NAME
    Net::Appliance::Session - Run command-line sessions to network
    appliances

VERSION
    version 2.111080

SYNOPSIS
     use Net::Appliance::Session;
     my $s = Net::Appliance::Session->new('hostname.example');
     $s->privileged_paging(1); # if using ASA/PIX OS 7+

     eval {
         $s->connect(Name => 'username', Password => 'loginpass');
         $s->begin_privileged('privilegedpass');
         print $s->cmd('show access-list');
         $s->end_privileged;
     };
     if ($@) {
         $e = Exception::Class->caught();
         ref $e ? $e->rethrow : die $e;
     }

     $s->close;

DESCRIPTION
    Use this module to establish an interactive command-line session with a
    network appliance. There is special support for moving into "privileged"
    mode and "configure" mode, with all other commands being sent through a
    generic call to your session object.

    There are other CPAN modules that cover similar ground, including
    Net::SSH and Net::Telnet::Cisco, but they are less robust or do not
    handle SSH properly. Objects created by this module are based upon
    Net::Telnet so the majority of your interaction will be with methods in
    that module. It is recommended that you read the Net::Telnet manual page
    for further details.

    This module natively supports connections via SSH, Telnet and a Serial
    Port. All commands can be overridden from the built-in Cisco defaults in
    order to support other target devices; the connection process (user
    log-in) is similarly configurable.

METHODS
    Objects created by this module are based upon Net::Telnet so the
    majority of your interaction will be with methods in that module.

  "Net::Appliance::Session->new"
    Like Net::Telnet you can supply either a single parameter to this method
    which is used for the target device hostname, or a list of named
    parameters as listed in the Net::Telnet documentation. Do not use
    "Net::Telnet"'s "Errmode" parameter, because it will be overridden by
    this module.

    The significant difference with this module is that the actual
    connection to the remote device is delayed until you "connect()".

    Named Parameters, passed as a hash to this constructor, are optional.
    Some are described in "TRANSPORTS", "DIAGNOSTICS", and "CONFIGURATION"
    below. Any others are passed directly to Net::Telnet (which dies on
    unknown parameters).

    This method returns a new "Net::Appliance::Session" object.

  "connect"
    When you instantiate a new Net::Appliance::Session object the module
    does not actually establish a connection with the target device. This
    behaviour is slightly different to Net::Telnet and is because the
    Transport may need to have login credentials before a connection is made
    (e.g. in the case of SSH). Use this method to establish that interactive
    session.

    Parameters to this method are determined by the Transport (SSH, Telnet,
    etc) that you are running. See the Net::Appliance::Session::Transport
    manual page for further details.

    In addition to logging in, "connect" will also disable paging in the
    output for its interactive session. This means that unlike
    Net::Telnet::Cisco no special page scraping logic is required in this
    module's code. This feature can be disabled (see "CONFIGURATION",
    below).

  "begin_privileged"
    To enter privileged mode on the device use this method. Of course you
    must be connected to the device using the "connect" method, first.

    All parameters are optional, and if none are given then the login
    password will be used as the privileged password.

    If one parameter is given then it is assumed to be the privileged
    password.

    If two parameters are given then they are assumed to be the privileged
    username and password, respectively.

    If more than two parameters are given then they are interepreted as a
    list of named parameters using the key names "Name" and "Password" for
    the privileged username and password, respectively.

  "end_privileged"
    To leave privileged mode and return to the unpriviledged shell then use
    this method.

  "in_privileged_mode"
    This method will return True if your interactive session is currently in
    privileged (or configure) mode, and False if it is not.

    Also, you can pass a True or False value to this method to "trick" the
    module and alter its behaviour. This is useful for performing secondary
    logins (see CPAN Forum).

  "begin_configure"
    In order to enter configure mode, you must first have entered privileged
    mode, using the "begin_privileged" method described above.

    To enter configure mode on the device use this method.

  "end_configure"
    To leave configure mode and return to privileged mode the use this
    method.

  "in_configure_mode"
    This method will return True if your interactive session is currently in
    configure mode, and False if it is not.

    Also, you can pass a True or False value to this method to "trick" the
    module and alter its behaviour (see CPAN Forum).

