H3C、华三交换机CRT开局配置脚本

148632579 · 发表于 2023-3-14 15:14

本帖最后由 148632579 于 2023-3-14 15:16 编辑

一、介绍
  本脚本纯个人使用，因需要配置很多交换机，切版本不一。论坛中有一个-网络工程师脚本生成工具-感觉不符合个人使用场景，特有此脚本。

二、脚本
  脚本自动识别版本 v3 v5 v7。
  脚本中 AAAA 和127.0.0.1 的请自行替换。
  自行注视掉不需要的部分
  此脚本是配合CRT使用
  如有不足欢迎指正
三、免费正文:Dweeqw
------------------------------------------------

[Visual Basic] 纯文本查看 复制代码

#$language = "VBScript"
#$interface = "1.0"
'by lixiang
crt.Screen.Synchronous = True
Sub Main
        crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
        If (crt.Screen.WaitForString("Version 7",3) <> False)Then
            MsgBox("H3C设备，系统版本V7")
                crt.Screen.Send "       "& chr(13)
                '基本配置
                crt.Screen.Send "vlan 2 to 4094"& chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "    "& chr(13)&"sysname "& InputBox("1-64个字符，貌似支持中文","输入设备名称","123") & chr(13)
                crt.Sleep 3000'等待ms
                crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
                crt.Screen.Send "    "& chr(13)&"interface Vlan-interface  "& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
                crt.Screen.Send "    "& chr(13)&"ip address   "& InputBox("IP+掩码","输入管理地址","127.0.0.1 255.255.225.0") & chr(13)& "quit"& chr(13)
                crt.Screen.Send "    "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 127.0.0.254") & chr(13)& chr(13)
                crt.Sleep 1000'等待ms
                '开启snmp
                crt.Screen.Send "snmp-agent"&chr(13)
                crt.Screen.Send "snmp-agent community read AAAA"&chr(13)
                crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
                crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA v2c"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
                '远程acl
                crt.Screen.Send "acl number AAAA"&chr(13)
                crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
                crt.Screen.Send "rule 100 deny"&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "telnet server acl AAAA"&chr(13)
                '域
                crt.Screen.Send "radius scheme cams"&chr(13)
                crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
                crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
                crt.Screen.Send "accounting-on enable"&chr(13)
                crt.Screen.Send "key authentication cipher AAAA"&chr(13)
                crt.Screen.Send "key accounting cipher AAAA"&chr(13)
                crt.Screen.Send "retry stop-accounting 10"&chr(13)
                crt.Screen.Send "radius scheme AAAA"&chr(13)
                crt.Screen.Send "user-name-format without-domain"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "authentication default radius-scheme cams"&chr(13)
                crt.Screen.Send "authorization default radius-scheme cams"&chr(13)
                crt.Screen.Send "accounting default radius-scheme cams"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "domain default enable AAAA"&chr(13)
                '登录
                crt.Screen.Send "local-user AAAA"&chr(13)
                crt.Screen.Send "password simple AAAA"&chr(13)
                crt.Screen.Send "authorization-attribute user-role network-admin"&chr(13)
                crt.Screen.Send "service-type ssh terminal "&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh user AAAA service-type stelnet authentication-type password"&chr(13)
                crt.Screen.Send "user-interface aux 0"&chr(13)
                crt.Screen.Send "    "& chr(13)&"set authentication password simple    "& InputBox("","输入console密码","AAAA") & chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "user-interface vty 0 63"&chr(13)
                crt.Screen.Send "acl AAAA inbound"&chr(13)
                crt.Screen.Send "protocol inbound all"&chr(13)
                crt.Screen.Send "authentication-mode scheme"&chr(13)
                crt.Screen.Send "user-role network-admin"&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "public-key local create rsa"&chr(13)
                crt.Screen.Send "y"&chr(13)&chr(13)
                crt.Sleep 3000
                crt.Screen.Send "public-key local create rsa"&chr(13)
                crt.Screen.Send "public-key local create dsa"&chr(13)&chr(13)
                crt.Sleep 3000
                MsgBox("下面进行access端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range   "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Gigabi 1/0/1 to Gigabi 1/0/6") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port access vlan    "& InputBox("access vlan","access 端口vlan","2") & chr(13)
                crt.Screen.Send "stp edged-port enable"&chr(13)
                crt.Screen.Send "stp edged-port" & chr(13)
                crt.Screen.Send "quit"&chr(13)
                MsgBox("下面进行trunk端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range  "& InputBox("输入要批量配置的端口Ethernet& GigabitEth  interface range","trunk端口","GigabitEth 1/0/7 to GigabitEth 1/0/10") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
                crt.Screen.Send "dhcp snooping trust"&chr(13)
                crt.Screen.Send "dhcp-snooping trust" & chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "quit"&chr(13)
                
