patlegu/ciscoconfparse

Parse, Audit, Query, Build, and Modify Cisco IOS-style configurations.

ciscoconfparse

Introduction: What is ciscoconfparse?

Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your configurations:

• What interfaces are shutdown?
• Which interfaces are in trunk mode?
• What address and subnet mask is assigned to each interface?
• Which interfaces are missing a critical command?
• Is this configuration missing a standard config line?

It can help you:

• Audit existing router / switch / firewall / wlc configurations
• Modify existing configurations
• Build new configurations

Speaking generally, the library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.

Usage

The following code will parse a configuration stored in 'exampleswitch.conf' and select interfaces that are shutdown.

from ciscoconfparse import CiscoConfParse

parse = CiscoConfParse('exampleswitch.conf', syntax='ios')

for intf_obj in parse.find_objects_w_child('^interface', '^\s+shutdown'):
    print("Shutdown: " + intf_obj.text)

The next example will find the IP address assigned to interfaces.

from ciscoconfparse import CiscoConfParse

parse = CiscoConfParse('exampleswitch.conf', syntax='ios')

for intf_obj in parse.find_objects('^interface'):

    intf_name = intf_obj.re_match_typed('^interface\s+(\S.+?)$')

    # Search children of all interfaces for a regex match and return
    # the value matched in regex match group 1.  If there is no match,
    # return a default value: ''
    intf_ip_addr = intf_obj.re_match_iter_typed(
        r'ip\saddress\s(\d+\.\d+\.\d+\.\d+)\s', result_type=str,
        group=1, default='')
    print("{0}: {1}".format(intf_name, intf_ip_addr))

What if we don't use Cisco?

Don't let that stop you.

As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse can parse these configurations:

• Juniper Networks Junos
• Palo Alto Networks Firewall configurations
• F5 Networks configurations

CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:

• Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
• Arista EOS
• Brocade
• HP Switches
• Force 10 Switches
• Dell PowerConnect Switches
• Extreme Networks
• Enterasys
• Screenos

Docs

• The latest copy of the docs are archived on the web
• There is also a CiscoConfParse Tutorial

Editing the Package

• git clone https://github.com/mpenning/ciscoconfparse
• cd ciscoconfparse
• git checkout -b develop
• Add / modify / delete on the develop branch
• make test
• If tests run clean, git commit all the pending changes on the develop branch
• (as required) Edit the version number in pyproject.toml
• git checkout main
• git merge develop
• make test
• make repo-push
• make pypi

Pre-requisites

The ciscoconfparse python package requires Python versions 3.6+ (note: Python version 3.7.0 has a bug - ref Github issue #117, but version 3.7.1 works); the OS should not matter.

Installation and Downloads

• Use poetry for Python3.x... :

  python -m pip install ciscoconfparse
  

If you're interested in the source, you can always pull from the github repo:

• Download from the github repo: :

    git clone git://github.com/mpenning/ciscoconfparse
    cd ciscoconfparse/
    python -m pip install .
  

Other Resources

• Dive into Python3 is a good way to learn Python
• Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
• Cisco's Guide to hardening IOS devices
• Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)

Bug Tracker and Support

• Please report any suggestions, bug reports, or annoyances with a github bug report.
• If you're having problems with general python issues, consider searching for a solution on Stack Overflow. If you can't find a solution for your problem or need more help, you can ask on Stack Overflow or reddit/r/Python.
• If you're having problems with your Cisco devices, you can contact:
  • Cisco TAC
  • reddit/r/Cisco
  • reddit/r/networking
  • NetworkEngineering.se

Unit-Tests

The project's test workflow checks ciscoconfparse on Python versions 3.6 and higher, as well as a pypy JIT executable.

Click the image below for details; the current build status is:

License and Copyright

ciscoconfparse is licensed GPLv3

• Copyright (C) 2021-2022 David Michael Pennington
• Copyright (C) 2020-2021 David Michael Pennington at Cisco Systems (post-acquisition: Cisco acquired ThousandEyes)
• Copyright (C) 2019 David Michael Pennington at ThousandEyes
• Copyright (C) 2012-2019 David Michael Pennington at Samsung Data Services
• Copyright (C) 2011-2012 David Michael Pennington at Dell Computer Corp
• Copyright (C) 2007-2011 David Michael Pennington

The word "Cisco" is a registered trademark of Cisco Systems.

Author

ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [.dot.] net).