Networking and Unix


 September 14th, 2011Sep 14th, 2011      

NetConnect is a Network Authentication Tool written in Perl that provides an automated login mechanism and scripting framework for CLI based network devices (i.e. Cisco Routers, Switches, etc). It uses a textual configuration file which defines devices as well as login credentials. You are then able to connect to a single device automatically or run scripts on devices in parallel.

NetConnect will run on most Unix environments that have Perl v5.8 of greater installed, which is the majority of Unix environments as Perl usually comes as standard. However, it requires the Perl Expect module which is available from CPAN and enforces v1.21 due to bugs in previous versions.

The latest version of NetConnect as well as the User Guide can be downloaded from the links below. These links will be updated to always contain the latest version:


Getting Started Guide

So, you have deciced that the User Guide isn’t for you and you want to quickly get up to speed. Well, I would recommend that once you have mastered the basics and have a general idea how NetConnect works, then read the User Guide – it contains a lot of important information.

Once you have placed the ‘netc’ binary into your path and you have the Expect Perl module installed, we need to generate a configuration file (‘$HOME/netc.conf’):

profile: 'TACACS' {
  username: 'bloggsj'
  password: 'dGhpcyBpc24ndCBlbmNyeXB0aW9u', encoding: 'base64'
  run: 'terminal monitor', 'terminal width 0'
  telnet {
    r1: ''
    r2: ''

A profile defines a set of login credentials which include at a minimum a ‘username’ and ‘password’. Certain fields are permitted to be encoded using ‘base64’ which provides a level of protection from people looking over your shoulder, but should not be confused with encryption. The ‘run’ attribute allows you to specify a list of commands that will be executed once you connect to a device. We then define some devices under a ‘telnet’ or ‘ssh’ group heading which defines the connection mechanism.

This completes a basic configuration file which contains two devices: ‘r1’ and ‘r2’. To display an output report of the devices defined within your configuration file you can use the following command line arguments:

$ netc -rn
[Profile: TACACS, Type: Cisco, Login: bloggsj]
   [Group: None], [Nodes: 2]
      r1 ........................
      r2 ........................

Total Nodes: 2

You also have the ability to pass a ‘regex’ as a parameter to only show nodes which match a certain criteria. We are now able to get NetConnect to connect automatically to one of these devices by specifying it on the command line:

$ netc r1
Node:        r1
Profile:     TACACS/Cisco/bloggsj
Method:      telnet

Connecting to Node... OK

r1#terminal monitor
r1#terminal width 0

When it is connected to the device you are able to interact with the device as you normally would when using ‘telnet’ or ‘ssh’. The only exception is that you have a powerful shell which is accessed by pressing <CTRL+D>. This shell allows you to run scripts on the node or access the shell without logging off of the node. Within the distribution there is a ‘monitor’ script which provides a watch like feature – this runs the same command every second and highlights the changes:

r1# <CTRL+D>
[/home/bloggsj] netc> run monitor.ncs cmd="show int ATM0/1/0"

ATM0/1/0 is up, line protocol is up
  Hardware is HWIC-DSLSAR (with Alcatel ADSL Module), address is 00aa.bbbb.cccc
  MTU 4470 bytes, sub MTU 4470, BW 448 Kbit/sec, DLY 1140 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ATM, loopback not set
  Keepalive not supported
  Encapsulation(s): AAL5
  23 maximum active VCs, 256 VCs per VP, 1 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Last input never, output 00:00:02, output hang never
  Last clearing of "show interface" counters 5d03h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Per VC Queueing
  30 second input rate 4563304 bits/sec, 1430 packets/sec
  30 second output rate 127333 bits/sec, 332 packets/sec
     2344739 packets input, 3145731866 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1511713 packets output, 120400165 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

While the script is running, the above output will change inplace so you are able to see which bits are changing every second. You can create an alias of the above command without having to type the whole command everytime you want to use the monitor functionaility. As well as running scripts when you are connected to nodes, you are also able to run a script on a lot of nodes in parallel:

$ netc file:nodes.txt -x myscript.ncs

The above command will run the ‘myscript.ncs’ script on all the nodes which are defined within the ‘nodes.txt’ file in parallel. This is an extremely powerful feature that allows you to deploy changes en masse. Scripts are written in Perl and can interact with the node through the ScriptObject (sO) which is an API designed in NetConnect. For examples on scripts and to see what is available in the API then you will need to look at the User Guide! This short article doesn’t do justice to the power of NetConnect and I would recommend a read of the User Guide for more information.