GNS3 Talks: Python for Network Engineers with GNS3 (Part 16) - Netmiko, SSH, Python Cisco switches

Udemy: Get the course for $10 here: https://goo.gl/QYC988 GNS3 Academy: Get the course for $10 here: https://goo.gl/vnZJhg More free Python videos here: https://www.youtube.com/playlist?list=PLhfrWIlLOoKPn7T9FtvbOWX8GxgsFFNwn Learn Python programming with GNS3. In this series of videos, I will show you how you can quickly and easily program Cisco networks using Python. Cisco Wired LAN Design Guide: https://goo.gl/k855Vj Script on GitHub: https://github.com/davidbombal/pythonvideos/commit/f154a11443ed1c67b94402e4925e53a173d6ff2a Transcription: This is one of the multiple videos showing you how to use Python to configure Cisco networks. In this example, we're going to use Netmiko to configure a campus network running in GNS3 based on a validated Cisco technology design guide for campus wired local area networks. Cisco has for years provided solution reference network design guides and validated designs for different networks and implementations. This guide can help you implement best practices in Wired campus networks. So as an example, at the access layer, you need to think about a security and implementing DHCP snooping, IP source guard, port security, and dynamic ARP inspection. Different access layer platforms are discussed and lots of examples and best practices and associated explanations are provided in this guide. There are examples of how to implement quality of service for IP phones. So very good examples of quality of service are provided in this guide. There's also a procedure for LAN switch universal settings such as configuring the host name, such as configuring VTP transparent mode and the reasons for configuring VTP transparent mode. It's recommended that you run rapid PVST, you enable UDLD, you enable recovery mechanisms to allow ports disabled as a result of errors to automatically clear error disabled status and attempt a recovery. So we have this option error disabled recovery cause all for EtherChannels you should be using load balancing using source and destination IP addresses. You should configure a DNS server. You should configure HTTPS and disable HTTP. You should be using SSH rather than telnet. You can enable SNMP and then lock it down SNMP using an access list as well as locking down access to the vty lines. You can configure a local username and password or better use a TACACS server. You should also be using NTP and set your time stamps. So there's a lot of good information in this guide. I won't bore you going through the entire guide. They talk about the VLAN configuration, setting a IP default gateway or IP route enabling DHCP snooping, enabling ARP inspection, configuring BPDU guard on port fast enabled interfaces, enabling IPv6 first top security policy for host ports, configuring voice VLANs and access VLANs optimizing the interface for device connectivity by applying the switch port host command This command does 3 things: it applies search port access mode which disables the negotiation of trunking and enables participation as an access port in a VLAN, it enables PortFast it then continues talking about port security. So basically there's a lot of configuration that you should be applying to an access switch. So on an access switch connected to a distribution switch, you're going to want to configure a data VLAN, a voice VLAN, in management VLAN configure a default gateway, configure IP DHCP snooping, configure ARP inspection, Spanning Tree PortFast. There's a range of commands that you're going to want to configure on your access interfaces and you're going to want to configure quality of service. So here's an example of some of the commands that you should configure on your devices in your network. I've just taken some sample data. So as an example, I've got an SNMP community that's read-only called Python1. SNMP community called Python2 which is read-write. I've configured an NTP server and some other options that notice there's quite a bit of configuration to do on your devices in your network. In this example I've only got 3 access switches but imagine that you had many access switches in your topology and that you wanted to ensure that the configuration was consistent on all your devices. This is where an automation tool such as Python or Ansible can be very useful. So in our example I'm going to use a simple Python script to configure these searches in the topology based on this campus-wide design document as well as a call configuration which we saw in the previous video. So my access switches are going to be configured using a file called iosv_l2_cisco and let's call it Cisco design. So we'll create a file with these commands from the Cisco design guide and these commands will then be applied to the 3 access switches in our topology. Switch 5, 4 and 3. In other words these 3 access switches.