search

ktbyers / netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
MIT License
3.58k stars 1.3k forks source link

Netmiko Cisco_Ftd pattern/timeout issue #3375

Open jmello-pagseguro opened 8 months ago

jmello-pagseguro commented 8 months ago

Description of Issue/Question

Note: Please check https://guides.github.com/features/mastering-markdown/ to see how to properly format your request.

Setup

Netmiko version

(Paste verbatim output from pip freeze | grep netmiko between quotes below)

n/.venv/bin/python -m pip freeze | grep netmik
netmiko==4.3.0

Netmiko device_type (if relevant to the issue)

(Paste device_type between quotes below)

device_type = 'cisco_ftd'

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

13:12:13 - ERROR - netmiko_ftd.py:37 - getPolicy -

Pattern not detected: 'packet\\-tracer\\ input\\ ACI_Prod\\ TCP\\ 10\\.184\\.32\\.247\\ 1025\\ 10\\.185\\.233\\.36\\ 5432' in output.

Things you might try to fix this:
1. Adjust the regex pattern to better identify the terminating string. Note, in
many situations the pattern is automatically based on the network device's prompt.
2. Increase the read_timeout to a larger value.

You can also look at the Netmiko session_log or debug log for more information.

Pattern not detected: 'packet\\-tracer\\ input\\ ACI_Prod\\ TCP\\ 10\\.184\\.32\\.247\\ 1025\\ 10\\.185\\.233\\.36\\ 5432' in output.

Things you might try to fix this:
1. Adjust the regex pattern to better identify the terminating string. Note, in
many situations the pattern is automatically based on the network device's prompt.
2. Increase the read_timeout to a larger value.

You can also look at the Netmiko session_log or debug log for more information.

 # cat netmiko_session.log
Last login: Mon Jan 29 14:07:29 BRST 2024 from 10.185.24.64 on pts/6

Copyright 2004-2022, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Firepower Extensible Operating System (FX-OS) v2.10.1 (build 192)
Cisco Firepower 4140 Threat Defense v7.0.2 (build 88)

>
>
> packet-tracer input ACI_Prod TCP

Relevant Python code

(Please try to essentialize your Python code to the minimum code needed to reproduce the issue) (Paste the code between the quotes below)

        self.__FW = {
            'device_type': 'cisco_ftd',
            'host': self.__HOST,
            'username': self.__USERNAME,
            'password': self.__PASSWORD,
            'port': '22',
            "session_log": "netmiko_session.log",
            'fast_cli': False
        }
        self.rule_name = ''

    def getPolicy(self,srcintf: str, protocol: str, sourceip: str, dest: str, destport: int):
        log.debug("-- Init Netmiko Connection --")
        try:
            net_connect = ConnectHandler(**self.__FW)
            srcport = 1025
            output = net_connect.send_command(f"packet-tracer input {srcintf} {protocol} {sourceip} {srcport} {dest} {destport}", read_timeout=30, expect_string=r">")
            print(f"packet-tracer input {srcintf} {protocol} {sourceip} {srcport} {dest} {destport}")
        except Exception as error:
            log.error(error)

According to the netmiko session log, it appears that the command is incomplete due to something in the terminal Can you help me?

jmello-pagseguro commented 8 months ago

@ktbyers have an idea for this?

ktbyers commented 8 months ago

Try disabling cmd_verify here:

output = net_connect.send_command(
    f"packet-tracer input {srcintf} {protocol} {sourceip} {srcport} {dest} {destport}", 
    read_timeout=30, 
    expect_string=r">",
    cmd_verify=False,
)
jmello-pagseguro commented 8 months ago

this solved my problem for now, thank you so much.