Automation with Cisco NCM Command Scripts


For this example, let’s assume we’re trying to figure out a way to allow the Network Operations Center (NOC) to shut down interfaces on access switches, but not on distribution or core switches. Additionally, the NOC should not be able to be able to shut down the uplink ports located on ports fastethernet 0/23 and fastethernet 0/24.

NCM provides an easy way to get started with the script. This is done by creating a SSH session to the switch and executing the commands that would be executed in the command script. Then, the commands can be viewed and automatically converted to an Expect or Perl script. From there, the script can be customized to provide the logic to accomplish the task above. Let’s walk through how each step is done.

1. Click on “Devices > Inventory”.

2. In the resulting screen, click on the SSH button next to the device you would like to connect to

3. In the Java SSH window that appears, type in an example of the commands that would be used to shutdown an interface and exit.

4. Navigate back to the device by, once again, going to “Devices > Inventory”. Click on the device name

5. In the resulting screen, click on “View > Telnet/SSH Sessions”

6. Click on “View Commands Only” to view the commands that you just entered

7. Click on “Convert to Expect Script” to automatically create a script from the commands entered.

8. At this point, an Expect script is created with the code needed to execute the commands entered previously

9. There a few places that need customization. First, the interface used in the script, fastethernet0/9 should be a variable that the NOC can define at execution time. This can be done by replacing fastethernet0/9 with a NCM variable that the NOC will be prompted to enter when they execute the script. To do this, replace fastethernet0/9 with $interface$. A string with $ at the beginning and end signifies an NCM variable.

send “interface fa0/9 ” ———–> send “interface $interface$ “

10. When this is added, the “Pull Variables” button can be clicked to create the prompt that the NOC will see when they execute the script

11. This brings up another screen that requires information to be entered for the prompt

12. That’s the basics of the script. The only thing left to do is add the restrictions for the script. First, the NOC should only be able to change access layer switches. The naming convention for the switches state that access switches start with “A”. We can use this as a check to make sure an access switch is being used. Below is the corresponding Expect code snippet

if [string match “^A*” $enable_prompt] {
} else {
puts ” This is not an access layer switch “
exit 1

This snippet checks to see if the pre-defined $enable_prompt variable starts with an A. If so, it is an access layer switch. If not, an error message is displayed and the script is exited with error status.

13. The second check was to make sure fastethernet0/23 or fastethernet0/24 are not used. This is accomplished with the snippet below.

set protected_int {“1/6” “1/7”}
set int $interface$

set i 0
foreach i $protected_int {
if [string match “*$i” $int] {
puts ” Shutdown of uplink ports is not permitted “
exit 1

In this portion, the uplink interfaces are put into an array named “protect_int”. The interface, that the NOC chooses, is stored in the $interface$ variable. A for loop checks to see if there is match between an uplink interface and the chosen interface. If so, an error message is sent and the scripted is exited.

14. When the script is created, the Expect command “log_user 1” is set. This means that whatever is sent in the script is also sent to the script output. In order to stop this from happening, set “log_user 0”. With this set, only the “puts” output is displayed. In general, this is what you will want to see.

15. To run the script, click “Devices > Device Tools > Command Scripts”

16. Select “Run” on the script to execute.

17. Select the devices to run the script on, the interface to shutdown, and click “Save Task” to execute the script

That’s all there is to creating a command script in NCM. I would highly recommend purchasing the “Exploring Expect” book written by Don Libes and published by O’Reilly. Additionally, I would recommend downloading ActiveTCL from Expect is actually an extension of TCL. After installing TCL, you can load the Expect extension by entering “teacup install Expect” from a CMD prompt.

Leave a Reply