  "cmd"
    Ordinarily, you might use this "Net::Telnet" method in scalar context to
    observe whether the command was successful on the target appliance.
    However, this module's version "die"s if it doesn't think everything
    went well. See "DIAGNOSTICS" for tips on managing this using an "eval{}"
    construct.

    The following error conditions are checked on your behalf:

    *   Incomplete command output, it was cut short for some reason

    *   Timeout waiting for command response

    *   EOF or other anomaly received in the command response

    *   Error message from your appliance in the response

    If any of these occurs then you will get an exception with appropriately
    populated fields. Otherwise, in array context this method returns the
    command response, just as "Net::Telnet" would. In scalar context the
    object itself returned.

    The only usable method arguments are "String", "Output" and "Timeout",
    plus as a special case, "Match". The "Match" named argument takes in an
    *array reference* a list of one or more strings representing valid Perl
    pattern match operators (e.g. "/foo/"). Therefore, the "cmd()" method
    can check against the default command prompt, built-in error strings,
    and also a custom response of your choice at the same time.

    Being overridden in this way means you should have less need for the
    "print()" and "waitfor()" methods of "Net::Telnet", although they are of
    course still available should you want them.

  "close"
    This "Net::Telnet" method has been overridden to automatically back out
    of configure and/or privilege mode, as well as re-enable paging mode on
    your behalf, as necessary.

  "error"
    Rather than following the "Net::Telnet" documentation, this method now
    creates and throws an exception, setting the field values for you. See
    "DIAGNOSTICS" below for more information, however under most
    circumstances it will be called automatically for you by the overridden
    "cmd()" method.

TRANSPORTS
    This module supports interactive connections to devices over SSH, Telnet
    and via a Serial Port. The default is to use SSH, so to select an
    alternative, pass an optional "Transport" parameter to the "new()"
    constructor:

     my $s = Net::Appliance::Session->new(
         Host      => 'hostname.example',
         Transport => 'Serial',
     );

    Whatever transport you are using, it is highly recommended that you read
    the relevant manual page. The Net::Appliance::Session::Transport manual
    is a good starting place.

CONFIGURATION
  Log-in
    In the default case, which is SSH to a Cisco IOS device, both a Username
    and Password are required and a full log-in is made (i.e. the device
    presents a Password prompt, and so on).

    However, some devices require no login. Examples of this might be a
    Public Route Server, or a device connected via a Serial Port. In that
    situation, use the following object method *before* calling "connect()":

   "do_login"
    Passing any False value to this method prevents "connect()" from
    expecting to have to negotiate a log-in to the device. Most Transports
    in that case do not require the Password parameter, although a Username
    might still be required. By default log-in negotiation is enabled.

  Paging
    In the default case, Net::Appliance::Session expects that command output
    paging is enabled on the device. This is where response to commands is
    "paged", having only (e.g.) 24 lines printed at a time, and you press
    the Enter or Space key to see more.

    With automated interaction this is useless, and error-prone, so
    Net::Appliance::Session by default will send a command to disable paging
    straight after it connects, and re-enable it as part of "close()".

    To override the pager management command itself, you will need to edit
    the phrasebook (see below). The following object methods alter other
    aspects of pager management:

   "do_paging"
    Passing any False value to this method prevents "connect()" and
    "close()" from respectively disabling and re-enabling paging on the
    device. By default paging management is enabled.

   "enable_paging" and "disable_paging"
    If you have an installation which requires manual issueing of paging
    commands to the device, then call these methods to take that action.
    Note that "do_paging" must have been passed a True value otherwise these
    methods will short-circuit thinking you don't want paging.

    In other words, to page manually, set "do_paging" to False at the start
    of your session, before connecting, and then set it to True as you call
    either of these methods. This dancing around will probably be fixed in a
    forthcoming release of Net::Appliance::Session.

   "set_pager_disable_lines"
    Net::Appliance::Session assumes that the command to disable the pager
    just re-sets the number of paging lines. Pass this method a new value
    for that number, which has a default of zero in the module.

   "set_pager_enable_lines"
    Likewise, to re-enable paging Net::Appliance::Session will call the
    pager management command with a value for the number of output lines per
    page. Pass this method a value to override the default of 24.

