Introduction¶
Overview¶
ciscoconfparse is a Python library, which parses through Cisco IOS-style configurations. It can:
Audit existing router / switch / firewall / wlc configurations against a text configuration template
Retrieve portions of the configuration
Modify existing configurations
Build new configurations
The library examines an IOS-style config and breaks it into a set of linked
parent / child relationships; each configuration line is stored in a different
IOSCfgLine object.
Figure 1, An Example of Parent-line / Child-line relationships¶
Then you issue queries against these relationships using a familiar family syntax model. Queries can either be in the form of a simple string, or you can use regular expressions. The API provides powerful query tools, including the ability to find all parents that have or do not have children matching a certain template.
The package also provides a set of methods to query and manipulate the
IOSCfgLine objects themselves. This gives you a flexible
mechanism to build your own custom queries, because the
IOSCfgLine objects store all the parent / child
hierarchy in them.
What is ciscoconfparse good for?¶
After several network evolutions, you may have a tangled mess of conflicting or misconfigured network devices. Misconfigurations of proxy-arp, static routes, FHRP timers, routing protocols, duplicated subnets, cdp, console passwords, or aaa schemes have a measurable affect on up time and beg for a tool to audit them. However, manually scrubbing configurations is a long and error-prone process.
Audits aren’t the only use for ciscoconfparse. Let’s suppose you are working on a design and need a list of dot1q trunks on a switch with more than 400 interfaces. You can’t grep for them because you need the interface names of layer2 trunks; the interface name is stored on one line, and the trunk configuration is stored somewhere below the interface name. With ciscoconfparse, it’s really this easy…
>>> from ciscoconfparse import CiscoConfParse
>>> parse = CiscoConfParse('/tftpboot/largeConfig.conf')
>>> trunks = parse.find_parents_w_child("^interface", "switchport trunk")
>>> for intf in trunks:
... print(intf)
interface GigabitEthernet 1/7
interface GigabitEthernet 1/23
interface GigabitEthernet 1/24
interface GigabitEthernet 1/30
interface GigabitEthernet 3/2
interface GigabitEthernet 5/10
<and so on...>
So you may be saying, that all sounds great, but I have no idea what you did with that code up there. If so, don’t worry… There is a tutorial following this intro. For more depth, I highly recommend Dive into Python3.
We don’t have Ciscos¶
Don’t let that stop you. CiscoConfParse parses anything that has a Cisco IOS style of configuration, which includes:
Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
Arista EOS
Brocade
HP Switches
Force 10 Switches
Dell PowerConnect Switches
Extreme Networks
Enterasys
As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse understands these configurations too:
Juniper Networks Junos, and Screenos
Palo Alto Networks Firewall configurations
F5 Networks configurations
Terraform .tf files
Quotes¶
These are a few selected public mentions about CiscoConfParse; I usually try not to share private emails without asking, thus the quotes aren’t long at this time.
Have to audit > 100 catalyst sw configs for misconfiguration/non-standard configs. Perfect job for CiscoConfParse http://is.gd/d13z2 #python
— Jochen - l0b0 (@verbosemode) June 23, 2010
@fryguy_pa There is a Cisco config parsing library for python that does neat tricks for searching configs
— Bob McCouch (@BobMcCouch) January 25, 2013.@fryguy_pa Here it is: ciscoconf python library: http://t.co/oDCWRZer
— Bob McCouch (@BobMcCouch) January 25, 2013
What’s new in version 1.0.0¶
I wrote ciscoconfparse in 2007 as literally my first Python
project; through the years, my understanding of Python improved, and I also
found many missing features along the way. Some of these features, like
changing a configuration after it was parsed, required non-trivial changes to
the whole project.
Starting in version 0.9, I initiated a major rewrite; several important changes were made:
Python3.x compatibility; Python2.4 deprecation
Major improvement in config parsing speed
Much better unit-test coverage
Too many bug fixes to count
New feature -
ciscoconfparseinserts, deletes and appends config linesRearchitected the library, with an eye towards more future improvements
Revisions in scripting flow. All users are encouraged to use
IOSCfgLine()objects whenever possible. Typically, you’ll start by matching them withfind_objects(). Working directly withIOSCfgLine()objects makes your scripts less complicated and it also makes them faster than using legacyciscoconfparsesyntax.