H3C、华三交换机CRT开局配置脚本
本帖最后由 148632579 于 2023-3-14 15:16 编辑一、介绍
本脚本纯个人使用,因需要配置很多交换机,切版本不一。论坛中有一个-网络工程师脚本生成工具-感觉不符合个人使用场景,特有此脚本。
二、脚本
脚本自动识别版本 v3 v5 v7。
脚本中 AAAA 和127.0.0.1 的请自行替换。
自行注视掉不需要的部分
此脚本是配合CRT使用
如有不足欢迎指正
三、免费正文:Dweeqw
------------------------------------------------
#$language = "VBScript"
#$interface = "1.0"
'by lixiang
crt.Screen.Synchronous = True
Sub Main
crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
If (crt.Screen.WaitForString("Version 7",3) <> False)Then
MsgBox("H3C设备,系统版本V7")
crt.Screen.Send " "& chr(13)
'基本配置
crt.Screen.Send "vlan 2 to 4094"& chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send " "& chr(13)&"sysname "& InputBox("1-64个字符,貌似支持中文","输入设备名称","123") & chr(13)
crt.Sleep 3000'等待ms
crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
crt.Screen.Send " "& chr(13)&"interface Vlan-interface"& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
crt.Screen.Send " "& chr(13)&"ip address "& InputBox("IP+掩码","输入管理地址","127.0.0.1 255.255.225.0") & chr(13)& "quit"& chr(13)
crt.Screen.Send " "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 127.0.0.254") & chr(13)& chr(13)
crt.Sleep 1000'等待ms
'开启snmp
crt.Screen.Send "snmp-agent"&chr(13)
crt.Screen.Send "snmp-agent community read AAAA"&chr(13)
crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA v2c"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
'远程acl
crt.Screen.Send "acl number AAAA"&chr(13)
crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
crt.Screen.Send "rule 100 deny"&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "telnet server acl AAAA"&chr(13)
'域
crt.Screen.Send "radius scheme cams"&chr(13)
crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
crt.Screen.Send "accounting-on enable"&chr(13)
crt.Screen.Send "key authentication cipher AAAA"&chr(13)
crt.Screen.Send "key accounting cipher AAAA"&chr(13)
crt.Screen.Send "retry stop-accounting 10"&chr(13)
crt.Screen.Send "radius scheme AAAA"&chr(13)
crt.Screen.Send "user-name-format without-domain"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "authentication default radius-scheme cams"&chr(13)
crt.Screen.Send "authorization default radius-scheme cams"&chr(13)
crt.Screen.Send "accounting default radius-scheme cams"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "domain default enable AAAA"&chr(13)
'登录
crt.Screen.Send "local-user AAAA"&chr(13)
crt.Screen.Send "password simple AAAA"&chr(13)
crt.Screen.Send "authorization-attribute user-role network-admin"&chr(13)
crt.Screen.Send "service-type ssh terminal "&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh user AAAA service-type stelnet authentication-type password"&chr(13)
crt.Screen.Send "user-interface aux 0"&chr(13)
crt.Screen.Send " "& chr(13)&"set authentication password simple "& InputBox("","输入console密码","AAAA") & chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "user-interface vty 0 63"&chr(13)
crt.Screen.Send "acl AAAA inbound"&chr(13)
crt.Screen.Send "protocol inbound all"&chr(13)
crt.Screen.Send "authentication-mode scheme"&chr(13)
crt.Screen.Send "user-role network-admin"&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "public-key local create rsa"&chr(13)
crt.Screen.Send "y"&chr(13)&chr(13)
crt.Sleep 3000
crt.Screen.Send "public-key local create rsa"&chr(13)
crt.Screen.Send "public-key local create dsa"&chr(13)&chr(13)
crt.Sleep 3000
MsgBox("下面进行access端口配置")
crt.Screen.Send " "& chr(13)&"interface range "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Gigabi 1/0/1 to Gigabi 1/0/6") & chr(13)
crt.Screen.Send " "& chr(13)&"port access vlan "& InputBox("access vlan","access 端口vlan","2") & chr(13)
crt.Screen.Send "stp edged-port enable"&chr(13)
crt.Screen.Send "stp edged-port" & chr(13)
crt.Screen.Send "quit"&chr(13)
MsgBox("下面进行trunk端口配置")
crt.Screen.Send " "& chr(13)&"interface range"& InputBox("输入要批量配置的端口Ethernet& GigabitEthinterface range","trunk端口","GigabitEth 1/0/7 to GigabitEth 1/0/10") & chr(13)
crt.Screen.Send " "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
crt.Screen.Send "dhcp snooping trust"&chr(13)
crt.Screen.Send "dhcp-snooping trust" & chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send "quit"&chr(13)
Else
crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
If (crt.Screen.WaitForStrings("Version 5",3) <> False)Then
