search

napalm-automation / napalm

Network Automation and Programmability Abstraction Layer with Multivendor support
Apache License 2.0
2.26k stars 555 forks source link

Napalm cannot handle custom enable prompt on Cisco devices #1146

Open mabraham21 opened 4 years ago

mabraham21 commented 4 years ago

Description of Issue/Question

Our company set a custom prompt when switching to enable mode on Cisco devices. I cannot change that, it's the policy. The prompt is "SecurID_PASSCODE:". By default, Napalm is looking for the "Password:" prompt in order to enter the enable password. Is there a way to tell Napalm to expect a different prompt for the enable mode?

Netmiko can do this in the enable method:

net_connect = ConnectHandler(**net_device) net_connect.enable(cmd='en', pattern='SecurID_PASSCODE:')

It looks like Napalm goes into enable mode automatically and doesn't allow for a custom enable prompt on Cisco devices.

I tried setting this in the optional arguments, but had no luck:

driver = napalm.get_network_driver('ios') device = driver(hostname=host, username='user', password='mypass', optional_args={'secret': 'mypass2#', 'pattern': 'SecurID_PASSCODE:'})

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

(Place an x between the square brackets where applicable)

Setup

napalm version

(Paste verbatim output from pip freeze | grep napalm between quotes below)

napalm==2.5.0

Network operating system version

(Paste verbatim output from show version - or equivalent - between quotes below)

san-wan1>show version
Cisco IOS XE Software, Version 03.13.06a.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.4(3)S6a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 27-Sep-16 21:12 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

san-wan1 uptime is 2 years, 36 weeks, 3 days, 17 hours, 6 minutes
Uptime for this control processor is 2 years, 36 weeks, 3 days, 16 hours, 59 minutes
System returned to ROM by SSO Switchover at 18:21:15 PDT Thu Jun 29 2017
System restarted at 18:25:04 PDT Thu Jun 29 2017
System image file is "bootflash:asr1000rp2-adventerprisek9.03.13.06a.S.154-3.S6a-ext."
Last reload reason: redundancy force-switchover

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco ASR1006 (RP2) processor (revision RP2) with 4164732K/6147K bytes of memory.
Processor board ID FOX1222GFSD
12 Gigabit Ethernet interfaces
9 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
8388608K bytes of physical memory.
1925119K bytes of eUSB flash at bootflash:.
78085207K bytes of SATA hard disk at harddisk:.

Configuration register is 0x2102

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

Make sure your Cisco device has a custom prompt when trying to go into enable mode

jumphost$ ssh myrouter
Password: <enter password>
myrouter>en
SecurID_PASSCODE: <enter passcode>
myrouter#
ktbyers commented 4 years ago

You probably would have to do a pull-request on this to pass in a special argument. You would pass this in via optional_args.

network-shark commented 4 years ago

Can you provide a configuration snippet @mabraham21 ?

I only know about 

aaa authentication password-prompt "YOURNEWPASSWORDPROMT: "

That command would change the passwordpromt for user EXEC mode and privileged EXEC mode , but that does not apply to your setup.

I think that would help , if someone else would create a PR for that feature.