   "privileged_paging"
    On some series of devices, in particular the Cisco ASA and PIXOS7+ you
    must be in privileged mode in order to alter the pager. If that is the
    case for your device, call this method with a true value to instruct the
    module to better manage the situation.

  Command mode
    If your target device does not have the concept of "privileged exec" or
    "configure" mode, then just don't call the methods to change into those
    modes.

    However, there is a catch. If your device separates only configure mode,
    then when you try to call "begin_configure()" straight after a log-in,
    the module will complain, because it thinks you need to ask for a
    "begin_privileged" first. Also, when disconnecting,
    Net::Appliance::Session will attempt to step out of privileged and
    configure modes, so if they don't apply you will want to disable those
    steps.

    To alter all this behaviour, use the following object methods.

    If you are trying to subvert this module to just automate interaction
    with a CLI via SSH, Telnet or Serial Line on a strange kind of device,
    then these methods will be useful (as well as "do_paging", above).

   "do_privileged_mode"
    If you pass a False value to this method, then Net::Appliance::Session
    will believe you are in some kind of privileged mode as soon as you log
    in. The net effect is that you can now safely call "begin_configure()".
    The default is to actively gatekeep access to privileged mode.

   "do_configure_mode"
    By passing a False value to this method you also make
    Net::Appliance::Session believe you are in configure mode straight after
    entering privileged mode (or after log in if "do_privileged_mode" is
    also False). The default is to actively gatekeep access to configure
    mode.

  Commands and Prompts
    Various models of network device, either from one vendor such as Cisco
    or between vendors, will naturally use alternate command and command
    prompt syntax. Net::Appliance::Session does not hard-code any of these
    commands or pattern matches in its source. They are all loaded at
    run-time from an external phrasebook (a.k.a. dictionary), which you may
    of course override.

    The default operation of Net::Appliance::Session is to assume that the
    target is running a form of Cisco's IOS, so if this is the case you
    should not need to modify any settings.

    Support is also available, via the "Net::Appliance::Phrasebook" module,
    for the following operating systems:

     IOS     # the default
      
 Aironet # currently the same as the default
     CATOS   # for older, pre-IOS Cisco devices
     PIXOS   # for PIX OS-based devices
     PIXOS7  # Slightly different commands from other PIXOS versions
     FWSM    # currently the same as 'PIXOS'
     FWSM3   # for FWSM Release 3.x devices (slightly different to FWSM 2.x)
      
 JUNOS   # Juniper JUNOS support
     HP      # Basic HP support
     Nortel  # Basic Nortel support

    To select a phrasebook, pass an optional "Platform" parameter to the
    "new" method like so:

     my $s = Net::Appliance::Session->new(
         Host     => 'hostname.example',
         Platform => 'FWSM3',
     );

    If you want to add a new phrasebook, or override an existing one, there
    are two options. Either submit a patch to the maintaner of the
    "Net::Appliance::Phrasebook" module, or read the manual page for that
    module to find out how to use a local phrasebook rather than the builtin
    one via the "Source" parameter (which is accepted by this module and
    passed on verbatim).

     my $s = Net::Appliance::Session->new(
         Host     => 'hostname.example',
         Source   => '/path/to/file.yml',
         Platform => 'MYDEVICE',
     );

    In this way, you can fix bugs in the standard command set, adjust them
    for your own devices, or "port" this module onto a completely different
    appliance platform (that happens to provide an SSH, Telnet or Serial
    Port CLI).

    Some sanity checking takes place at certain points to make sure the
    phrasebook contains necessary phrases. If overriding the phrasebook,
    you'll need to provide at least the "basic_phrases" as set in this
    module's source code. If using Privileged and Configure mode, there are
    "privileged_phrases" and "configure_phrases" that will be required,
    also. Paging requires a "pager_cmd" phrase to be available. See the
    source code of Net::Appliance::Phrasebook for examples.

