ciscoconfparse

Introduction: What is ciscoconfparse?

Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your Cisco configurations:

What interfaces are shutdown?
Which interfaces are in trunk mode?
What address and subnet mask is assigned to each interface?
Which interfaces are missing a critical command?
Is this configuration missing a standard config line?

It can help you:

Audit existing router / switch / firewall / wlc configurations
Modify existing configurations
Build new configurations

Speaking generally, the library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.

Usage

The following code will parse a configuration stored in 'exampleswitch.conf' and select interfaces that are shutdown.

from ciscoconfparse import CiscoConfParse

parse = CiscoConfParse('exampleswitch.conf', syntax='ios')

for intf_obj in parse.find_objects_w_child('^interface', '^\s+shutdown'):
    print("Shutdown: " + intf_obj.text)

The next example will find the IP address assigned to interfaces.

from ciscoconfparse import CiscoConfParse

parse = CiscoConfParse('exampleswitch.conf', syntax='ios')

for intf_obj in parse.find_objects('^interface'):

    intf_name = intf_obj.re_match_typed('^interface\s+(\S.+?)$')

    # Search children of all interfaces for a regex match and return
    # the value matched in regex match group 1.  If there is no match,
    # return a default value: ''
    intf_ip_addr = intf_obj.re_match_iter_typed(
        r'ip\saddress\s(\d+\.\d+\.\d+\.\d+)\s', result_type=str,
        group=1, default='')
    print("{0}: {1}".format(intf_name, intf_ip_addr))

Are there private copies of CiscoConfParse()?

Yes. Cisco Systems maintains their own copy of CiscoConfParse(). The terms of the GPLv3 license allow this as long as they don't distribute their modified private copy in binary form. Also refer to this GPLv3 License primer / GPLv3 101. Officially, modified copies of CiscoConfParse source-code must also be licensed as GPLv3.

Dear Cisco Systems: please consider porting your improvements back into the github ciscoconfparse repo.

Is this a tool, or is it artwork?

That depends on who you ask. Many companies use CiscoConfParse as part of their network engineering toolbox; others regard it as a form of artwork.

What if we don't use Cisco IOS?

Don't let that stop you.

As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse can parse these configurations:

Juniper Networks Junos
Palo Alto Networks Firewall configurations
F5 Networks configurations

CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:

Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
Arista EOS
Brocade
HP Switches
Force 10 Switches
Dell PowerConnect Switches
Extreme Networks
Enterasys
Screenos

Docs

The latest copy of the docs are archived on the web
There is also a CiscoConfParse Tutorial

Pre-requisites

The ciscoconfparse python package requires Python versions 3.7+ (note: Python version 3.7.0 has a bug - ref Github issue #117, but version 3.7.1 works); the OS should not matter.

Installation and Downloads

Use poetry for Python3.x... :
```
python -m pip install ciscoconfparse
```

If you're interested in the source, you can always pull from the github repo:

Download from the github repo: :

  git clone git://github.com/mpenning/ciscoconfparse
  cd ciscoconfparse/
  python -m pip install .

Github Star History

Other Resources

Dive into Python3 is a good way to learn Python
Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
Cisco's Guide to hardening IOS devices
Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)

Bug Tracker and Support

Please report any suggestions, bug reports, or annoyances with a github bug report.
If you're having problems with general python issues, consider searching for a solution on Stack Overflow. If you can't find a solution for your problem or need more help, you can ask on Stack Overflow or reddit/r/Python.
If you're having problems with your Cisco devices, you can contact:

Unit-Tests and Development

The project's test workflow checks ciscoconfparse on Python versions 3.7 and higher, as well as a pypy JIT executable.

Caveats:

At this point, CiscoConfParse does NOT adhere to Semantic Versioning
Although we added commitizen as a dev dependency, we are NOT enforcing commit rules (such as Conventional Commits) yet.

Click the image below for details; the current build status is:

Editing the Package

git clone https://github.com/mpenning/ciscoconfparse
cd ciscoconfparse
git checkout -b develop
Add / modify / delete on the develop branch
make test
If tests run clean, git commit all the pending changes on the develop branch
If you plan to publish this as an official version rev, edit the version number in pyproject.toml. In the future, we want to integrate commitizen to manage versioning.
git checkout main
git merge develop
make test
git push origin main
make pypi

Sphinx Documentation

Building the ciscoconfparse documentation tarball comes down to this one wierd trick:

cd sphinx-doc/
pip install -r ./requirements.txt; # install Sphinx dependencies
pip install -r ../requirements.txt; # install ccp dependencies
make html

License and Copyright

ciscoconfparse is licensed GPLv3

The word "Cisco" is a registered trademark of Cisco Systems.

Author

ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [.dot.] net).

mpenning/ciscoconfparse

mpenning

Reviews

Repository Details