genISEcmd/genisecmd.py at master · mchenetz/genISEcmd · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
from netmiko import ConnectHandler
from ciscoconfparse import CiscoConfParse
import sys

noAP= False
allAPs = []
allRouters = []
filteredPorts = []
skip = False
args = sys.argv

if (len(args) < 3):
    print("""Usage: genisecmd.py [ip] [username] [password]""")
    exit(1)


cisco_device = {
    'device_type':'cisco_ios',
    'ip':args[1],
    'username':args[2],
    'password':args[3],
    'secret':args[3]
}

print ("""Cisco ISE Port Configurator
Michael Chenetz 2016
---------------------------------
Usage: genisecmd.py [ip] [username] [password]

""")

net_connect = ConnectHandler(**cisco_device)
net_connect.find_prompt()
net_connect.enable()
output = net_connect.send_command("show run")
wireless = net_connect.send_command("show cdp nei | section include AIR-").splitlines()
arp = net_connect.send_command("sh arp | section Internet").splitlines()
macs = net_connect.send_command("sh mac address-table | section include Gi").splitlines()
for ap in wireless:
    allAPs.append([ap.split()[2]])

for l3 in arp:
    currentMac = (l3.split()[3])
    for mac in macs:
        matchedMac = mac.split()[1]
        if (currentMac == matchedMac):
            macPort = mac.split()[3].split('Gi')[1]
            if macPort not in filteredPorts:
                filteredPorts.append(macPort)
parse = CiscoConfParse(config=str(output).splitlines(), syntax='ios', factory=True)
interfaces = parse.find_objects_w_child('interface Gigabit','switchport mode access')
for int in interfaces:
    for port in filteredPorts:
        if (int.text.endswith(port)):
            skip=True
            break
        else:
            skip=False
            for chap in allAPs:
                if str(int.text).endswith(chap[0]):
                    noAP=False
                    break
                else:
                    noAP=True

    if (noAP == False and skip==False):
        print (int.text)
        print (' authentication event server dead action reinitialize vlan ' + str(int.access_vlan))
        print (' authentication event server dead action authorize voice')
        print (""" authentication event fail action next-method
 authentication host-mode multi-host
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 mab
 dot1x pae authenticator
 spanning-tree portfast
 shut
 no shut
 """)
        print('!')

    elif(noAP == True and skip == False):
            print (int.text)
            print (' authentication event server dead action reinitialize vlan ' + str(int.access_vlan))
            print (' authentication event server dead action authorize voice')
            print (""" authentication event fail action next-method
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication timer inactivity 30
 mab
 dot1x pae authenticator
 spanning-tree portfast
 shut
 no shut""")
            print ('!')

net_connect.disconnect()