    If you fancy yourself as a bit of a cowboy, then there is an option to
    "new()" that disables this checking of phrasebook entries:

     my $s = Net::Appliance::Session->new(
         Host     => 'hostname.example',
         Platform => 'MYDEVICE',
         Source   => '/path/to/file.yml', # override phrasebook completely
         CheckPB  => 0, # squash errors about missing phrasebook entries
     );

    You better have read the source and checked what phrases you need before
    disabling "CheckPB". Don't say I didn't warn you.

DIAGNOSTICS
    Firstly, if you want to see a copy of everything sent to and received
    from the appliance, then something like the following will probably do
    what you want:

     $s->input_log(*STDOUT);

    All errors returned from Net::Appliance::Session methods are Perl
    exceptions, meaning that in effect "die()" is called and you will need
    to use "eval {}". The rationale behind this is that you should have
    taken care to script interactive sessions robustly, and tested them
    thoroughly, so if a prompt is not returned or you supply incorrect
    parameters then it's an exceptional error.

    Recommended practice is to wrap your interactive session in an eval
    block like so:

     eval {
         $s->begin_privileged('password');
         print $s->cmd('show version');
         # and so on...
     };
     if ( UNIVERSAL::isa($@,'Net::Appliance::Session::Exception') ) {
         print $@->message, "\n";  # fault description from Net::Appliance::Session
         print $@->errmsg, "\n";   # message from Net::Telnet
         print $@->lastline, "\n"; # last line of output from your appliance
         # perform any other cleanup as necessary
     }
     $s->close;

    Exceptions belong to the "Net::Appliance::Session::Exception" class if
    they result from errors internal to Net::Telnet such as lack of returned
    prompts, command timeouts, and so on.

    Alternatively exceptions will belong to "Net::Appliance::Session::Error"
    if you have been silly (for example missed a method parameter or tried
    to enter configure mode without having first entered privileged mode).

    All exception objects are created from "Exception::Class" and so
    stringify correctly and support methods as described in the manual page
    for that module.

    "Net::Appliance::Session::Exception" exception objects have two
    additional methods (a.k.a. fields), "errmsg" and "lastline" which
    contain output from Net::Telnet diagnostics.

  Using a "Devel::REPL" shell
    This module supports an additional mode of failure which can be useful
    when debugging "Net::Appliance::Session" scripts. Instead of having an
    exception thrown as described above, you can be dropped into an
    interactive shell at the connected device, if possible, instead.

    A Devel::REPL shell is used, which means you also have the bonus of a
    full Perl environment from which you can execute Perl code, test network
    device commands, and save and load data from disk. Further information
    on how to use the shell and its features is given in the
    Devel::REPL::Plugin::NAS manual page.

    As well as installing the "Devel::REPL" and "Devel::REPL::Plugin::NAS"
    modules, you'll need to change the call to "new()" for this module, like
    so:

     my $s = Net::Appliance::Session->new(
         Host => 'hostname.example',
         REPL => 1,
     );

INTERNALS
    The guts of this module are pretty tricky, although I would also hope
    elegant, in parts ;-) In particular, the following "Net::Telnet" method
    has been overridden to modify behaviour:

  "fhopen"
    The killer feature in "Net::Telnet" is that it allows you to swap out
    the builtin I/O target from a standard TELNET connection, to another
    filehandle of your choice. However, it does so in a rather intrusive way
    to the poor object, so this method is overridden to safeguard our
    instance's private data.

DEPENDENCIES
    Other than the contents of the standard Perl distribution, you will need
    the following:

    *   Exception::Class

    *   Net::Telnet

    *   IO::Pty

    *   UNIVERSAL::require

    *   Class::Accessor >= 0.25

    *   Class::Accessor::Fast::Contained

    *   Net::Appliance::Phrasebook >= 1.2

    You can also make use of certain features by installing the following
    optional modules:

    *   Devel::REPL::Plugin::NAS

    *   Devel::REPL

    *   IO::Interactive

ACKNOWLEDGEMENTS
    Parts of this module are based on the work of Robin Stevens and Roger
    Treweek. The command spawning code was based on that in "Expect.pm" and
    is copyright Roland Giersig and/or Austin Schutz.

AUTHOR
    Oliver Gorwits <oliver@cpan.org>

COPYRIGHT AND LICENSE
    This software is copyright (c) 2011 by University of Oxford.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.