Script to ssh into router/switch to shut port

Similar Messages

• Applescript to ssh into router and reboot

  I'm trying to write an applescript that will ssh into my router and reboot the router.  I would like this so that my wife can simply execute an automator file and it will restart the router without her having to unplug the router.  I've got the following but it's not logging into the router. Can anyone offer suggestions one what I'm doing wrong.  Thanks.

  Is this an 'expect' script?
  Or are you trying to send these commands to the router to be executed?
  If sending to the router you could put them in a file and then have ssh read the file contents and send it to the router
  ssh -options [email protected] <file.with.cmds.to.be.executed.on.router
  If this is an expect script, have you run this from a regular terminal session?
  If you are into blind faith, you could just send the commands you expect to work and not bother looking at what is returned
  ( sleep 2
    echo 12345
    sleep 4
    echo reboot
    sleep 10
    send exit
  ) | ssh [email protected]
  The sleep times are assumes to give the router more than enough time to return the expected prompt.  Adjust accordingly.
  This is "Rude and Crude", but would it work?

• Unable to ssh into 2960 switch

  Having trouble being able to SSH into one of our switches.
  It looks like everything is configured correctly and matches a config of one of the other switches that I can connect into via SSH.
  I can connect into the config of sw7.txt,(10.15.0.7) but not into sw6.txt(10.15.0.6)
  What am I missing?

  Hello,
  Can you ping sw7? 
  Could you also please post your topology?
  Thanks

• Why assign IP addresses to router/switch interfaces?

  I get why I would ever want to assign a IP address to a router or switch, for remote login and IP for hosts to reach it. But why assign IP addresses to the interfaces? Is it so the router/switch knows which port to send the packet out? Route summation? But I thought they do that through the routing table, like " that address is out this port".
  So why would we ever need to assign IP addresses to specific port interfaces?

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  You normally assign IP addresses to L3 interfaces so other L3 devices have an IP address to forward traffic to.  (L2 IP address are generally only used for management.)
  Suppose you had Host (192.168.1.5/24) <> R1 <> R2 <> (192.168.2.8/24) Host, and you want the two hosts to intercommunicate.  How would you get this to work?
  You might started by providing interface IPs on the router interfaces facing the host, such as:
  Host (192.168.1.5/24) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24) Host
  You then configure "gateway" IPs on both hosts:
  Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
  Now each hosts "knows" to send all its off local subnet, traffic physically to the GW IP.  So, for example, if 192.168.1.5 want to sent to 192.168.2.8, it would forward the traffic to the GW IP, 192.168.1.1.  This is a example of why you want an IP on the router's L3 interface.
  Next we want R1 to forward the packet to R2, but it too needs a "next hop" IP address, so we assign addresses on the link between the two router, e.g.:
  Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 (192.168.3.1/24) <> (192.168.3.2/24) R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
  R1 then needs to "know" where to send packets with an destination IP network of 192.168.2.0/24, in this case, it need to "know" to send the to IP 192.168.3.2.  When it does, R2, having and interface with 192.168.2.1, will also know 192.168.2.8 can be reached by sending the packet out that interface.
  Hopefully, the above will show why IP addresses on router L3 interfaces are needed.
  BTW, normally for the R1<>R2 link, you would assign a /30 or /31 network or you might use "unnumbered" interfaces (which "borrow" IPs from another interface).

• FVRF - cannot SSH into the router

  Hello,
  Does anybody know why after configuring a router for FVRF and IVRF I can no longer SSH into the box? As soon as the outside interface is placed in the FVRF I loose the remote connection and when try to reconnect the router refuses the SSH connection, what am I missing?
  Thanks and best regards.
  Remi

  Hello.
  Not clear what is your issue, but default behavior for ISR G1/G2 is to remove IP-address from the interface whenever you move it between VRFs.
  To move interface between VRFs you either need second management interface or EMM script.