        Else
        crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
                If (crt.Screen.WaitForStrings("Version 5",3) <> False)Then 
                MsgBox("H3C设备，系统版本V5")
                crt.Screen.Send "       "& chr(13)
                '基本配置
                crt.Screen.Send "vlan 2 to 4094"& chr(13)
                crt.Screen.Send "     "& chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "    "& chr(13)&"sysname "& InputBox("1-64个字符，貌似支持中文","输入设备名称","123") & chr(13)
                crt.Sleep 3000'等待ms
                crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
                crt.Screen.Send "    "& chr(13)&"interface Vlan-interface  "& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
                crt.Screen.Send "    "& chr(13)&"ip address   "& InputBox("IP+掩码","输入管理地址","127.0.0.1 255.255.255.0") & chr(13)& "quit"& chr(13)
                crt.Screen.Send "    "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 127.0.0.1") & chr(13)& chr(13)
                crt.Sleep 1000'等待ms
                '开启snmp
                crt.Screen.Send "snmp-agent"&chr(13)
                crt.Screen.Send " snmp-agent community read AAAA"&chr(13)
                crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
                crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
                '远程acl
                crt.Screen.Send "acl number AAAA"&chr(13)
                crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
                crt.Screen.Send "rule 100 deny"&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "telnet server acl AAAA"&chr(13)
                '域
                crt.Screen.Send "radius scheme cams"&chr(13)
                crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
                crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
                crt.Screen.Send "accounting-on enable"&chr(13)
                crt.Screen.Send "key authentication cipher AAAA"&chr(13)
                crt.Screen.Send "key accounting cipher AAAA"&chr(13)
                crt.Screen.Send "retry stop-accounting 10"&chr(13)
                crt.Screen.Send "radius scheme AAAA"&chr(13)
                crt.Screen.Send "user-name-format without-domain"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "authentication default radius-scheme cams"&chr(13)
                crt.Screen.Send "authorization default radius-scheme cams"&chr(13)
                crt.Screen.Send "accounting default radius-scheme cams"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "domain default enable AAAA"&chr(13)
                '登录
                crt.Screen.Send "local-user AAAA"&chr(13)
                crt.Screen.Send "password simple AAAA"&chr(13)
                crt.Screen.Send "authorization-attribute user-role guest-manager level 3"&chr(13)
                crt.Screen.Send "service-type ssh terminal "&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh user AAAA service-type stelnet authentication-type password"&chr(13)
                crt.Screen.Send "user-interface aux 0"&chr(13)
                crt.Screen.Send "    "& chr(13)&"set authentication password simple    "& InputBox("","输入console密码","AAAA") & chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "user-interface vty 0 15"&chr(13)
                crt.Screen.Send "acl AAAA inbound"&chr(13)
                crt.Screen.Send "protocol inbound all"&chr(13)
                crt.Screen.Send "user privilege level 3 "&chr(13)
                crt.Screen.Send "authentication-mode scheme "&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "public-key local create rsa"&chr(13)
                crt.Screen.Send "y"&chr(13)&chr(13)
                crt.Sleep 3000
                crt.Screen.Send "public-key local create rsa"&chr(13)
                crt.Screen.Send "public-key local create dsa"&chr(13)&chr(13)
                crt.Sleep 3000
                'MsgBox("下面进行access端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range   "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Ethernet 1/0/1 to Ethernet 1/0/8") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port access vlan    "& InputBox("access vlan","access 端口vlan","100") & chr(13)
                crt.Screen.Send "quit"&chr(13)
                'MsgBox("下面进行trunk端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range  "& InputBox("输入要批量配置的端口Ethernet& GigabitEth  interface range","trunk端口","GigabitEth 1/0/9 to GigabitEth 1/0/9") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
                crt.Screen.Send "dhcp snooping trust"&chr(13)
                crt.Screen.Send "dhcp-snooping trust" & chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "quit"&chr(13)
                
