FIU AutoSec - Capstone Project

Summary of the Capstone Switch and Router Configuration Script

This Python script configures a Cisco switch through the serial console using the pyserial library. It automatically executes the following tasks:

Identifies the correct COM or USB serial port
Authenticates access to the switch console and applies VLAN, voice, Quality of Service (QoS), and port configurations.Configures the hostname, management IP address, and Message of the Day (MOTD) banner.
Saves the running configuration to NVRAM

🧷Auto Port Detection

Uses serial.tools.list_ports to locate the correct USB/serial COM port, so you don't have to manually guess between COM3, COM4, or /dev/ttyUSB0.

📦End-to-End Setup

Applies hostname, management IP, VLANs, port roles, trunking, MOTD, and finally saves the configuration—ready for a lab demo in one pass.

🎛️Voice & QoS Ready

Voice ports are assigned to VLAN 10 with mls qos trust cos, preparing the switch for VoIP phones and latency-sensitive traffic.

🔁Repeatable Labs

Reset and standardize multiple switches quickly for capstone showcases, classroom labs, or repeatable PoCs without retyping CLI commands.

🛡️Secure Defaults

Implements console and VTY protections, local user accounts, and encrypted secrets so devices aren't left with factory-default access.

📊Predictable Layout

Maps ports consistently to VOICE, USERS, SERVERS, and DEV_TEST VLANs with a trunk uplink and unused port shut down for clean lab topologies.

1. Prerequisites and Requirements

1.1 Hardware

Cisco switch (e.g., Catalyst 2950 or similar IOS switch)
USB-to-serial adapter (or native serial port)
Console cable from your PC to the switch console port
Switch powered on and showing a CLI prompt (e.g., Switch> or Switch#)

1.2 Software

Python 3.x installed
pyserial library installed

Install `pyserial`

pip install pyserial

2. Script Structure and Core Modules

The script relies on serial, serial.tools.list_ports, time, and re to automate the CLI over the console line.

Key Imports

import serial
import serial.tools.list_ports
import time
import re

Core Functions

detect_com_port(): Finds the first USB/serial adapter and prints [✓] Using detected port: COM3 (or similar).
send_and_confirm(ser, cmd, delay=0.4): Sends a command, waits for output, automatically presses Enter for [confirm] prompts and copy destination questions, and logs what was sent.
configure_switch(port): Opens the serial port, runs all configuration commands (VLANs, ports, QoS, trunk, MOTD), then saves the configuration.
main(): Calls detect_com_port(), runs configure_switch(), and wraps everything in a try/except with a friendly [ERROR] message and a "Press Enter to exit..." prompt.

Example: Error Handling Block

if __name__ == "__main__":
    try:
        main()
    except Exception as e:
        print(f"[ERROR] {e}")
    input("\nPress Enter to exit...")

3. Network Design Applied by the Script

3.1 Hostname & Management

Hostname: SW1

Management Interface (VLAN 1):

VLAN: VLAN 1
IP: 192.168.1.5
Mask: 255.255.255.0
Default gateway: 192.168.1.1

3.2 VLANs

VLAN 10 – VOICE
VLAN 20 – USERS
VLAN 30 – SERVERS
VLAN 40 – DEV_TEST

3.3 Port Assignments

Fa0/1–16 → VLAN 10 (VOICE) + voice VLAN + QoS trust
Fa0/17–30 → VLAN 20 (USERS)
Fa0/31–38 → VLAN 30 (SERVERS)
Fa0/39–46 → VLAN 40 (DEV_TEST)
Fa0/47 → Trunk to UniFi router (VLANs 1,10,20,30,40)
Fa0/48 → Disabled (UNUSED_PORT)

3.4 Demo Credentials (Lab Only)

enable secret: 123456789
Local admin user: username admin privilege 15 secret 123456789
Console password: 123456789
VTY password: 123456789

⚠️ Security Notice

These credentials are for lab and demonstration purposes only. Always change usernames, passwords, and secrets before using this script on any real network. Never commit real credentials or private keys to version control.

4. Running the Script

4.1 Connect Everything

Power on the switch.
Connect the USB-to-serial adapter to your PC.
Connect the console cable from the adapter to the switch's console port.

4.2 Verify Python & `pyserial`

python --version
pip show pyserial

4.3 Save the Script

Save your Python code as:

configure_switch.py

4.4 Execute from Terminal / Command Prompt

On Windows:

python configure_switch.py

On macOS / Linux (if python points to Python 2):

python3 configure_switch.py

4.5 Expected Output

You should see output similar to:

[✓] Using detected port: COM3

[*] Starting FIU Capstone VLAN + Voice configuration...

→ enable
→ configure terminal
...
   ↳ Confirmed [confirm] for: delete flash:vlan.dat
   ↳ Confirmed copy destination filename
...
[✓] Configuration completed successfully.

Network Summary:
 • VLAN 10 - Voice (Fa0/1–16)
 • VLAN 20 - Users (Fa0/17–30)
 • VLAN 30 - Servers (Fa0/31–38)
 • VLAN 40 - Dev-Test (Fa0/39–46)
 • Trunk Port Fa0/47 → UniFi Router
 • Admin Username: admin / Password: 123456789
 • Management IP: 192.168.1.5 / Gateway: 192.168.1.1

4.6 Optional: Verify on the Switch

Connect with PuTTY, Tera Term, or another terminal and run:

show vlan brief
show ip interface brief
show running-config

5. Customizing the Configuration

Adjust the commands list inside configure_switch() to match your exact FIU lab needs.

5.1 Change Hostname

"hostname SW1",

5.2 Management IP / Gateway

"ip default-gateway 192.168.1.1",
"interface vlan1",
"ip address 192.168.1.5 255.255.255.0",

5.3 VLANs and Port Ranges

Edit VLAN IDs, names, and interface ranges:

"vlan 20", "name USERS", "exit",
"interface range fa0/17 - 30",
"switchport access vlan 20",

5.4 Trunk Port and Allowed VLANs

"interface fa0/47",
"switchport trunk allowed vlan 1,10,20,30,40",

Best Practice

After any change to the commands list, re-run the script on a test switch first, then verify with show running-config before using it in class demos.

Back to Top & Overview