• SSH into 10.6.8 MacMini

  Been a few years since I last did this so I'm rusty. Any tips will be appreciated. The lowdown:
  I want to open my MacMini 10.6.8 via wi-fi to my home router, so I can access it from work. In System Preferences>Sharing I have enabled Remote Login (for all users).
  I've also forwarded port 22 from the router to the MacMini and can confirm that it's open (using http://portchecker.co/), only when Firewall is OFF in System Preferences. As soon as I switch Firewall to ON, the port is closed.
  What am I forgetting?
  This is difficult to troubleshoot while sitting at the MacMini at home for the added reason that my MacBook Pro uses the same router as the MacMini. Is there a way, by the way, that I can 'spoof' my MacBook Pro to behave as if it doesn't belong to the same wLAN when trying to connect to the MacMini?
  Thanks, people.

  1st if your Mac mini is going to be sitting behind your router all the time, you do not need to firewall, as the router is going to block all unsolicited connections, except port 22, which you explicitly opened, and you want your Mac mini to see as well.
  If you insist on the firewall, then you need to use the System Preferences -> Security -> Firewall -> Options to specify that port 22 is allowed.
  As for accessing your Mac mini via the outside world, but while still sitting at home, you should be able to just specify the router's IP address
  ssh 11.22.33.44 (which is whatever your router's IP address is as reported by a service such as whatismyip.com or just googling "My IP Address".
  NOTE:  You may want to consider opening a different higher numbered port and have the router switch that to your Mac mini's port 22.  Most routers allow this outside to inside port number switching.  For example, open port 43922 to port 22 via the router, then access your Mac mini by specifying
  ssh -p 43922 11.22.33.44
  As long as the high numbered port is legal, there is very little chance of it interfering with anything.
  The high numbered port to port 22 trick also allows you to have more than one port opened going to different Macs at home.  I have about 5 such ports open on my router so I can ssh into different Macs at home while I'm away from the house.
  The other advantage is that port 22 is well known, and an easy target for attempts to break into a system.  Using a high numbered port reduces the number of probes to your Mac trying to break in.  While it is not security, it is an annoyance reduction factor.

• Fail to sftp to Router/Switch for remote IOS/config upgrade

  I have ssh2 enabled on a cisco3750 & 7204 running IOS 12.2 & 12.4 respectively both with "ip scp server enable" configured, the idea being to sftp configs & IOS down to them. I can open a V2 ssh session to each device no problem. When I attempt to use an sftp client (Putty/SecureFX) to do the file transfer the router/switch appears to authenticate OK but then the session is disconnected. I have logging & ssh/scp debug enabled on each cisco box and attempt to open the sftp connection. In each case the authentication (using same credentials as for SSH2 session) is successful but then the connection just closes. Can anyone help?

  They don't make it real clear, but what you actually do is source from the router/switch. From the router/switch, you connect to a server that supports SCP and pull the IOS down or push the config to the server. You use the normal copy commands, but specify scp instead of tftp or ftp.
  Hope that helps.

• How to use a Westell 7500 as a router-switch ?

  I have an extra Verizon Westell 7500 DSL modem router (A90-750015-07). How do I turn it into a router-switch that will take an ethernet (not DSL) network feed (with internet access) and distribute it among a few devices and put those devices into some kind of sub-network so they see each other? I'm not using technical terms here - please teach me.
  My wife is going to rent a small temporary office that provides internet access via a socket in the wall. Let's assume it's a typical RJ-45 ethernet socket. The internet speed might actually be pretty good - maybe 30Mbs down and very fast up. The total internet capacity is shared with other temporary offices in the facility, but let's assume we'll have enough for our needs.
  If the only thing I bring is a single computer, I could use a J-45 ethernet cable to plug its network card directly into this socket and be done. But I'll be bringing at least two computers and a small printer/scanner. Both computers will need to share the internet access, and both computers and the printer/scanner will need to "see" each other. (Just like at home.)
  So, if I plug the extra Westell 7500 into the network wall socket and then my PCs and printer into the Westell, I should get what I need here, yes? How do I do this exactly, step-by-step?
  I have experimented at home and have maybe 10% success. At home, I don't have an ethernet socket in the wall, but I do have my current (not Westell) modem-router, and it has an unused LAN socket, which I am pretending is the office's ethernet socket. I connected a test computer to the Westell 7500 and logged onto the Westell 7500's embedded server (192.168.1.1), changed its VersaPort from "LAN ethernet port" to "WAN uplink port", connected the newer modem-router's unused LAN socket to the Westell 7500's E1/Uplink socket with a J45 cable, went to the Westell 7500's "Advanced" page and ran "Detect WAN Configuration". That changed the Westell 7500's "WAN uplink port Settings Protocal" from PPPoE to Routed IP. The Westell 7500 now also says its "Broadband Connection Type" is "Routed Bridge".
  The test computer connected to the Westell 7500 shows it is connected to the Westell 7500, but it cannot connect all the way through to the internet. At the start, the newer modem-router shows the Westell is connected to it, and the newer modem-router has given the Westell a DHCP address of 192.168.1.5. But after a few minutes, the newer modem-router doesn't show the Westell any more. If I re-run Detect WAN Configuration on the Westell 7500, it says "Automatic Protocol Detecion is in progress" but then "DHCP server was found ... PPPoE server not found", and then the newer modem-router shows the Westell 7500 again as 192.168.1.5. But the test computer does not have internet access.
  What exactly should I do with the additional settings in the Westell 7500 to make this work?
  If there's a great web site to explain this to me, please point me there.
  Thanks.

