.
# set router http server address set router "184.108.40.206" set url $router # set the HTTP Basic Authentication set username "spongebob" set password "ixnay123" set basicAuth [GetBase64String $username $password]
The Tcl procedure
IOSHttp.tcl, is the wrapper for Tony Darugar's base 64 library calls. The encoded base 64 result is stored in the Tcl variable
basicAuth. This variable initialization is critical for basic HTTP authentication. Once
basicAuth is set, we can connect to the Cisco router's IOS HTTP server, using the following code snippet.
# connect to the router via http server set statusToken [GetHttpServerURL $basicAuth $url]
Once again, the
IOSHttp.tcl library primarily contains wrapper functions.
GetHttpServerURL is the wrapper for the Tcl HTTP package. The parameters passed in are the
basicAuth string and a
url string. The function returns a token that contains the name of the global status array. The status array holds information about the state of the URL transaction. To retrieve the actual contents of the HTML sent by the router, we must pass the
statusToken to the
# retrieve the HTML response from the globl state array set rawHtml [GetHttpServerHTML $statusToken] puts $rawHtml
That's it! Everything you need to connect to your router in about nine lines of Tcl code. The complete listing for this example is provided in source code file, example1.tcl. Next, let's take a look at how to access the router's Cisco IOS exec mode. This is the level you'll need to access for router automation and control. To test the script, execute the following from the workstation command line:
spongebob# tclsh example1.tcl
IOS exec level operation
All critical router operations and modifications are performed at the IOS exec level. This includes show commands and entering the router's configuration mode. I'll demonstrate in this example how to execute the IOS exec command
lab_router#sh interfaces Ethernet0 is up, line protocol is up Hardware is Lance, address is 0050.5433.813c (bia0050.5433.813c) Internet address is 220.127.116.11/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 1000 bits/sec, 2 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 237207 packets input, 17505813 bytes, 0 no buffer Received 147438 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 209269 packets output, 14241109 bytes, 0 underruns(3/1/0) 2 output errors, 4 collisions, 11 interface resets 0 babbles, 0 late collision, 20 deferred 2 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out --More--
You can accomplish this functionality using our
IOSHttp.tcl library. First, you must understand how the IOS parser operates and which mode commands operate in. All the show commands in IOS belong to the exec mode. The URL for show interfaces is simply
/exec/show/interfaces/CR. Our code looks like this:
set router 18.104.22.168 set iosurl /exec/show/interfaces/CR set url $router$iosurl
In case you were wondering, yes, the
CR is required at the end of a command. The
CR instructs the parser to terminate and no other command options are present. The code for show interfaces is presented in example2.tcl. The example script can be executed from your workstation:
spongebob# tclsh example1.tcl
The tip of the iceberg
Okay, so you can execute a "show interfaces" command via HTTP. Big deal, right? Well, this simple snippet of code is just to get you started. You now have your foot in the door -- of your router, that is. All operations can be performed on your router using the HTTP server, just as if you were sitting at a console. The exception to the rule is in the fact you can't perform a reload (reboot the router). You can do everything else though, and this is where the HTTP server becomes invaluable. Another consideration is to incorporate TACACS+ with the HTTP server, if you're using these network security authentication servers. Once you master regular expressions in Tcl, you'll be banging out traffic statistic charts, or monitoring what routers are running what images. The possibilities are limitless.
Michael J. Norton is a software engineer at Cisco Systems.
Return to the Mac DevCenter.