Tuesday, 26 August 2014

Linux: Remote Shutdown/WoL Window's with 802.1x enabled | Part 3 Automated Macro Scripts

Automated Macro Scripts

This script runs the macros which disables and re-enables dot1x on the switches interfaces.

 #!/usr/bin/expect -f

# Set variables
 set hostname [lindex $argv 0]

# Log results
 log_file -a ~/results.log

# Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>>  Working on $hostname @ [exec date] <<<<<\n"
 send_user "\n"

 spawn ssh michael@

# Allow this script to handle ssh connection issues
 expect {
 timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
 eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
 "*#" {}
 "*assword:" {
 send "$password\n"

 send "macro apply nodot1x\n"
 expect "#"
 send "exit\n"
 expect "#"
 sleep 10
 send "macro apply dot1x\n"
 expect "#"

 Testing script

So what I've managed to do is get an automated WoL with Remote Shutdown incorporating 802.1x.



Linux: Remote Shutdown/WoL Window's with 802.1x enabled | Part 2 - Cronjobs


Cronjobs can be used to automate the bash scripts that I had created.

  • Enter cronjob -e  to start or sudo crontab -e
What I would like to do next is automate the macro that I created on the switches, which disables and re-enables dot1x.



Cisco 300 Switch: SSH Public Key Authentication

Generate SSH Keys

The following was completed on Ubuntu desktop.
  • Open 'Passwords and Keys'
  • Click add then 'Secure Shell Key'
  • Press 'Continue'
  • Give your key a description
  • Then click 'Just Create Key'

You will be prompted for a 'passphrase', you can leave it blank if you want.

You can also do this quickly from terminal with the following commands;

Configure Switch

Enter the following commands;


Additionally create an account with the 'username' command in global config.

Now setup the RSA key;


After entering 'key-string' press enter and put in the SSH key that you generated earlier.  Press enter twice when you've copied the key over, and it should show a 'Fingerprint' id

I had a problem with the number of retries allowed when logging in this way (As I created a SSH key for each device, instead of just using one for all of the devices). I cleared this up by removing some RSA keys that I no longer use. You can increase the number of SSH retries, but on the 300 switches the command does not appear.

If you do get a problem logging via ssh in try this;

  • ssh -o PubkeyAuthentication=no username@hostname.com