  The answer is at
  http://www.tomshardware.com/answers/id-1856344/convert-westell-7500-router-switch.html#11803251
  and the links in that post.

• Send the Configuration via TFTP server to New Router/Switch

  Dears,
  I need to apply a policy that for any new router or switch installation, specific configuration will be sent to these devices through one centralized TFTP server which comply with our configuration and rules, this is to avoid any miss configuration from the team and control the junior network Engineer to add any wrong configuration that can effect the network, is this possible? And how?

  Dears,
  I
  need to apply a policy that for any new router or switch installation,
  specific configuration will be sent to these devices through one
  centralized TFTP server which comply with our configuration and rules,
  this is to avoid any miss configuration from the team and control the
  junior network Engineer to add any wrong configuration that can effect
  the network, is this possible? And how?
  Hi,
  I dont think is there any mechanism but yes to secure you can configure on router that tftp source interface for tftp server cofniguration upload and download into router or on server.
  Hope to Help !!
  Ganesh.H

• Remote photoshop scripting over SSH

  I'm trying to get AppleScript scripts to execute on a remote rendering server over SSH (using the osascript command line utility). However, whenever I try to do most anything, I get various Photoshop and/or AppleScript errors that I never get when trying to run the exact same scripts locally. Ultimately, I'm trying to execute a JavaScript file passing JSON arguments from Applescript, called over SSH. Please forgive the verbosity introduced by the simple initial example.
  Server: OS X 10.8.5
  Photoshop: CC 2014
  I see the same type of errors whether I SSH into a server and do the following manually in a shell after logging in, or feed a command to SSH to execute directly (e.g., ssh user@host 'osascript /path/to/script.scpt'). Starting from a basic example, I tried running the following AppleScript snippet. I tried entering it into osascript by hand via stdin, as well as writing it out to a file and calling it remotely. Both resulted in no new file being created, but a success message.
  tell application "Adobe Photoshop CC 2014"
       make new document
  end tell
  No matter how I try to run this remotely, I get the response "document Untitled" from osascript, and Photoshop pops up an error dialog: "Could not complete your request because of a program error."
  More specific to what I'm trying to do, I've got the following code:
  tell application "Adobe Photoshop CC 2014"
       with timeout of 30 seconds
            do javascript("/path/to/local/file.js") with arguments ({"{\"json\": \"document\", ...}"})
       end timeout
  end tell
  When I try to run this locally, I never have a problem. But when I run it over ssh (again, either from the command line or by passing the command directly to ssh), I always get the following:
  script error: Expected end of line but found identifier. (-2741)
  In addition to osascript stopping with that error, Photoshop also pops up the same error dialog: "Could not complete your request because of a program error."
  Anyone have any suggestions or thoughts with regard to how I can get all this working?
  Thanks,
  Brian

  I was able to work around this constraint using a daemon on the local host. However, it would be nice if I could do away with this bit of server code....
  Thanks,
  Brian

• Scripted backup of ESW series switches

  We recently purchased some of the ESW-540 Cisco switches for some lower end access ports.  I'd like to script the configuration backup using Kiwicat if possible, but haven't figured out how to either get into the cli, or config kiwicat to backup via webui.
  With the SRW Linksys line you could hit ctrl-z and type lcli to get into the cli interface.
  Anyone have any ideas?
  Thanks..

