Introduction
Automation has arrived everywhere and even on the many network switches you can do much more than it is currently being used. Following ideas are my base why to automate switches.
- automate setups
- react to changes in your network
- try to reduce the power consumption, (green footprint, green production)
- misuse a switch to control devices like a home control system (or in combination)
@green production / reduce power consumption
You can create an own network for employees mobile devices, and check when the last one left the wifi. Then turn off all access points ports on the switch (and with it the POE power) except the one in the lobby. At the next day when the first connection to this access point is established you turn on all POE Ports again and your network ist back again. This only works in very rare setups. But in my mind the automation in saving power at offices still has many steps to go.
Zyxel Switches
Problems
Unfortunately, Zyxel has not yet managed to make SSH key authentication work. I have just asked the support and it was dismissed as a feature request. Hopefully it will come in the future.
The 2nd problem which unfortunately still occurs frequently is that you receive the following error message
Unable to negotiate with 192.168.0.1 port 22: no matching host key type found. Their offer: ssh-rsa
My only workaround for this is, starting the session with following command:
ssh -oHostKeyAlgorithms=+ssh-rsa admin@192.168.0.1
General Switch information
If you have switches with a lower model number than 2000 (example: XGS1930-52HP) you will not be able to configure on them. You can only show the config and settings, reboot or save. This is the list of available commands:
boot Perform a cold start
cable-diagnostics Execute cable diagnostics
clear Clear functions
disable Turn off privileged commands
exit Exit from the EXEC
igmp-flush Flush Igmp snooping table
locator-led Blink locator-led
logout Exit from the EXEC
mac-flush Flush MAC address table
no Remove configuration
ping Exec ping
ping6 Exec ping6
release Release functions
reload Perform a warm start
renew Renew Setting
reset Reset functions
restart Reset functions
show Show system information
ssh SSH client
test Perform testing function.
traceroute Exec traceroute
traceroute6 Exec IPv6 traceroute
If you have switches with a higher model number than 2000 (example: GS2210-24HP) you get the „full“ access to the switch, and with the configure section the possibility to change most things.
baudrate Change baud rate
boot Perform a cold start
cable-diagnostics Execute cable diagnostics
clear Clear functions
configure Enter configuration mode
copy Backup/Restore system image and configuration
disable Turn off privileged commands
enable Turn on privileged commands
erase Reset system configuration
ethernet Ethernet
exit Exit from the EXEC
help Description of the interactive help system
history Show a list of previously run commands
igmp-flush Flush Igmp snooping table
kick Kick a session
locator-led Blink locator-led
logout Exit from the EXEC
mac-flush Flush MAC address table
no Remove configuration
ping Exec ping
ping6 Exec ping6
reload Perform a warm start
renew Renew Setting
Scripting for automation
Because of the ssh-key lag it is a pain in the ass to create scripts, which login automatically to the switch and change settings. Booth ways I am describing here are only working with third party tools. So it is not possible to create an easy automation script on your Synology and trigger the script. If you have a solution please write me an email, I would be happy to extend this article with your solution.
SSHPASS
With sshpass you can pass the password into the ssh „opening“. But you have to install the tool first. (Link for installation help)
Now you can create a shell file with the commands you want to execute on the switch. In my example I set the SNMP settings I want to have set and stop the POE power on port 1, wait 5 seconds and start POE power again. This should only be an example for you.
#!/bin/bash
# install sshpass
# MAC: brew install hudochenkov/sshpass/sshpass
# parameter
SSH_USER="admin"
SSH_PASSWORD="1234"
SWITCH_IP="192.168.0.1"
#SNMP settings
sshpass -p "$SSH_PASSWORD" ssh NM "$SSH_USER@$SWITCH_IP" << EOF
configure
snmp-server set-community vsprivat
snmp-server get-community vsprivat
snmp-server trap-community vsprivat
snmp-server version v3
snmp-server username vssnmap sec-level auth auth md5 auth-password vspassword group admin
ip name-server 192.168.0.1
EOF
# disable POE interface 1
sshpass -p "$SSH_PASSWORD" ssh -oHostKeyAlgorithms=+ssh-rsa "$SSH_USER@$SWITCH_IP" << EOF
configure
no pwr interface 1
EOF
# time for POE downtime
sleep 5
# enable POE interface 1
sshpass -p "$SSH_PASSWORD" ssh -oHostKeyAlgorithms=+ssh-rsa "$SSH_USER@$SWITCH_IP" << EOF
configure
pwr interface 1
EOF
Expect
If you want to go an other way you can use expect script and „type“ every command itself. Thanks to Eugen from baeldung.com. I reused some of his work in this script.
#!/usr/bin/expect
set timeout 60
# SSH-Zugangsdaten und Switch-IP
set SSH_USER admin
set SSH_PASSWORD 1234
set SWITCH_IP 192.168.0.1
set SSH_Port 22
spawn ssh -oHostKeyAlgorithms=+ssh-rsa -p "$SSH_Port" "$SSH_USER@$SWITCH_IP"
expect "*?assword" {
send "$SSH_PASSWORD\r"
}
expect "*#*" {
send "show pwr\r"
}
expect "*#*" {
send "configure\r"
}
expect "*#*" {
send "no pwr interface 1\r"
}
sleep 30
expect "*#*" {
send "pwr interface 1\r"
}
expect "*#*" {
send "exit\r"
}
expect "*#*" {
send "exit\r"
}
interact
Access Points
If you run the Access Points in local mode (not via Nebula) you have following options. (This are the options of a NWA50AX). With the scripts you can built an auto reboot script, that boots your Access Points every week.
apply
atse
clear
configure
copy
daily-report
debug
delete
diag
diaginfo
dir
disable
enable
exit
iperf
no
nslookup
packet-trace
ping
ping6
psm
reboot
release
rename
renew
run
setenv
show
shutdown
ssh
sshcon
tcpping
telnet
tracepath
tracepath6
traceroute
traceroute6
wds
wizard
wlan-report
write
Downloads
I found some documentation in the depth of the internet:
Zyxel CLI Refernce Guide Ethernet Switche Series:
Zyxel CLI Refernce Guide NWA WAC Series
(c) Thumbnail was created with Adobe AI Firefly