Isn’t weird how we make such an effort to automate parts of our job but still do other repetitive things manually? In my environment, I automate every AD task I can. Yet, I find myself manually configuring and updating network devices.
So I made an effort to update the firmware for all of our switches automatically. We have around 150 managed switches. When this was done manually, it would take around 4 minutes a switch. For my whole network, it would take at least 10 hours of work. It now takes about 30 seconds.
In this guide, we are going to use PowerShell to deploy and update switch firmware. The examples below will be specific to HP ProCurve switches. However, each section should be easily adaptable to any make or model by substituting the commands used for your specific switch.
Three First Steps Toward Network Automation
The first thing you need to have is a network inventory. Specifically, you will need a CSV containing the name, IPAddress, and model of each device that you want to manage. Those three values (Name, IPAddress, Model) should be the headers for your CSV.
Because switches rarely change location and are not frequently replaced, you shouldn’t have to update this CSV often. To create it, you can use something like the Cisco Discovery Protocol to walk through your network, use a network inventory application, or an export for an existing asset inventory.
The second thing you’ll need is a local copy of both PuTTY and KiTTY. KiTTY supports more command line options than PuTTY. Examples include stringing commands together, waiting, running in tray, and sending input to multiple sessions at once. You can download KiTTY from here. Save KiTTY and your network inventory CSV into the same folder. I saved mine in C:\Putty\
The final thing you will need is a TFTP server. You can simply install a TFTP server application on an existing Windows box to meet this requirement. Personally, I use the free SolarWinds TFTP server application. When you install your TFTP server application, you will select a folder that client can connect to (ex: C:\TFTP\). Inside this folder, create a subfolder named Updates.
Deploy and Update Switch Firmware with PowerShell
With your network inventory, you now have an accurate idea of the network switch models that you support. Download the latest firmware updates for each model and save them in the Updates folder that you created.
Be sure to read the release notes (or at the very least – the warnings at the beginning of the notes). This is especially true if you have never updated the firmware or you are several versions back. But enough talking, let’s see some PowerShell.
$Time = "23:00" $Server = "192.168.0.10" $Username = "admin" $Password = "password" Set-Location C:\putty\ $SwitchList = Import-Csv .\switchlist.csv foreach ($Switch in $SwitchList){ if ($Switch.model -like "ProCurve Switch 2610*"){ .\kitty.exe $Switch.IPAddress -ssh -v -l $Username -pw $Password -cmd "\s02 \n Copy tftp flash $Server 2610-R_11_112.swi \n y \n \s02 \n wri mem \n reload at $Time \n y \n logout \n y" -send-to-tray } if ($Switch.model -like "Procurve Switch 2620*"){ .\kitty.exe $Switch.IPAddress -ssh -v -l $Username -pw $Password -cmd "\s02 \n Copy tftp flash $Server 2620_15_18_0007.swi \n y \n \s02 \n wri mem \n reload at $Time \n y \n logout \n y" -send-to-tray } sleep 3 }
Most of the configurations needed for this script are located at the very top. The $Time value controls when switches are scheduled to reboot. If you are testing a firmware (or a configuration change), it is best to schedule a safety reboot first. The next three variables control the TFTP server IP address and username/password used to connect to the switch. If you are using AD authentication on your switches, you do not need to specify the domain name with the username.
On line 6, verify that the Set-location line points to the folder containing KiTTY and your switch inventory file. On the $SwitchList line, change the import-csv line to point to your network inventory CSV (or save your CSV to C:\Putty and name it switchlist.csv).
If you using PowerShell ISE, go ahead and highlight from $Time to the end of the $SwitchList line and run just that selection.
$Time = "23:00" $Server = "192.168.0.10" $Username = "admin" $Password = "password" Set-Location C:\putty\ $SwitchList = Import-Csv .\switchlist.csv
Next, run $SwitchList | Out-GridView . Verify that your headers are: Name, IPAddress, Model. The order doesn’t matter but if the headers don’t match, you will need to edit the if statements at the bottom of the script.
We can now jump to the meat of the script – the foreach and if statements. Our foreach statement will cycle through each line in our CSV and proceed to our if statements. Each if statement checks the Model of the switch to a value. You can see two examples in the first script above. If the model matches your value, KiTTY will attempt to connect to the switch. It will use SSH by default (-ssh) and begin a series of commands. Every command is separate by \n – this indicates a new command for KiTTY to pass. Below are the six main steps to update firmware on a Procurve switch.
- \s02 : wait 2 second once connected. This gives the switch time to process the following commands.
- Copy tftp flash $Server 2610-R_11_112.swi : This is the firmware update command for HP switches.
- y : provides confirmation for the firmware update
- \s02 : another wait
- wri mem : we save the running configuration to startup incase changes have been made but not saved
- reload at $time: restarts are switch after hours to apply the update.
We then have a few confirmations and we logout. You will need an if statement for each switch model that you want to automate. Copy the if block and paste it until you have an if statement for each switch model that you support.
if ($Switch.model -like "ProCurve Switch 2610*"){ .\kitty.exe $Switch.IPAddress -ssh -v -l $Username -pw $Password -cmd "\s02 \n Copy tftp flash $Server 2610-R_11_112.swi \n y \n \s02 \n wri mem \n reload at $Time \n y \n logout \n y" -send-to-tray }
To see all of your models in your switchlist.csv, run the following command: $SwitchList | select Model -Unique | sort model
You now have an automated way to update your switch firmware! And if I am honest (which I am), fear of breaking our network is what kept me from exploring this earlier. When you connect to each switch, visibly update the firmware, restart it, and check it again – you know everything is working. Scripting it can be scary. Now, just have to work up the nerve to actually automate it. Here is what you can do to make the process a bit easier:
- Manually specify a switch IP address (instead of $Switch.IPAddress) in the If block to test your update sequence.
- Add a pause after the sleep statement to test one switch at a time and be sure to test each switch model that you have once.
- Be sure to schedule network maintenance time. If you normally take 8 hours to do this, schedule 8 hours. This gives you time to fix any issues.
Like anything, there are a dozen different ways to achieve our end goal of automated network configuration. Some simple, most complicated. Few free, many expensive. I hope the example above brings you closer to an automated network. If you have any suggestions, improvements, or alternative methods, I would love to hear about them in the comments!
Hello,
when i am starting the script, the gui of kitty opens, nothing happens and the script ends. Hon can I start Kitty in remote mode?
waht skript are you using
It is in the post – you may need to disable an ad blocker to see it.
Very cool. We don’t update our switching firmware enough for my liking but this would surely make it trivial. About the only thing I’ve scripted as far as our switching goes is config backups and backup-history using PSCP, but that’s been nice for our sites without any config solution.
PS: I also want to try this just so I can write: Switch ($Switch)
Thank you! You should post your config backup script in the comments!
This is awesome. Thanks for putting it together.
You can use “save” in place of “wr mem” or “wri mem” FYI.
Not a problem at all! And thanks for the note!