  Nothing to do with the UC - primary concern is standalone networks.
  Real life case:
  2 ESW switches in control room hooked up to SA540
  Closet switches are SRW2008's
  Port no more than two devices are supposed to go now has 4, add an SRW2008 to the desk location.
  Now, it turns out that there is a badly behaved device at the desk - a video player that spews all sorts of traffic when it's playing that doesn't play nice with others.  So I now need to set-up a VLAN crossing those two switches. Oh, and it turns out the customer decided to unplug an access point and plug it into that switch too which ended up causing a loop when the PC plugged into ethernet someplace else attached to the PC.
  Tasks:
  Ensure that the 2 SRW2008's have proper vlan assignments to setup a port vlan for that video server.
  Issues:
  Make sure you assign proper configs to both ends of each link
  Make sure not to confuse one SRW2008 with another
  If new vlan, make sure all other ports that need to see it can still see it.
  Applications for CCA:
  Visualize all VLANS
  Document port assignments (i.e. where is the video server vs. printer on that last leg 2008)
  More easily see port statistics across multiple switches
  So after I did that work, I realized that the SA540 wasn't really up to being an aggregation switch too and made the ESW-540-48 into the aggregation switch which required some more changes - however CCA made it easy...
  At another job, I have SA540 + AP541ns (upgraded from RVL200 + WAP54GP's) but if I had 300 series in CCA, I'd upgrade the SRW2024's and SRW2008's but without easy management tools, the labor cost will be too high to make their networks really managed.....CCA makes that layer of management cheaper.

• Router/Switcher for G4/XP netwoork

  Pardon my ignorance but I need to connect my G4 iMac with an XP box in a room directly below. I previously had a small D-Link router that burned up but I could only share internet, no files desoite file sharing being turned on. Is there a recomendation? Should I get a router/switcher, just a switch or an ethernet hub?
  Appreciate the advice. Thanks!
  D
  G4   Mac OS X (10.4.3)  

  Hi Dennis:
  A switch or hub will allow you to share files between each other on a LAN. A Router will allow you to connect your LAN to a WAN (Generally, an ISP such as cable or DSL).
  If you are connecting your machines to the internet, I would recommend a Router. It offers NAT routing which is one of your best firewalls that can be used from the internet.
  Any router can be used as a switch as well.
  Bottom line, I'd recommend going for a wireless router, that way it will offer you the option of "Growing" into your new network device. They are generally inexpensive and can find one for around $60 or so. (The Linksys WRT54G works well)

• Looking for router/switch combo equivalent to RV325

  Hello:
  I will be working with the RV325 router frequently.
  I am hoping to setup a router/switch combo similar to RV325 at home to practice.
  However, I do not want to spend $400+ just for that purpose.
  I knew that RV320 has a similar GUI of RV325.
  Question:
  Is there any other router/switch combo that shares similar GUI and function of RV325 but even cheaper than RV320?
  Thank you.  

  The snmp-server ifindex persist command only applies to ifIndex values as you have seen.  The indices of the cikePeerTable should be well-defined, but the internal index may change on a tunnel flap.  The MIB documentation doesn't say that it would, but it is certainly possible.  The index structure would look like:
  1."10.1.1.1".1."10.1.1.2".1006
  Where 1 is the local type, "10.1.1.1" is the local end IP address, 1 is the remote type, "10.1.1.2" is the remote end IP address, and 1006 is the internal peer index.
  The cikeTunnelTable on the other hand uses a unique monotonically increasing index each time a tunnel is created (cikeTunIndex).  You would need to walk the table and pull out the specific tunnel attributes to know if this was the tunnel you want to monitor.
  The short answer is that you may need to script the collection of the table rows to dynamically regenerate your NMS configuration to continually monitor the interesting tunnels.