MsgBox("H3C设备,系统版本V5")
crt.Screen.Send " "& chr(13)
'基本配置
crt.Screen.Send "vlan 2 to 4094"& chr(13)
crt.Screen.Send " "& chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send " "& chr(13)&"sysname "& InputBox("1-64个字符,貌似支持中文","输入设备名称","123") & chr(13)
crt.Sleep 3000'等待ms
crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
crt.Screen.Send " "& chr(13)&"interface Vlan-interface"& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
crt.Screen.Send " "& chr(13)&"ip address "& InputBox("IP+掩码","输入管理地址","127.0.0.1 255.255.255.0") & chr(13)& "quit"& chr(13)
crt.Screen.Send " "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 127.0.0.1") & chr(13)& chr(13)
crt.Sleep 1000'等待ms
'开启snmp
crt.Screen.Send "snmp-agent"&chr(13)
crt.Screen.Send " snmp-agent community read AAAA"&chr(13)
crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
'远程acl
crt.Screen.Send "acl number AAAA"&chr(13)
crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
crt.Screen.Send "rule 100 deny"&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "telnet server acl AAAA"&chr(13)
'域
crt.Screen.Send "radius scheme cams"&chr(13)
crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
crt.Screen.Send "accounting-on enable"&chr(13)
crt.Screen.Send "key authentication cipher AAAA"&chr(13)
crt.Screen.Send "key accounting cipher AAAA"&chr(13)
crt.Screen.Send "retry stop-accounting 10"&chr(13)
crt.Screen.Send "radius scheme AAAA"&chr(13)
crt.Screen.Send "user-name-format without-domain"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "authentication default radius-scheme cams"&chr(13)
crt.Screen.Send "authorization default radius-scheme cams"&chr(13)
crt.Screen.Send "accounting default radius-scheme cams"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "domain default enable AAAA"&chr(13)
'登录
crt.Screen.Send "local-user AAAA"&chr(13)
crt.Screen.Send "password simple AAAA"&chr(13)
crt.Screen.Send "authorization-attribute user-role guest-manager level 3"&chr(13)
crt.Screen.Send "service-type ssh terminal "&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh user AAAA service-type stelnet authentication-type password"&chr(13)
crt.Screen.Send "user-interface aux 0"&chr(13)
crt.Screen.Send " "& chr(13)&"set authentication password simple "& InputBox("","输入console密码","AAAA") & chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "user-interface vty 0 15"&chr(13)
crt.Screen.Send "acl AAAA inbound"&chr(13)
crt.Screen.Send "protocol inbound all"&chr(13)
crt.Screen.Send "user privilege level 3 "&chr(13)
crt.Screen.Send "authentication-mode scheme "&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "public-key local create rsa"&chr(13)
crt.Screen.Send "y"&chr(13)&chr(13)
crt.Sleep 3000
crt.Screen.Send "public-key local create rsa"&chr(13)
crt.Screen.Send "public-key local create dsa"&chr(13)&chr(13)
crt.Sleep 3000
'MsgBox("下面进行access端口配置")
crt.Screen.Send " "& chr(13)&"interface range "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Ethernet 1/0/1 to Ethernet 1/0/8") & chr(13)
crt.Screen.Send " "& chr(13)&"port access vlan "& InputBox("access vlan","access 端口vlan","100") & chr(13)
crt.Screen.Send "quit"&chr(13)
'MsgBox("下面进行trunk端口配置")
crt.Screen.Send " "& chr(13)&"interface range"& InputBox("输入要批量配置的端口Ethernet& GigabitEthinterface range","trunk端口","GigabitEth 1/0/9 to GigabitEth 1/0/9") & chr(13)
crt.Screen.Send " "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
crt.Screen.Send "dhcp snooping trust"&chr(13)
crt.Screen.Send "dhcp-snooping trust" & chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send "quit"&chr(13)
Else
crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
If (crt.Screen.WaitForStrings("Version 3",3) <> False)Then
MsgBox("H3C设备,系统版本V3")
crt.Screen.Send " "& chr(13)&"sysname "& InputBox("H3C设备系统版本3,1-64个字符,不支持中文","输入设备名称","123") & chr(13)
crt.Screen.Send " "& chr(13)
'基本配置
crt.Screen.Send "vlan 2 to 4094"& chr(13)
crt.Sleep 3000
crt.Screen.Send " "& chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send " "& chr(13)&"sysname "& InputBox("1-64个字符,貌似支持中文","输入设备名称","123") & chr(13)
crt.Sleep 3000'等待ms
crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
crt.Screen.Send " "& chr(13)&"interface Vlan-interface"& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