        Else
        crt.Screen.Send "sys"&chr(13)& "dis version"&chr(13)
                If (crt.Screen.WaitForStrings("Version 3",3) <> False)Then 
                MsgBox("H3C设备，系统版本V3")
                crt.Screen.Send "    "& chr(13)&"sysname "& InputBox("H3C设备系统版本3，1-64个字符，不支持中文","输入设备名称","123") & chr(13)
                crt.Screen.Send "       "& chr(13)
                '基本配置
                crt.Screen.Send "vlan 2 to 4094"& chr(13)
                crt.Sleep 3000
                crt.Screen.Send "     "& chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "    "& chr(13)&"sysname "& InputBox("1-64个字符，貌似支持中文","输入设备名称","123") & chr(13)
                crt.Sleep 3000'等待ms
                crt.Screen.Send "undo interface Vlan-interface 1"& chr(13)
                crt.Screen.Send "    "& chr(13)&"interface Vlan-interface  "& InputBox("vlan 1-4094","输入管理vlan","4094") & chr(13)
                crt.Screen.Send "    "& chr(13)&"ip address   "& InputBox("IP+掩码","输入管理地址","172.18.0.1 255.255.255.0") & chr(13)& "quit"& chr(13)
                crt.Screen.Send "    "& chr(13)&" ip route-static "& InputBox("缺省路由","缺省路由","0.0.0.0 0.0.0.0 172.18.0.254") & chr(13)& chr(13)
                crt.Sleep 1000'等待ms
                '开启snmp
                crt.Screen.Send "snmp-agent"&chr(13)
                crt.Screen.Send " snmp-agent community read AAAA"&chr(13)
                crt.Screen.Send "snmp-agent community write AAAA"&chr(13)
                crt.Screen.Send "snmp-agent sys-info version all"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
                crt.Screen.Send "snmp-agent target-host trap address udp-domain 127.0.0.1 params securityname AAAA"&chr(13)
                '远程acl
                crt.Screen.Send "acl number AAAA"&chr(13)
                crt.Screen.Send "rule 0 permit source 127.0.0.1 0"&chr(13)
                crt.Screen.Send "rule 100 deny"&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "telnet server acl AAAA"&chr(13)
                '域
                crt.Screen.Send "radius scheme cams"&chr(13)
                crt.Screen.Send "primary authentication 127.0.0.1"&chr(13)
                crt.Screen.Send "primary accounting 127.0.0.1"&chr(13)
                crt.Screen.Send "accounting-on enable"&chr(13)
                crt.Screen.Send "key authentication  AAAA"&chr(13)
                crt.Screen.Send "key accounting AAAA"&chr(13)
                crt.Screen.Send "retry stop-accounting 10"&chr(13)
                crt.Screen.Send "radius scheme AAAA"&chr(13)
                crt.Screen.Send "user-name-format without-domain"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "authentication  radius-scheme cams"&chr(13)
                crt.Screen.Send "authorization  hwtacacs-scheme cams"&chr(13)
                crt.Screen.Send "accounting  radius-scheme cams"&chr(13)
                crt.Screen.Send "domain AAAA"&chr(13)
                crt.Screen.Send "domain default enable AAAA"&chr(13)
                '登录
                crt.Screen.Send "local-user AAAA"&chr(13)
                crt.Screen.Send "password simple AAAA"&chr(13)
                crt.Screen.Send "level 3"&chr(13)
                crt.Screen.Send "service-type ssh telnet terminal level 3"&chr(13)
                crt.Screen.Send "service-type ssh telnet terminal "&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh server enable"&chr(13)
                crt.Screen.Send "ssh user AAAA service-type stelnet "&chr(13)
                crt.Screen.Send "user-interface aux 0"&chr(13)
                crt.Screen.Send "    "& chr(13)&"set authentication password simple    "& InputBox("","输入console密码","AAAA") & chr(13)
                crt.Screen.Send "user-interface vty 0 4"&chr(13)
                crt.Screen.Send "acl AAAA inbound"&chr(13)
                crt.Screen.Send "protocol inbound all"&chr(13)
                crt.Screen.Send "user privilege level 3 "&chr(13)
                crt.Screen.Send "authentication-mode scheme "&chr(13)
                crt.Screen.Send "quit"&chr(13)
                crt.Screen.Send "rsa local-key-pair create"&chr(13)&chr(13)
                crt.Sleep 3000
                crt.Screen.Send "ssh authentication-type default all"&chr(13)
                'MsgBox("下面进行access端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range   "& InputBox("输入要批量配置的端口Ethernet& GigabitEth","access端口","Ethernet 1/0/1 to Ethernet 1/0/8") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port access vlan    "& InputBox("access vlan","access 端口vlan","100") & chr(13)
                crt.Screen.Send "quit"&chr(13)
                'MsgBox("下面进行trunk端口配置")
                crt.Screen.Send "    "& chr(13)&"interface range  "& InputBox("输入要批量配置的端口Ethernet& GigabitEth  interface range","trunk端口","GigabitEth 1/0/9 to GigabitEth 1/0/9") & chr(13)
                crt.Screen.Send "    "& chr(13)&"port link-type trunk"& chr(13) &InputBox("trunk端口","端口vlan","port trunk permit vlan all") & chr(13)
                crt.Screen.Send "dhcp snooping trust"&chr(13)
                crt.Screen.Send "dhcp-snooping trust" & chr(13)
                crt.Screen.WaitForString "]"
                crt.Screen.Send "quit"&chr(13)
        End If
        End If
        End If
Next
End Sub

