Set up NAPT in your network — 6-step guide
Get from zero to running Python automation against live devices in under 30 minutes.
~30 minutes · No prior automation experience required
Prerequisites & system requirements
Required on your automation host (Linux VM, Windows WSL2, or macOS):
Recommended host setup
Option A — Dedicated Linux VM
Ubuntu 22.04 LTS. Recommended for production.
Option B — Docker container
For lab / testing.
Option C — WSL2 on Windows
For engineers on Windows laptops.
Ready to put this step to work?
Install Python environment
Pick your operating system:
# Update package list and install Python 3.11 sudo apt update && sudo apt install -y python3.11 python3.11-venv python3-pip # Verify installation python3.11 --version # Expected: Python 3.11.x # Create a dedicated virtual environment for NAPT scripts mkdir ~/napt-automation && cd ~/napt-automation python3.11 -m venv .venv source .venv/bin/activate # Upgrade pip to latest pip install --upgrade pip
Then install NAPT core dependencies:
# Core networking automation libraries
pip install netmiko>=4.3.0 # Multi-vendor SSH library
pip install napalm>=4.1.0 # Multi-OS network abstraction
pip install nornir>=3.4.0 # Async parallel execution
pip install nornir-netmiko # Nornir + Netmiko integration
pip install textfsm ntc-templates # CLI output parsing
pip install pydantic>=2.5.0 # Data validation
pip install rich>=13.7.0 # Beautiful terminal output
pip install tenacity # Retry logic
pip install requests # HTTP/REST API calls
pip install pyyaml # YAML config files
# Verify: import all libraries
python -c "import netmiko, napalm, nornir, rich; print('✓ All libraries installed')"Ready to put this step to work?
Configure SSH access to network devices
This step ensures the automation host can reach and authenticate to devices.
3a — Enable SSH on your network devices
! Enable SSH v2 (required for netmiko) ip domain-name networkgig.local crypto key generate rsa modulus 2048 ip ssh version 2 ! Create automation user with privilege 15 username netops privilege 15 secret StrongPassword123! ! Allow SSH on VTY lines line vty 0 15 transport input ssh login local
3b — Test SSH from automation host
# Test SSH connectivity to your first device ssh netops@10.10.0.11 # If using key-based auth (recommended): ssh-keygen -t ed25519 -C "napt-automation" ssh-copy-id -i ~/.ssh/id_ed25519.pub netops@10.10.0.11
os.environ.get() for credentials.Ready to put this step to work?
Build your device inventory
NAPT scripts accept device inventory as CSV, YAML, or JSON. The minimum required fields are: hostname, host (IP), device_type.
hostname,host,device_type,username,password,port
core-rtr-01,10.10.0.11,cisco_xr,netops,${SSH_PASS},22
core-rtr-02,10.10.0.12,cisco_xr,netops,${SSH_PASS},22
pe-rtr-01,10.20.0.11,cisco_ios,netops,${SSH_PASS},22
agg-sw-01,10.30.0.11,arista_eos,netops,${SSH_PASS},22
edge-fw-01,10.40.0.11,paloalto_panos,admin,${FW_PASS},22netmiko device_type values — quick reference
| Vendor | device_type value |
|---|---|
| Cisco IOS | cisco_ios |
| Cisco IOS-XE | cisco_xe |
| Cisco IOS-XR | cisco_xr |
| Cisco NX-OS | cisco_nxos |
| Juniper JunOS | juniper_junos |
| Arista EOS | arista_eos |
| Nokia SR-OS | nokia_sros |
| Palo Alto PAN-OS | paloalto_panos |
| Fortinet FortiOS | fortinet |
| HP/Aruba ProCurve | hp_procurve |
| SONiC | linux (SSH to bash) |
Store credentials as environment variables
# In ~/.bashrc or a .env file (never commit passwords to git!) export SSH_PASS="your-device-password" export FW_PASS="your-firewall-password" export ANTHROPIC_API_KEY="sk-ant-your-key" # for AI decode features # Load them in your script: source ~/.bashrc # or use python-dotenv: pip install python-dotenv
Ready to put this step to work?
Download & run your first script
5a — Get your script from NAPT
bgp_fault.py.5b — Run in dry-run mode first (ALWAYS)
cd ~/napt-automation source .venv/bin/activate # Dry run: validates script and inventory, NO device connection python bgp_fault.py --inventory devices.csv --dry-run # Expected output: # [✓] Inventory validated: 8 devices # [✓] Parameters validated # [✓] Dry-run complete — no devices were contacted
5c — Run against staging / lab devices
# Run against only lab devices (filter by site column) python bgp_fault.py \ --inventory devices.csv \ --filter "site=LAB" \ --flap-threshold 60 \ --verbose
5d — Run full production
# Production run with webhook alerting python bgp_fault.py \ --inventory devices.csv \ --flap-threshold 60 \ --prefix-drift 10 \ --webhook https://hooks.slack.com/services/YOUR/WEBHOOK/URL
Watch the automation happen
Real Python. Real output. Zero configuration.
Ready to put this step to work?
Automate with cron / CI/CD
Run NAPT scripts on a schedule for continuous network health monitoring.
Linux cron
# Edit crontab crontab -e # Add these entries: # BGP health check every 15 minutes */15 * * * * cd /home/netops/napt-automation && source .venv/bin/activate && python bgp_fault.py --inventory devices.csv >> /var/log/napt/bgp.log 2>&1 # Full compliance audit every night at 2am 0 2 * * * cd /home/netops/napt-automation && source .venv/bin/activate && python compliance_auditor.py --inventory devices.csv --report-dir /var/reports/ # Config backup every hour 0 * * * * cd /home/netops/napt-automation && source .venv/bin/activate && python config_backup.py --inventory devices.csv --output /var/backups/configs/
GitHub Actions CI/CD
# .github/workflows/network-audit.yml
name: Network Health Audit
on:
schedule:
- cron: '0 */4 * * *' # Every 4 hours
workflow_dispatch: # Manual trigger
jobs:
bgp-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install NAPT dependencies
run: pip install netmiko napalm rich tenacity textfsm
- name: Run BGP fault analysis
env:
SSH_PASS: ${{ secrets.SSH_PASS }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
run: |
python bgp_fault.py \
--inventory inventory/devices.csv \
--webhook $SLACK_WEBHOOKReady to put this step to work?
You're set up! What's next?
Take NAPT further — connect your AI assistant, automate deploys, or browse the full catalog.