crt.Screen.Send " "& chr(13)&"ip address "& InputBox("IP+掩码","输入管理地址","172.18.0.1 255.255.255.0") & chr(13)& "quit"& chr(13)
crt.Screen.Send " "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 172.18.0.254") & chr(13)& chr(13)
crt.Sleep 1000'等待ms
'开启snmp
crt.Screen.Send "snmp-agent"&chr(13)
crt.Screen.Send " snmp-agent community read AAAA"&chr(13)
crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
'远程acl
crt.Screen.Send "acl number AAAA"&chr(13)
crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
crt.Screen.Send "rule 100 deny"&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "telnet server acl AAAA"&chr(13)
'域
crt.Screen.Send "radius scheme cams"&chr(13)
crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
crt.Screen.Send "accounting-on enable"&chr(13)
crt.Screen.Send "key authenticationAAAA"&chr(13)
crt.Screen.Send "key accounting AAAA"&chr(13)
crt.Screen.Send "retry stop-accounting 10"&chr(13)
crt.Screen.Send "radius scheme AAAA"&chr(13)
crt.Screen.Send "user-name-format without-domain"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "authenticationradius-scheme cams"&chr(13)
crt.Screen.Send "authorizationhwtacacs-scheme cams"&chr(13)
crt.Screen.Send "accountingradius-scheme cams"&chr(13)
crt.Screen.Send "domain AAAA"&chr(13)
crt.Screen.Send "domain default enable AAAA"&chr(13)
'登录
crt.Screen.Send "local-user AAAA"&chr(13)
crt.Screen.Send "password simple AAAA"&chr(13)
crt.Screen.Send "level 3"&chr(13)
crt.Screen.Send "service-type ssh telnet terminal level 3"&chr(13)
crt.Screen.Send "service-type ssh telnet terminal "&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh server enable"&chr(13)
crt.Screen.Send "ssh user AAAA service-type stelnet "&chr(13)
crt.Screen.Send "user-interface aux 0"&chr(13)
crt.Screen.Send " "& chr(13)&"set authentication password simple "& InputBox("","输入console密码","AAAA") & chr(13)
crt.Screen.Send "user-interface vty 0 4"&chr(13)
crt.Screen.Send "acl AAAA inbound"&chr(13)
crt.Screen.Send "protocol inbound all"&chr(13)
crt.Screen.Send "user privilege level 3 "&chr(13)
crt.Screen.Send "authentication-mode scheme "&chr(13)
crt.Screen.Send "quit"&chr(13)
crt.Screen.Send "rsa local-key-pair create"&chr(13)&chr(13)
crt.Sleep 3000
crt.Screen.Send "ssh authentication-type default all"&chr(13)
'MsgBox("下面进行access端口配置")
crt.Screen.Send " "& chr(13)&"interface range "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Ethernet 1/0/1 to Ethernet 1/0/8") & chr(13)
crt.Screen.Send " "& chr(13)&"port access vlan "& InputBox("access vlan","access 端口vlan","100") & chr(13)
crt.Screen.Send "quit"&chr(13)
'MsgBox("下面进行trunk端口配置")
crt.Screen.Send " "& chr(13)&"interface range"& InputBox("输入要批量配置的端口Ethernet& GigabitEthinterface range","trunk端口","GigabitEth 1/0/9 to GigabitEth 1/0/9") & chr(13)
crt.Screen.Send " "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
crt.Screen.Send "dhcp snooping trust"&chr(13)
crt.Screen.Send "dhcp-snooping trust" & chr(13)
crt.Screen.WaitForString "]"
crt.Screen.Send "quit"&chr(13)
End If
End If
End If
Next
End Sub
----------------------------------------------------
土豪阅读通道
预览图
jffwoo 发表于 2023-3-20 14:13
可否指点一下
将交换机正在运行的配置上传至tftp中,按照交换机ip命名保存。你可以在添加一个日期。
python:
import paramiko
# SSH参数
hostname_list = ['1.1.1.1', '2.2.2.2‘]# 交换机的IP地址列表
port = 22# SSH端口号
username = 'XXXXXX'# SSH用户名
password = 'XXXXX'# SSH密码
# 要执行的命令,命令后缀包含交换机IP地址配置文件
# command = 'backup startup-configuration to 127.0.0.1 '+ hostname_list +'.cfg'
# 创建SSH客户端
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# 循环遍历交换机列表并连接
for hostname in hostname_list:
command = 'backup startup-configuration to 127.0.0.1 ' + hostname + '.cfg'
ssh.connect(hostname, port=port, username=username, password=password)
stdin, stdout, stderr = ssh.exec_command(command)
output = stdout.read().decode()
print(output)
ssh.close()
楼主也是搞网络的?
想和楼主探讨一下,有没有bash脚本自动登录网络设备,抓取配置,并保存配置的?我的意思是直接通过bash shell进行ssh登录,不通过crt等客户端 大佬太棒了我这正好有 H3C 谢谢,正好试一下 大佬太棒了 学习学习 jffwoo 发表于 2023-3-19 20:29
楼主也是搞网络的?
想和楼主探讨一下,有没有bash脚本自动登录网络设备,抓取配置,并保存配置的?我的意 ...
能操作,我用vb+crt做过 批量登陆然后执行一些操作+结果log的。python也能做。shell研究不深应该问题不大,抓取+保存 没几条命令。 148632579 发表于 2023-3-20 11:32
能操作,我用vb+crt做过 批量登陆然后执行一些操作+结果log的。python也能做。shell研究不深应该问题不大 ...
可否指点一下 jffwoo 发表于 2023-3-20 14:13
可否指点一下
最近也在研究这个,只做了一个批量备份配置的功能,可以参考一下,https://cloudspace.icu/?id=6 支持一下