Acesso a todos os comandos via CLI em Switch 3Com 2928 e 1910
_cmdline-mode on
512900
Acesso a todos os comandos via CLI em Switch JG924A
_cmdline-mode on
Jinhua1920unauthorized
# apt install sshpass
# sshpass -p '<SENHA>' ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o KexAlgorithms=diffie-hellman-group1-sha1 -c aes128-cbc <USER>@<IP_SWITCH>
#!/usr/bin/env bash
SSHPASS="/usr/bin/sshpass"
SSH="/usr/bin/ssh"
MV="/usr/bin/mv"
USER="<USER>"
PASS="<PASS>"
KEX="diffie-hellman-group1-sha1"
CIPHER="aes128-cbc"
PATH01="/mnt/tftp"
HOSTGROUP=("IP_SW01" "IP_SW02" "IP_SW03" "IP_SW04")
DATE=$(date +"%Y%m%d%H%M%S")
for HOST in ${HOSTGROUP[@]} ; do
echo ""
echo ""
echo "### 3COM 2928 - HPEV1910 #########################################################################"
echo "### BACKUP - $HOST"
echo ""
sleep 2
$SSHPASS -p $PASS $SSH -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o KexAlgorithms=$KEX -c $CIPHER $USER@$HOST < commands01
sleep 5
$MV $PATH01/ALTERAR.cfg $PATH01/$HOST-$DATE-startup-config.cfg
echo ""
done
3COM 2928 e HP1910
# vi commands01
_cmdline-mode on
y
512900
backup startup-configuration to <IP_TFTP_SERVER> ALTERAR.cfg ou tftp <IP_TFTP_SERVER> put ALTERAR.cfg
quit
HP 1920
# cat commands02
_cmdline-mode on
y
Jinhua1920unauthorized
backup startup-configuration to <IP_TFTP_SERVER> ALTERAR.cfg ou tftp <IP_TFTP_SERVER> put ALTERAR.cfg
quit
Usar o CRON para executar de tempos em tempos o script.
Acesso ao console
_cmdline-mode on
Y
[password is] 512900 <- 1920 a senha e Jinhua1920unauthorized
system-view
Pesquisa
display current-configuration | begin local-user
include ssh
exclude <informacao>
display mac-address 98F2-B365-C124
display mac-address interface GigabitEthernet 1/0/1
display current-configuration interface GigabitEthernet 1/0/24
Permitindo SSH
local-user admin
service-type terminal telnet ssh <- no 1910/1920 tem service-type web para habilitar web interface
authorization-attribute level 3
password simple <PASS> <- cipher
quit
public-key local create rsa <- default 1024
ssh server enable
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
quit
Permitindo SSH pela interface WEB
- Network > Service > Enable SSH service marque e Apply
- Authentication > Users > admin edite e habilite SSH e Apply
- Authentication > PKI > Certificate > Create Key deixe o padrao e clique em Apply
- Salve as configurações
BANNER
header login %
####################################################################
# SUPORTE - TI - +55 DDD XXXX XXXX #
# e-mail suporte@domain.com.br #
####################################################################
# Acesso autorizado apenas para administradores de rede #
# Todas as conexoes sao monitoradas e auditadas #
# Desconecte imediatamente !!! #
####################################################################
%
JOB e Schedule (Não consegui executar)
clock datetime 13:59 01/17/2022
job bkp-startup-config
view bkp-startup-config
time 1 repeating delay 1 command tftp <IP_TFTP_SERVER> put startup.cfg <IP_SW>-startup-config.cfg
return
display job
display schedule job
schedule job delay 1 view system bkp-startup-config
schedule job delay 1 view shell backup startup-configuration to <IP_TFTP_SERVER> <IP_SW>.cfg
SNMP
undo snmp-agent community read public
undo snmp-agent community write private
snmp-agent community read <community>
snmp-agent sys-info contact suporte@domain.com.br
snmp-agent sys-info location <LOCAL>
snmp-agent sys-info version all
snmp-agent group v3 <GroupName> authentication notify-view ViewDefault
snmp-agent usm-user v3 <UserName> <GroupName> authentication-mode md5 <SENHA>
Backup e TFTP
backup startup-configuration to <IP_TFTP_SERVER> ALTERAR-startup-config.cfg
tftp <IP_TFTP_SERVER> put startup.cfg
Nota: Não precisa acessar o system-view para executar os comandos acima