Automating Cisco IOS using NSO 5.3 on Ubuntu Linux 20.04 – Part 1 (Adding Devices)
Please follow my previous post about setting up NSO 5.3 on Ubuntu 20.04.
- Start netsim and use the cli-i c1 command to console to the device c1. From here you can use normal IOS commands. We can even see the pre-populated commands in the running configuration.
- Next we exit out of the IOS CLI and hop into the NSO CLI. This is where the benefit of NSO comes into play. Through NSO we are able to see structured YANG data from the IOS devices.
Populating the NSO Instance
- Now that NSO is running you need to add the devices we created into the NSO inventory. This will allow NSO to read and write data. For this to work we will need an authgroup so we can setup credentials for the devices.
- NOTE: -C specifies ‘cisco style’ CLI because the default is a ‘Juniper style’, -u admin allows us to login as the admin user.
- Setup a new authgroup called labadmin This group will use a default credentials: cisco:cisco for devices, with a secondary pass of cisco.
- After staging the configuration you must commit it to the system with the ‘commit’ command. BEFORE you commit make sure to use the top command and review the configuration changes that are staged by using ‘show config’.
- After you have verified the pending changes are correct you can commit them with the ‘commit’ command.
Adding Devices into NSO
- To add a device you will need:
The devices IP address or FQDN.
SSH/Telnet protocol and port used to connect to the device.
The authgroup needs to exist.
The NED used to connect to the device (Device Driver).
- From config mode on the ncs_cli we will add the device c0 using the IP address 127.0.0.1, the protocol will be telnet. We will use the cisco-ios-cli-6.42 device driver to connect to c0.
- Verify you are in the proper directory associated for the device we want NSO to connect with.
NOTE: You will get an error stating that the device is locked. This is the default mode for devices as a safety mechanism so NSO will not change a device until the administrator is ready. Unlock the device by changing the admit state to unlocked and commit the change.
- Once this is completed you can connect to the device using the connect command.
Now we will add the other 2 devices C1 and C2 to the labadmin group. For the sake of doing it another way we will do this VIA the web GUI. Click on each device from the device manager page.
- Select the labadmin authgroup under the authgroup dropdown. Repeat this process for the C2 device.
- You can also verifiy conection VIA the ncs_cli
- NOTE: This step is not needed as we already know we connected VIA the web GUI.
Learning the Current State of the Network
- We have verified the connectio to the device but we have not let NSO learn the current configuration state of these network devices. First we verify no real device level configurations have been made with show commands.
- NOTE: This step is not required but it a good practice to follow and will help make management and scalability easier. We will create device groups and organize the device into a logical group. The group will be paired by devices which take the same style of configuration. ex: IOS devices in a group, NXOS devices in another group, ASA in a seperate group, etc.
- Next we can verify our newly created IOS-DEVICES group using a show command on the ncs_cli.
We now have IOS devices we can connect and begin configuring with NSO using the ncs_cli. (NSO and NCS are interchangeable and both refer to Network Services Orchestrator).