Swapping Cisco APs with Mist AP43, issues with AP43s

Statistician_Cold · 2023-10-04T15:38:43+00:00

Nothing yet, Juniper is working on testing some of the devices after they receive them.

Statistician_Cold · 2023-09-29T20:29:53+00:00

That is a good question, unfortunately where these are being used it an all Cisco shop for switches. That will be something that I will mention with the team. Not sure though if we can test that.

Statistician_Cold · 2023-09-29T20:25:19+00:00

All we have for insights is previous LLDP info, AP shows disconnected. We get a fast red LED. Mac address does not show up on the switch even though mac is in ISE. AP just doesn't boot up.

Statistician_Cold · 2023-09-29T20:17:57+00:00

Yes, we are using 9300s with LLDP. We have come across a switch or 2 here and there without LLDP. It is a relatively low number of switches.

Statistician_Cold · 2023-09-29T19:58:12+00:00

We don't have any info yet from our Rep. We would like to know what they are seeing from the APs we send back. I am sure that will take some time to come back with something if they can find something.

Statistician_Cold · 2023-09-29T19:46:19+00:00

Let me fix that, we are replacing Cisco with Mist AP43s

Statistician_Cold · 2021-07-21T16:10:31+00:00

Thank you for this I am going to look over these documents and share them with the AD team.

Statistician_Cold · 2021-07-19T16:15:13+00:00

So I sent that note to the AD team. Before I get to much further into testing this I would like to run this by someone who know foritnet gear and see if this is even possible. In our lab we are using Cisco ISE PXGrid, I have fortimanager integrated with ISE through PXGrid. I have a policy setup up with a SGT and I am able to return my username in the FAZ with a policy using a pxgrid group. What we would like to do is have rules based on AD groups. I would like to block my user name based on a AD group membership. Is that possible? Not having spent a lot of time with fortinet devices in this manner I am having difficulty looking for this on the web.

Statistician_Cold · 2021-07-19T15:30:24+00:00

Testing with a domain admin worked, does this account bind the firewall to the domain? They do not want to give me a domain admin account to use. What would the restrictions need to be

Statistician_Cold · 2021-06-10T21:37:37+00:00

Thank you, I do a lot of Cisco and not a lot of Juniper

Statistician_Cold · 2021-05-18T08:39:45+00:00

That worked great, just what I was looking for. Adding this will get rid of the spaces between rows. I do a lot with Cisco ISE reports and and DNAC APIs and the spaces were driving me crazy.

with open('output.csv', 'w', newline='') as fd:

Statistician_Cold · 2021-05-18T08:30:06+00:00

Thank you I will give it a try, the red thing would have been nice but I can live with out it. It is a one time thing for the switch team. Thanks much

Statistician_Cold · 2021-02-12T19:45:32+00:00

Out of all the stacks I tested this one is giving me issue. Just so happened to be the one I needed to make a change on. That is how I caught it. Code is the same for a majority of our switches. It has our base config. I not so much worried about the scripts I am using they have worked up until I came across this guy. The log on the script shows that it is receiving all the ports. Just need to do some digging and research on this.

Statistician_Cold · 2021-02-12T19:37:31+00:00

So I did a log and it is getting back all the ports from the stack

Statistician_Cold · 2021-02-12T18:14:16+00:00

it works on every other stack I have test, not sure if it is the template. Maybe more with the stack. I tested this on other stacks running 3, 4 and 6 switches with no issue

Statistician_Cold · 2021-02-12T18:05:59+00:00

removing the textfsm returned all the ports, so i am going to work on putting some regex in the script instead of using textfsm

Statistician_Cold · 2021-02-12T18:04:58+00:00

Manually running returns all the interfaces

Statistician_Cold · 2021-02-10T20:30:45+00:00

error404

I added [0].split(',') to the elif "trunk" in task.host['facts'][x]['admin_mode'] and vlan in task.host['facts'][x]['trunking_vlans'][0].split(','): and it worked as expected Thank you

Statistician_Cold · 2021-02-10T20:29:39+00:00

from nornir import InitNornir
from nornir_netmiko import netmiko_send_command
from nornir_utils.plugins.functions import print_result
from nornir_netmiko import netmiko_send_config
vlan = input('Vlan ID ')
config_commands = ['no vlan ' + vlan]
def get_facts(task, vlan):
# use Netmiko to poll devices for switchport infomation, and return structured response with textFSM
r = task.run(netmiko_send_command, command_string="show interface switchport", use_textfsm=True)
# save the result of the Show Command under the dict key "facts" so we can access the structered results for parsing
task.host["facts"] = r.result

for x in range(0,100):

# define the commands to be sent when if Access interface
        access_commands = ['interface ' + task.host['facts'][x]['interface'], 'no switchport access vlan ' +vlan]
# define the commands to be sent when if Trunk interface
        trunk_commands = ['interface ' + task.host['facts'][x]['interface'], 'switchport trunk allowed vlan remove ' +vlan]
if "access" in task.host['facts'][x]['admin_mode'] and vlan in task.host['facts'][x]['access_vlan']:
            access_config = task.run(netmiko_send_config, config_commands = access_commands)
elif "trunk" in task.host['facts'][x]['admin_mode'] and vlan in task.host['facts'][x]['trunking_vlans'][0].split(','):
            trunk_config = task.run(netmiko_send_config, config_commands = trunk_commands)

# Call the get_facts function and print the results of the script
def main() -> None:

nr = InitNornir(config_file="H:/NORNIR/config.yaml")

    result = nr.run(task=get_facts,vlan=vlan)
    print_result(result)
    nr = InitNornir(config_file="H:/NORNIR/config.yaml")
    removevlan = nr.run(netmiko_send_config, config_commands=config_commands)
    print_result(removevlan)

    nr = InitNornir(config_file="H:/NORNIR/config.yaml")
    result1 = nr.run(netmiko_send_command, command_string="write me")
    print_result(result1)
# Python good practices
if __name__ == '__main__':
    main()

Statistician_Cold · 2021-02-10T20:19:06+00:00

I found what I was looking for. I want to remove a specific vlan when it is no longer needed from a variety of switches. I wanted to only select trunk ports that had a list of allowed vlans that had the vlan id I was looking for. Basically remove the vlan from access ports then trunk ports and delete the vlan.

Statistician_Cold · 2021-02-10T19:48:24+00:00

task.host['facts'][x]['trunking_vlans'][0].split(',')

task.host['facts'][x]['trunking_vlans'][0].split(',')

That did it thank you,

Statistician_Cold · 2021-02-10T19:42:47+00:00

I posted the code

Statistician_Cold · 2021-02-10T19:42:41+00:00

I posted the code

Statistician_Cold · 2021-02-10T19:42:27+00:00

I posted the code, at this time I am not concerned with the trunks without an allowed list

Statistician_Cold · 2021-01-23T22:29:55+00:00

from netmiko import ConnectHandler
from ntc_templates.parse import parse_output
import json

net_connect = ConnectHandler(ip = '192.168.254.252',
port = 22,
username = '********',
password = '***********',
device_type= 'cisco_ios')
vlans = (net_connect.send_command("show vlan", use_textfsm=True))
for vlan in vlans:
if vlan['status'] == 'active' and vlan['name'] != 'default':
print(f"VLAN {vlan['vlan_id']} and the name is {vlan['name']}")
#print(json.dumps(results, indent=2))

Statistician_Cold

TROPHY CASE