Wednesday, January 19, 2011

Issuing commands over web interface to Cisco switch

I am attempting to script a system for automatically deploying new Cisco switches (Cisco 3012 switches for an IBM BladeCenter, to be specific).

I need to get telnet access into the new switches, however by default there is no password set:

victor:~ # telnet 10.10.10.2
Trying 10.10.10.2...
Connected to 10.10.10.2.
Escape character is '^]'.


Password required, but none set
Connection closed by foreign host.

I need to issue commands over the web interface to modify the default configuration. How do I do so?

(no, I can't use CNA)

From serverfault MikeyB

  • You have to use console cable. I am not sure about web-interface, but telnet won't let you to enter switch, if you haven't specified enable password. So WUI probably works the same, because it uses enable password for authentification.

    Justin : it's been a while since I tested this, but I'm pretty certain the error above is what you get when the 'line vty' password is not set, and has nothing to do with the enable password
    MikeyB : The web interface allows you to set the vty and enable passwords in a default configuration (at least on this switch).
    From TiFFolk

  • It should be fairly simple to capture the request details that set the password, however that might not help if Cisco have tried to be "smart" about things (which they probably have).

    Having a small static text file that sets the password when pasted into a console session is probably your best option.

    MikeyB : That is what I'm currently working on, though I was hoping that someone already had the necessary magic worked out. :)
    From LapTop006

  • Can you log into the web interface with the enable password? if so, you can fix this..

    if you click 'monitor' and then 'configure' and then 'line' and then 'vty' and then enter 0 and then click 'password' you should arrive at a link that looks like this:

    http://a.b.c.d/level/15/line/1/1/-/password

    that form should set the password, at which point telnet will work.

    edit: oh, and while this will work, unless there is something preventing you from using the console port, you should really use that.

    MikeyB : Using the console port would be fine for the first 10 or switches, but would get VERY tedious by the time I got to switch number 75...
    Justin : it is trivial to automate a configuration session over the serial port, if that is what you mean by tedious.
    From Justin

  • To set the line password and enable secret over http:

    http://SWITCH/level/15/line/0/15/-/password/0/PASSW0RD/CR
http://SWITCH/level/15/configure/-/enable/secret/0/yummyfood/CR

    With the enable secret set, you now need to enter the secret as a password to use the web interface.

    Via HTTP, you can execute arbitrary commands in either exec mode or configure mode via:

    http://SWITCH/level/15/exec/-/copy/run/start/CR
http://SWITCH/level/15/configure/-/no/enable/secret/CR

    To get assistance executing commands in the web interface, access:

    http://SWITCH/level/15/exec/-

    This will lead you down the path of finding out how to do various other things. For example, to configure an interface you need to do:

    http://SWITCH/level/15/interface/GigabitEthernet0\/1/-/shutdown

    (many thanks to @Justin who led me down the right path)

    From MikeyB
Posted by Mu Cat at 6:16 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)