This morning I needed to upgrade the IOS on 29 Cisco 3560G switches. Rather than login to each one, clean up the flash storage, FTP on the IOS image and set the boot image, I wrote a simple shell script and used clogin from RANCID to automate this task. Of course, nearly every Network Configuration Management platform that’s any good should be able to do this but I prefer the personal touch.

The commands required on the switch were as follows:

conf t
 file prompt quiet
 exit
delete /force /recursive flash:/c3560*
copy ftp://user:pass@192.168.141.20/c3560-ipservicesk9-mz.122-55.SE9.bin flash:/c3560-ipservicesk9-mz.122-55.SE9.bin
 conf t
 no file prompt
 boot system flash:/c3560-ipservicesk9-mz.122-55.SE9.bin
exit
write mem
exit

First I tell IOS to not prompt on file operations. This makes automation easier as there’s no need to deal with questions. Then I clean up the flash storage on the switch by removing any old IOS images. The IOS image is copied from an FTP server to the flash storage. The file prompt is put back to defaults and the boot system variable is set to the new IOS image. Finally the configuration is committed to NVRAM because at some point the switch will need to be reloaded.

The shell script will read in a list of IP addresses to connect to and then using clogin it’ll login to each switch and execute the commands above.

The script I wrote is as follows:

#!/bin/sh
#

# Loop until file is empty (i.e. all upgrades completed).
while [ -s "ips.txt" ];
do
        # Get IP of switch from upgrade file.
        switch=`head -1 ips.txt`

        echo "--> Upgrading: $switch"
        clogin -f clogin.txt -x commands.txt $switch

        # Add IP of the upgraded switch to the processed file.
        echo $switch >> processed.txt
        # Remove switch IP from the upgrade file.
        sed '1d' ips.txt > ips.tmp
        mv ips.tmp ips.txt


        # Check that we want to continue.
        continue="n"
        echo
        read -p "--> Continue? " continue
        if [ "$continue" != "y" ];
        then
                echo
                echo "--> Exiting."
                exit 1
        fi
done

echo
echo "--> Completed."
exit 0

A file called ips.txt has the list of IP addresses for the switches (one IP address per line). The commands listed above go in to a file called commands.txt. And lastly there’s a file called clogin.txt that contains the login details that clogin needs. This would look like:

add noenable * {1}
add method * {ssh} {telnet}
add user * {username}
add password * {passw0rd123}
add timeout * {500}

This tells clogin that there’s no need to enter enable and to first try SSH and followed by telnet.

When the script is run it will grab the first IP address in ips.txt, execute clogin to login to the switch and then execute each command in commands.txt. When clogin exits, the IP address in ips.txt will be removed and placed in to a file called processed.txt. The script then prompts if it should continue to the next IP address, allowing you to review what happened to make sure the IOS image copied on OK.

This allowed me to upgrade 29 switches, whilst watching some morning TV and sipping a coffee with my feet up. All that’s required now is a reload of each switch.

5 comments

  1. Hi.
    shoud i need to configure all the devices as new than ? or configuration will not be touched ? and if all configuration wiioll be erased what is the option to set back old configuration ?
    thx

  2. Nice but I have a Problem I do not have Rancid installed, is there a way to get around using the clogin script?? I have modified the commands script to add config snippets that need to be rolled to a couple hundred Cisco switches.

  3. I would like to know if there is any way that you could modify your script to work via FTP? I have over 180 switches that I need to upgrade across our campus, we use Solarwinds but TFTP is just too slow and the SCP function I cannot get to work correctly, I have found your script and would like to know if there is some way that I could modify it to use FTP instead, let me know if you have some time to explain how I may go about performing this function. Thanks for your time in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.