Excel-driven bulk configuration push for multi-vendor network devices (Cisco IOS / IOS-XE, Cisco Catalyst 1300, H3C Comware), built on Python + Netmiko.
This is a sanitized, public example version of a tool used to roll out a standardized security baseline (AAA/TACACS+, SNMPv3, SSH, logging, NTP) to hundreds of switches. All addresses, keys and credentials in this repo are documentation/sample values — no customer data is included.
- Excel-driven — fill in device name / IP / vendor / model in a sheet; the script reads each row and writes the result (status + reason) back.
- Auto platform detection — if the platform column is blank, the tool logs
in and detects the vendor/platform via
show/display version. - Per-model templates — config is matched one-to-one to a per-model file in
configs/by_model/<Model>.txt. A missing template is skipped (NO_TEMPLATE) rather than pushing a wrong config. - Dry-run pre-check — validate reachability, credentials and platform detection without making any change.
- Concurrency + retry — multi-threaded; one device failing does not block others; failed devices are retried automatically.
- Interactive auto-answer — handles prompts such as RSA key generation and
copy running-config startup-configsave confirmations. - Dual logging — a per-device interaction log plus a global summary log.
pip install -r requirements.txt
# 1) Prepare credentials (copied from the sample, git-ignored)
cp adminuser.sample.txt adminuser.txt # then edit with your username/password
# 2) Prepare the device list (see device.sample.md for the column format)
# Save it as device.xlsx
# 3) Dry-run first (no changes are made)
python push_config.py --excel device.xlsx --dry-run --workers 2
# 4) Real push
python push_config.py --excel device.xlsx --workers 2Tip: always pass
--excel <file>explicitly so you do not accidentally run against the wrong inventory.
device-config-pusher/
├── push_config.py # main tool
├── requirements.txt
├── adminuser.sample.txt # credential file template (copy -> adminuser.txt)
├── device.sample.md # Excel device-list format
├── configs/
│ └── by_model/
│ └── C1300-24T-4G-EXAMPLE.txt # sanitized per-model template example
└── docs/
└── C1300-troubleshooting.md # a real production issue, root-caused and fixed
Network changes are risky. This tool is built to be production-aware:
- Dry-run before any change. Validate first.
- Per-model templates only. Never push a config to a model without an explicit template.
- Local fallback in AAA. Templates keep a local privilege-15 account and
localfallback on every AAA line so you cannot lock yourself out if TACACS is unreachable. - Management ACLs are disabled by default in the example template
(the
! [PROD]prefix) until you confirm your test host is whitelisted. - Full logging. Every device has an auditable per-device log.
See docs/C1300-troubleshooting.md for a
write-up of a tricky production incident (Catalyst 1300 rebooting on automated
access) and how it was root-caused and fixed.
Maintained by a network automation engineer with dual Cisco CCIE (Enterprise Infrastructure + Data Center) and 15+ years in network design, deployment and operations.
The code in this repository is a complete, general-purpose engine. What clients typically pay for is everything around it:
- Customer-specific config templates, written and risk-reviewed for your environment (a wrong line can take a whole network offline).
- Production rollout with backup / staged change / rollback, plus on-call support during the change window.
- Extra vendor / model support (Juniper, Arista, Aruba, FortiGate, …).
- Long-term maintenance and SLA.
If you need any of the above, get in touch:
- Hire on Fiverr: https://www.fiverr.com/benliang_jiang/automate-bulk-network-config-deployment-for-cisco-huawei-and-h3c
- Email: wj670880231@gmail.com
MIT — see LICENSE.