Automation using Programmable Configlets

What is Programmable Configlets?

What are the benefits of Programmable Configlets & scripts?

1. Conditional configuration

Programmable Configlets enable administrators to define specific conditions and apply configuration changes only when these conditions are met.

• Benefit: Streamlines processes by targeting only the necessary devices or components for updates.

2. Looping configuration operations

Loops can be used to iterate through multiple devices and apply configuration changes consistently.

• Benefit: Saves time and reduces manual effort for repetitive tasks, such as updating interface descriptions, enabling SNMP settings, or enforcing security policies on devices.

3. Secure handling of sensitive data

Sensitive information, like passwords, can be predefined and hidden within the configlet template.

• Benefit: Protects confidential data from unauthorized access and accidental exposure.

4. Efficient bulk configuration

Bulk operations enable administrators to modify settings across multiple interfaces or VLANs in one go.

• Benefit: Enhances efficiency in managing network configurations, such as bulk updates for interfaces and VLAN settings.

How to create a new Programmable Configlet?

Follow the steps given below to add a programmable configlet in Network Configuration Manager:

• Go to "Config Automation" >> "Configlets" >> "Programmable Configlets" and click "Add" icon at the top right.
• In the UI that opens, enter a name for the configlet in the 'Name' field, select the appropriate vendor if the configlet applies to specific vendors (or leave it as "All"), and then provide a description in the 'Description' field for future reference.
• Under the 'Execution Context' section, you can choose to execute the programmable configlet on a single device or on multiple devices simultaneously.
• In the text field 'Configlet Content', the configuration command should be given using  these syntaxes:



Syntax	Description
$device.execute("command")	To execute a single command on a device
$device.executeBulk(["command1", "command2"])	To execute multiple commands at once
$device.execute("command", "prompt")	To specify the command and prompt
$device.execute("command", "prompt", timeout, delay, "msgSuffix")	To specify prompt, timeout, delay, and message suffix
$device.executeTimeout("command", timeout)	To specify the command and timeout
$device.executeTimeout("command", timeout, "prompt")	To specify the timeout along with the prompt
$device.executeDelay("command", delay)	To specify the command and delay
$device.executeDelay("command", delay, "prompt")	To specify the delay along with the prompt



• Please refer to this link for more information on various functions that can be used in Programmable Configlets.
• While entering the configuration command, use $ to create a variable. For instance, $device.execute("show interface $name") (here, "$name" is the configlet variable)
• Click 'Next'
• In this tab, you can enter the 'Display Name', 'Description', and select the data type for the variables.
• You can also set a 'Default Value' for a variable, if needed.
• To hide sensitive variables, check the 'Hidden variables' checkbox (Optional).
• For the Text data type, you can specify a regex for the variable input, if needed. You can also create a new regex in the same page or here.
• If you have multiple values that you want to predefine before executing the configlet, you can add the values to 'Selection Fields' and choose the desired value during configlet execution.
• Click 'Save'
• The new configlet is added to the list of Programmable Configlets.

Practical applications

1. Cisco - SNMP Trap Settings for Access Ports

Objective:

Configure SNMP Trap Settings for interfaces with admin access.

Configlet content:

#foreach( $interface in $device.interfaces() )
     #set( $switchport = $device.execute("switch show interface switchport $interface") )
     #if( $switchport.toString().contains("Administrative Mode: access"))
         $device.execute("config t")
         $device.execute("interface $interface")
         $device.execute("snmp trap mac-notification")
         $device.execute("exit")
     #end
#end

Execution explanation:

• The script iterates through each interface using $device.interfaces().
• It checks if the interface is in access mode, by executing the command switch show interface switchport <interface>.
• If the condition is met, it enters configuration mode and enables SNMP MAC notifications.

Configlet execution:

Example execution:

1. Iteration 1:

• Interface: GigabitEthernet 0/0
• Current Mode: Administrative Mode: trunk
• Condition Check: $switchport.contains("Administrative Mode: access") = false
• Action: No update is performed as the keyword is not found.

2. Iteration 2:

• Interface: GigabitEthernet 0/1
• Current Mode: AdministrativeMode:access
• Condition Check: $desc.contains("Administrative Mode: access") = true
• Action: Updates SNMP trap settings.
   

2. Firmware upgrade - general

Objective:

Automate firmware upgrades for network devices.

Configlet content:

$device.execute("copy tftp flash", "]?")
$device.execute($TFTP_SERVER_IP, "]?")
$device.execute($SOURCE_FILE_NAME, "]?")
$device.execute($DESTINATION_FILE_NAME)
#set( $flashVal = $device.execute("show flash"))
#if ( $flashVal.toString().contains($DESTINATION_FILE_NAME) )
$device.execute("reload", "confirm]")
$device.execute("y","$NO_RESPONSE",-1,240000,"")
$device.execute("config t")
$device.execute("boot system $DESTINATION_FILE_NAME")
$device.execute("exit")
$device.execute("show version")
#end

Execution explanation:

• Copy firmware from the TFTP server to the device.
• Verify if the firmware file exists.
• If the file exists, reload the device and configure the boot system.
• Finally, execute the "show version" command to confirm the update.
   

 3. Model based execution

Objective:

Configures device settings based on a model.

Configlet content:

#if( $device.model().contains("9300"))
     #set ( $mtu_size = "9000" )
#elseif( $device.model().contains("2900"))
     #set ($mtu_size = "1500" )
#else
     #set ( $mtu_size = "1000" )
#end
$device.execute("conf t")
$device.execute("system mtu $mtu_size")
$device.execute("exit")

Explanation:

• Initially it checks the model of the device using the device.model() function. Based on the model, it sets the MTU size variable.
• Under global configuration mode on the device it sets the MTU to the value stored in the $mtu_size variable.
• Depending on the device model, this could be 9000, 1500, or 1000 bytes. The system mtu command applies the MTU configuration globally across the device.

For Cisco device with model "9300",

For Cisco device with model "2900",

For other model devices

Example execution:

• For Cisco 9300 Series Devices: If the device model contains the string "9300", it sets the MTU size to 9000 bytes (commonly used for Jumbo frames).
• For Cisco 2900 Series Devices: If the device model contains the string "2900", it sets the MTU size to 1500 bytes (the typical MTU for Ethernet).
• For all the other devices: If the device model doesn't match "9300" or "2900", it sets the MTU size to 1000 bytes (a generic or default setting, though uncommon).