• I have a timecapsule, plugged into router and followed instructions. Firtly, it always flashes amber, secondly when accessing on imac it is asking for a password when i go to prefernces. nothing works and very disappointed how much time wasting in settin

  I recently purchased the 2TB time capsule. expecting it to work like all of my other apple products. No chance. I have plugged into router and switched on. amber light just flashes away....
  Opening Airport utility and it does see the time capsule, again with a flashing amber light next to it and a number 2 to the right, in red. when i click on it it asks for a password!!! no idea what password it is asking for, tried the network key, tried admin password, tried trusted etc.....
  What is going wrong as online help and instructions do not provide any guidance.
  thx

  I recommend you do a fully isolated setup. Especially if you are using wireless.
  Plug the TC into the computer by ethernet. Make sure it is LAN port marked <->.
  Open the utility. It should not need a password now to access.. if it does, do a full factory reset.
  This is done by holding in reset.. then power on the TC and wait for about 10 sec.. never releasing the reset.. front LED flashes rapidly.. then release the reset.. and wait for the TC to reboot.
  In the airport utility select bridge mode under networking.
  Go to the wireless page and setup wireless as you prefer.
  Update the TC.. disconnect from the computer and plug it back by ethernet into the router.

• Regarding CCNA Routing & Switching certification.

  Hi,
  Benefits of CCNA Routing & Switching Certifications ?
  What are the companies that will look for the certifiied candidates ?
  How will this certification enhance my career and as well as pay ?
  Can i consider this certfication just like our university certificates ?
  What type of recognization we will have with the help of this certification?
  Please input all of your views. I'm just in a confused state and getting all of these quesiton in my mind.
  Regards,
  Chandu

  I can throw my two cents in as well
  I believe when certifications were first introduced, it was a way for employers to "know" they are interviewing with someone who has experience in the field that their certification was in. In the early 90s, I remember seeing so many people drop out of school because bootcamps promised them they would make more money in six weeks of training than they would with a four year degree. Then employers started to ask for four-year degrees along with certifications. And finally, four-year degrees, certifications, and experience. I believe this is partly to blame for the big boom in online education....but, I digress.
  I agree with everyone else on here about certifications are not necessary. But, I do believe they help. If a potential employer is looking through resumes and they come across yours, a CCNA on your resume would have you stand out quicker than a person with a four-year degree in MIS. Why do I believe that? Because, as devils_advocate mentioned, CCNA is focused, and it's assumed that if you put the time/effort into that certification, then you obviously know what path you're going to go down. The MIS degree is more broad, and an employer, from that degree, may not know what your focuses are on.
  Personally, I would guard against one thing as I've run into this many times in my own career. Certification paths require you to takes tests that are in a track. Sometimes, those tracks have tests on subjects that you may never come across in the real world. That being said, you may apply for a position someone could be advertising for only to find out that it's heavily focused on the area of your certification that you've never had real experience in. For example, I had my MCSE back in the 90s. My "finishing" exam was Exchange 5.0. I was a consultant that managed other peoples networks and was basically a "jack of all trades" if you will. The problem was that I didn't have any real experience with Exchange until one client, a quite large one, called in needing help. The company I worked for stated that they had a certified Exchange administrator on staff and I could be out there pretty quick. Long story short, it was Exchange 2000 and they were two very different beasts. It took me quite a while to figure out what the issue was, but long story short, I didn't have enough real world experience with something that I was certified in. I'm pretty sure all of us at one time in this industry has experienced being in these uncomfortable situations at one point or another....especially if you're going the certification route.
  I also believe that the certification tracks are a "cover all bases" route. I think vendors that design these tests are designed to build on your knowledge from the ground up, and eventually everything will come into full circle by the time you're certified in whatever path you choose. This is why you are required to have a valid CCNA before you can attempt other Cisco tracks (with the exception of CCIE (no prerequisite is required)).
  I completely agree with Jon as well. Sometimes certifications are more for the holder of the cert than the company they're wanting to work for. The company may look at it as "awww that's nice", but it will help you get in the door. I would look at it as more of a personal goal and take the knowledge that you get from that and build on it. If you like it, it's well worth doing!
  HTH,
  John
  *** Please rate all useful posts ***