Contents
ciscoconfparse is a Python library, which parses through Cisco IOS-style (and other vendor) configurations. It can:
- Audit existing router / switch / firewall / wlc configurations
- Retrieve portions of the configuration
- Modify existing configurations
- Build new configurations
The library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.
Don't let that stop you.
As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse understands these configurations:
- Juniper Networks Junos
- Palo Alto Networks Firewall configurations
- F5 Networks configurations
CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:
- Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
- Arista EOS
- Brocade
- HP Switches
- Force 10 Switches
- Dell PowerConnect Switches
- Extreme Networks
- Enterasys
- Screenos
- The latest copy of the docs are archived on the web
- There is also a CiscoConfParse Tutorial
ciscoconfparse requires Python versions 2.7 or 3.4+ (note: version 3.7.0 has a bug - ref Github issue #117, but version 3.7.1 works); the OS should not matter.
You can install into Python2.x with pip:
pip install --upgrade ciscoconfparse
Use pip3
for Python3.x...
pip3 install --upgrade ciscoconfparse
If you don't want to use pip, you can install with easy_install:
easy_install -U ciscoconfparse
Otherwise download it from PyPi, extract it and run the setup.py
script:
python setup.py install
If you're interested in the source, you can always pull from the github repo or bitbucket repo:
From github:
git clone git://github.com//mpenning/ciscoconfparse
- QUESTION: I want to use ciscoconfparse with Python3; is that safe? ANSWER: ANSWER: Yes.
- QUESTION: Some of the code in the documentation looks different than what I'm used to seeing. Did you change something? ANSWER: Yes, starting around ciscoconfparse v0.9.10 I introducted more methods directly on
IOSConfigLine()
objects; going forward, these methods are the preferred way to use ciscoconfparse. Please start using the new methods shown in the example, since they're faster, and you type much less code this way. - QUESTION: ciscoconfparse saved me a lot of time, I want to give money. Do you have a donation link? ANSWER: I love getting emails like this; helping people get their jobs done is why I wrote the module. However, I'm not accepting donations.
- QUESTION: Is there a way to use this module with perl? ANSWER: Yes, I do this myself. Install the python package as you normally would and import it into perl with
Inline.pm
andInline::Python
from CPAN. - QUESTION: When I use
find_children("interface GigabitEthernet3/2")
, I'm getting all interfaces beginning with 3/2, including 3/21, 3/22, 3/23 and 3/24. How can I limit my results? ANSWER: There are two ways... the simplest is to use the 'exactmatch' option...find_children("interface GigabitEthernet3/2", exactmatch=True)
. Another way is to utilize regex expansion that is native to many methods...find_children("interface GigabitEthernet3/2$")
- Dive into Python3 is a good way to learn Python
- Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
- Cisco's Guide to hardening IOS devices
- Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)
- Please report any suggestions, bug reports, or annoyances with ciscoconfparse through the github bug tracker.
- If you're having problems with general python issues, consider searching for a solution on Stack Overflow. If you can't find a solution for your problem or need more help, you can ask a question.
- If you're having problems with your Cisco devices, you can open a case with Cisco TAC; if you prefer crowd-sourcing, you can ask on the Stack Exchange Network Engineering site.
Travis CI project tests ciscoconfparse on Python versions 2.7 through 3.7, as well as a pypy JIT executable.
Click the image below for details; the current build status is:
ciscoconfparse is licensed GPLv3; Copyright David Michael Pennington, 2007-2019.
ciscoconfparse is not affiliated with Cisco Systems in any way; the word "Cisco" is a registered trademark of Cisco Systems
ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [/dot] net).
Special thanks:
- Thanks to David Muir Sharnoff for his suggestion about making a special case for IOS banners.
- Thanks to Alan Cownie for his API suggestions.
- Thanks to CrackerJackMack for reporting Github Issue #13
- Soli Deo Gloria