----------------------------------------------------
土豪阅读通道

开局.zip (1.72 KB, 下载次数: 274)

预览图

148632579 · 发表于 2023-9-14 16:06

jffwoo 发表于 2023-3-20 14:13
可否指点一下

将交换机正在运行的配置上传至tftp中，按照交换机ip命名保存。你可以在添加一个日期。
python：
import paramiko

# SSH参数
hostname_list = ['1.1.1.1', '2.2.2.2‘]  # 交换机的IP地址列表
port = 22  # SSH端口号
username = 'XXXXXX'  # SSH用户名
password = 'XXXXX'  # SSH密码

# 要执行的命令，命令后缀包含交换机IP地址配置文件
# command = 'backup startup-configuration to 127.0.0.1 '+ hostname_list +'.cfg'

# 创建SSH客户端
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

# 循环遍历交换机列表并连接
for hostname in hostname_list:
command = 'backup startup-configuration to 127.0.0.1 ' + hostname + '.cfg'
ssh.connect(hostname, port=port, username=username, password=password)
stdin, stdout, stderr = ssh.exec_command(command)
output = stdout.read().decode()
print(output)
ssh.close()

jffwoo · 发表于 2023-3-19 20:29

楼主也是搞网络的？
想和楼主探讨一下，有没有bash脚本自动登录网络设备，抓取配置，并保存配置的？我的意思是直接通过bash shell进行ssh登录，不通过crt等客户端

hahanihao123 · 发表于 2023-3-16 11:32

大佬太棒了我这正好有 H3C

taoni2133 · 发表于 2023-3-16 13:03

谢谢，正好试一下

fellow8 · 发表于 2023-3-17 09:36

大佬太棒了

camel1201 · 发表于 2023-3-18 23:42

学习学习

148632579 · 发表于 2023-3-20 11:32

jffwoo 发表于 2023-3-19 20:29
楼主也是搞网络的？
想和楼主探讨一下，有没有bash脚本自动登录网络设备，抓取配置，并保存配置的？我的意 ...

能操作,我用vb+crt做过批量登陆然后执行一些操作+结果log的。python也能做。shell研究不深应该问题不大，抓取+保存没几条命令。

jffwoo · 发表于 2023-3-20 14:13

148632579 发表于 2023-3-20 11:32
能操作,我用vb+crt做过批量登陆然后执行一些操作+结果log的。python也能做。shell研究不深应该问题不大 ...

可否指点一下

winty · 发表于 2023-3-20 15:16

jffwoo 发表于 2023-3-20 14:13
可否指点一下

最近也在研究这个，只做了一个批量备份配置的功能，可以参考一下，https://cloudspace.icu/?id=6

sidixia · 发表于 2023-4-5 01:25

支持一下

帐号		自动登录	找回密码
密码			注册[Register]

[其他原创] H3C、华三交换机CRT开局配置脚本

个人中心