# Automation using Programmable Configlets ## What is Programmable Configlets? Programmable Configlets allow network administrators to automate configuration changes across multiple devices. Instead of manually applying configuration changes one device at a time, these configlets define conditions and execute commands dynamically. This helps in managing large networks efficiently by enabling bulk changes and real-time adjustments. ## What are the benefits of Programmable Configlets & scripts? ### 1. Conditional configuration Programmable Configlets enable administrators to define specific conditions and apply configuration changes only when these conditions are met. - **Benefit:** Streamlines processes by targeting only the necessary devices or components for updates. ### 2. Looping configuration operations Loops can be used to iterate through multiple devices and apply configuration changes consistently. - **Benefit:** Saves time and reduces manual effort for repetitive tasks, such as updating interface descriptions, enabling SNMP settings, or enforcing security policies on devices. ### 3. Secure handling of sensitive data Sensitive information, like passwords, can be predefined and hidden within the configlet template. - **Benefit:** Protects confidential data from unauthorized access and accidental exposure. ### 4. Efficient bulk configuration Bulk operations enable administrators to modify settings across multiple interfaces or VLANs in one go. - **Benefit:** Enhances efficiency in managing network configurations, such as bulk updates for interfaces and VLAN settings. ## How to create a new Programmable Configlet? Follow the steps given below to add a programmable configlet in Network Configuration Manager: - Go to **"Config Automation" >> "Configlets" >> "Programmable Configlets"** and click the **"Add"** icon at the top right. - In the UI that opens: - Enter a name in the **Name** field. - Select the appropriate vendor (or leave it as **All**). - Provide a description in the **Description** field. - Under the **Execution Context** section, choose whether to execute the configlet on a single device or multiple devices. - In the **Configlet Content** field, use the following syntaxes: | Syntax | Description | |---|---| | `$device.execute("command")` | To execute a single command on a device | | `$device.executeBulk(["command1", "command2"])` | To execute multiple commands at once | | `$device.execute("command", "prompt")` | To specify the command and prompt | | `$device.execute("command", "prompt", timeout, delay, "msgSuffix")` | To specify prompt, timeout, delay, and message suffix | | `$device.executeTimeout("command", timeout)` | To specify the command and timeout | | `$device.executeTimeout("command", timeout, "prompt")` | To specify the timeout along with the prompt | | `$device.executeDelay("command", delay)` | To specify the command and delay | | `$device.executeDelay("command", delay, "prompt")` | To specify the delay along with the prompt | - Refer to this guide for more information on various functions used in Programmable Configlets: [link](https://www.manageengine.com/network-configuration-manager/kb/how-to/use-various-functions-programmable-configlets.html) - Use `$` to create variables. Example: `$device.execute("show interface $name")` - Click **Next**. - Provide: - **Display Name** - **Description** - Select the [data type](https://www.manageengine.com/network-configuration-manager/kb/faq.html?utm_source=inproduct#pc5) - Optionally set a **Default Value**. - To hide sensitive variables, enable **Hidden variables**. - For text variables, you can specify or create a regex: [Create a new regex](https://www.manageengine.com/network-configuration-manager/kb/how-to/create-a-new-NCM-regex.html) - Add predefined values under **Selection Fields** if needed. - Click **Save**. The new configlet will be added to the list of Programmable Configlets. ## Practical applications ### 1. Cisco – SNMP Trap Settings for Access Ports **Objective:** Configure SNMP Trap Settings for interfaces with admin access. **Configlet content:** ``` #foreach( $interface in $device.interfaces() ) #set( $switchport = $device.execute("switch show interface switchport $interface") ) #if( $switchport.toString().contains("Administrative Mode: access")) $device.execute("config t") $device.execute("interface $interface") $device.execute("snmp trap mac-notification") $device.execute("exit") #end #end ``` **Execution explanation:** - Iterates through each interface using `$device.interfaces()`. - Checks if the interface is in **access mode**. - If true, enters **configuration mode** and enables SNMP MAC notifications. **Configlet execution:** ![Configlet execution](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqYAAAE5CAYAAABCo+KU...) **Example execution:** **Iteration 1:** - **Interface:** GigabitEthernet 0/0 - **Current Mode:** Administrative Mode: trunk - **Condition Check:** `$switchport.contains("Administrative Mode: access") = false` - **Action:** No update performed. **Iteration 2:** - **Interface:** GigabitEthernet 0/1 - **Current Mode:** Administrative Mode: access - **Condition Check:** `$desc.contains("Administrative Mode: access") = true` - **Action:** Updates SNMP trap settings. --- ### 2. Firmware upgrade – General **Objective:** Automate firmware upgrades for network devices. **Configlet content:** ``` $device.execute("copy tftp flash", "]?") $device.execute($TFTP_SERVER_IP, "]?") $device.execute($SOURCE_FILE_NAME, "]?") $device.execute($DESTINATION_FILE_NAME) #set( $flashVal = $device.execute("show flash")) #if ( $flashVal.toString().contains($DESTINATION_FILE_NAME) ) $device.execute("reload", "confirm]") $device.execute("y","$NO_RESPONSE",-1,,"") $device.execute("config t") $device.execute("boot system $DESTINATION_FILE_NAME") $device.execute("exit") $device.execute("show version") #end ``` **Execution explanation:** - Copy firmware from the TFTP server. - Verify if the file exists. - If present: - Reload the device. - Configure the boot system. - Run `show version` to confirm the upgrade. --- ### 3. Model-based execution **Objective:** Configure device settings based on model. **Configlet content:** ``` #if( $device.model().contains("9300")) #set ( $mtu_size = "9000" ) #elseif( $device.model().contains("2900")) #set ($mtu_size = "1500" ) #else #set ( $mtu_size = "1000" ) #end $device.execute("conf t") $device.execute("system mtu $mtu_size") $device.execute("exit") ``` **Explanation:** - Checks device model using `$device.model()`. - Sets MTU size accordingly. - Applies the `system mtu` command in global configuration mode. **For Cisco device with model "9300":** ![Cisco device with model 9300](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAnEAAADdCAYAAADUzCSE...) **For Cisco device with model "2900":** ![Cisco device with model 2900](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAiQAAACoCAYAAADQHvX6...) **For other model devices:** ![Other model devices](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAmsAAADZCAYAAAB/0Xez...) **Example execution:** - **Cisco 9300 Series:** MTU = **9000 bytes** - **Cisco 2900 Series:** MTU = **1500 bytes** - **Other devices:** MTU = **1000 bytes**