Net::Telnet::Cisco Perl Module

Mihalis Tsoukalos

Because DSL prices are still very expensive in Greece, I use an ISDN line to connect to the Internet for home use. For security reasons, I prefer to connect to the Internet with the extra protection of a Cisco 1603 router. I used to open and close the ISDN dialup connection manually because I prefer to have as much control as possible, but this method was quite time consuming so I began searching for a smarter way. My first thought was "is there a Perl module to help me?" As you might imagine, the answer is yes -- there is a Perl module called Net::Telnet::Cisco. In this article, I'll present the use of the Net::Telnet::Cisco Perl module to control Cisco routers along with a complete Perl code example.

Cisco IOS Introductory Information

Cisco has developed Cisco IOS, which is its own operating system for its full line of products. It is an advanced OS with a philosophy that is very similar to that of Unix. Tab completes an abbreviated command name, and "?" displays all possible options of a command.

Cisco IOS basically supports two levels of user access -- User EXEC Mode and Privileged EXEC Mode. User EXEC Mode is similar to the normal user Unix account, while Privileged EXEC Mode is similar to root access. After connecting to Cisco equipment, the user is automatically put into User EXEC Mode. To use the Privileged EXEC Mode, the user must give a command called enable, which then asks for the required password. After successfully providing the password, the user operates in Privileged EXEC Mode.

Listing 1 shows a full SSH Cisco IOS session for bringing up and down an ISDN dialup connection. Cisco IOS also supports telnet connections. The command configure terminal puts you in terminal configuration mode. The Interface BRI 0 command denotes to Cisco IOS the interface that we want to configure or alter. The no shutdown command turns on the dial-up connection, whereas shutdown turns off the ISDN connection. The show ip route command is given for educational purposes, and it is not required. Ctrl+Z returns the user to Privileged EXEC Mode, and if you press "q" from the Privileged EXEC Mode, your current connection will terminate.

Please note that Net::Telnet::Cisco uses a telnet connection -- that is insecure -- to interact with a Cisco router. For WAN connections, telnet is not acceptable, but for trusted intranet (LAN) networks, telnet is usually perfectly acceptable.

The Net::Telnet::Cisco Module

I have installed Net::Telnet::Cisco on my Mac OS X Tiger system using CPAN, which I think is the easiest method of Perl module installation, but you can install it either by downloading a precompiled package for your particular distribution -- if it is available -- or, more traditionally, by downloading the Perl module and compiling it by hand. The more efficient way of checking whether a Perl module is already installed and works properly is to execute the following command:

big:~ mtsouk$ perl -e "use Net::Telnet::Cisco"
big:~ mtsouk$

big:~ mtsouk$ perl -e "use Net::Telnet::Cisco"
Can't locate Net/Telnet/Cisco.pm in @INC (@INC contains: /sw/lib/
perl5 /sw/lib/perl5/darwin /System/Library/Perl/5.8.6/darwin-thread-
multi-2level /System/Library/Perl/5.8.6 /Library/Perl/5.8.6/darwin-
thread-multi-2level /Library/Perl/5.8.6 /Library/Perl /Network/
Library/Perl/5.8.6/darwin-thread-multi-2level /Network/Library/Perl/
5.8.6 /Network/Library/Perl /System/Library/Perl/Extras/5.8.6/darwin-
thread-multi-2level /System/Library/Perl/Extras/5.8.6 /Library/Perl/
5.8.1 .) at -e line 1.
BEGIN failed--compilation aborted at -e line 1.
big:~ mtsouk$

$session = Net::Telnet::Cisco->new(Host => $CISCO_IP ); -- This command establishes the telnet connection.

$session->login("username", "password"); -- This command logs the user into the remote Cisco router. If no username is used, you can put in whatever you want as a username. At this point, the user is in User EXEC Mode.

$session->enable("enable_password"); -- This command puts the user into Privileged EXEC Mode. Be very careful in this mode.

$session->cmd('show version'); -- This is the way to execute Cisco IOS commands. This command produces output that you can use for debugging purposes.

$session->close; -- After finishing your work, you must close the telnet connection to the Cisco machine by using this command.

Examples

To demonstrate the Net::Telnet::Cisco module, I've included two Perl scripts that turn on and off the ISDN dialup connection of a Cisco 1603 router. These scripts are used for my home dialup connection, but the same rules apply to other Cisco models. Listing 3 shows the Perl code for turning on the dialup connection, whereas Listing 2 shows the Perl code for turning off the dialup connection. These two Perl scripts are quite similar but they are separated for reasons of clarity. The write memory command that should be given in Privileged EXEC Mode saves the current configuration into Cisco router's memory.

Conclusion

Automating computer tasks is a nice approach, even for home use, because it eventually saves time and energy. Do not forget to accurately document what you are doing so you can easily make changes in the future.

Useful Links

Cisco -- http://www.cisco.com/

Net::Telnet::Cisco -- http://search.cpan.org/dist/Net-Telnet-Cisco/ Cisco.pm

Perl -- http://www.perl.com/

Cisco IOS 12.0 Configuration Fundamentals. 1999. Cisco Press, ISBN 1578701554.

CPAN module documentation -- http://search.cpan.org/~jhi/perl-5.8.0/lib/CPAN.pm

Mihalis Tsoukalos lives in Greece with his wife, Eugenia, and works as a high school teacher. He holds a B.Sc. in Mathematics and a M.Sc. in IT from University College London. Before teaching, he worked as a Unix systems administrator and an Oracle DBA. Mihalis can be reached at: tsoukalos@sch.gr.