6

I was googling this and didn't turn up anything.

If you have 100 some odd Cisco routers and switches how do you push out new IOS releases? Certain not by manually logging into every device. The only thing I found was the Cisco Auto-Upgrade Manager, but that's only for ISRs.

Is the only way to deploy Cisco switch and router updates through scripts? I could script this, but before doing this I wanted to be sure that the only way to do this is with my own scripts.

edit: Just to be clear I'm not looking for a way to make the routers automatically update themselves just an automated way to push out IOS updates to the routers.

Edit: Just as an update Puppet Device Managemnet (with Foreman) works pretty well, but I may just go with SolarWinds NCM

red888
  • 4,069
  • 16
  • 58
  • 104
  • 2
    If you have budget for a tool, the popular choices are [Puppet](http://puppetlabs.com/) and [Chef](https://www.chef.io/chef/). But those programs have much more than what you ask--I would personally script it. – Theo Feb 05 '15 at 19:32
  • 2
    I'm not a large Cisco shop like that, but I use the Cisco Network Assistant to upgrade IOS on multiple devices. – TheCleaner Feb 05 '15 at 20:11
  • I'm download CNA now, I'll give it a look. Thanks! – red888 Feb 05 '15 at 20:55
  • 1
    There's actually substantial value in learning how to do this yourself, without a specialized tool. After all, if you can do it for 100 Cisco devices, you can do it for 100 servers... or whatever else, and that's a core competency in this career. – HopelessN00b Feb 16 '15 at 03:52

5 Answers5

4

I recently wrote an Ansible module that allows you to use SSH+SCP to transfer a file to Cisco IOS devices.

One of the use cases is obviously transferring IOS images. It has some built-in checks like not transferring the file if it already exists and performing an MD5 comparison (original file to transferred file). The MD5 is CPU intensive on the router, however.

With the module + Ansible you could then pretty easily transfer new IOS images to a set of network devices.

The module can be found here: https://github.com/ktbyers/scp_sidecar.

I also have a write-up about using the module which can be found here: https://pynet.twb-tech.com/blog/automation/cisco-ios.html

Kirk Byers
  • 41
  • 2
3

{Disclaimer - I work for an HP partner}

What I see most often is the use of a tool like HP Network Automation (which does far more than merely push IOS updates to Cisco devices - it supports all kinds of network devices, does configuration management, can be used for audit compliance, etc).

You might also consider some of the Open Source products like Chef, Puppet, Ansible, CFengine, and others.

It may also be possible to use something like PSSH - but I don't know.

warren
  • 17,829
  • 23
  • 82
  • 134
2

There are many tools but I recommend to using Expect ( http://en.wikipedia.org/wiki/Expect )

Expect has main advantage that it completely simulates command prompt interaction and is very easy to learn and implement. Not mentioning fact it is completely free under GNU/GPL license.

Example:

expect "*assword: "
send "$Password\r"
expect "#"
send "conf t\r"
Koss645
  • 101
  • 4
1

you can upgrade IOS/NX-OS/WLC/ASA and a host of other devices using CMCS (Compliance management and configuration service) this is similar to HPNA but has alot of advantages to it.

Some of the features :

  1. Configuration Management - Backup configurations, view difference between configuration, create golden configurations
  2. SWIM - Software image management - Upgrade OS of devices - It can do pre checks/post checks and also have intelligence built to it. can customize according to MOP
  3. Compliance - Industry standard audits as well as custom policies/audits
  4. Workflow - Workflow approval, multiple levels
  5. Reporting - Inventory reports, PSIRTS, EOL/EOS.

and alot of other features.

To learn more please visit the link : http://www.cisco.com/c/en/us/products/analytics-automation-software/compliance-management-configuration-platform/index.html

stambata
  • 1,598
  • 3
  • 13
  • 18
shaunik wadhawan
  • 11
  • 1
1

stay away from any product or service like hpna and especially Ciscos Compliance management and configuration service. both have problems. ciscos is buggy and doesnt do whats advertised. Dont be fooled. its more cost effective to hire a perl, python or expect person.

John White
  • 11
  • 1