[Day #95 PyATS Series] Automate Cable Matrix Validation (LLDP/CDP Topology) using pyATS for Cisco [Python for Network Engineer]

Introduction on the Key Points

In modern multi-vendor network environments, keeping track of physical connectivity and validating the cable matrix is critical for network health, troubleshooting, and avoiding misconfigurations. Manual cable documentation is error-prone and doesn’t scale well in large deployments. Today’s deep-dive focuses on automating cable matrix validation using pyATS, leveraging LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) across Cisco, Arista, Palo Alto, and FortiGate devices.

Using Python for Network Engineer, l will build production-ready automation frameworks that execute consistent LLDP/CDP data gathering, analyze inter-device topology maps, and validate the physical and logical cable connections. We’ll demonstrate a real-world, step-by-step validation framework that integrates CLI and GUI data sources, provides structured results, and simplifies troubleshooting.

Topology Overview

Lab Topology Diagram:

• Cisco Switch 1 – Acts as LLDP/CDP capable device with various downstream devices.
• Arista Switch – Provides LLDP topology data.
• Palo Alto Firewall – LLDP data available via API.
• FortiGate Firewall – LLDP/CDP data accessible via CLI.

We’re validating physical interconnections and neighbor relationships across devices.

Topology & Communications

• LLDP/CDP data is collected via CLI commands for Cisco and Arista switches.
• Palo Alto and FortiGate require API calls or CLI access to extract topology information.
• Data is normalized into a structured Python dictionary.
• Validation is performed by comparing the discovered topology against a predefined golden cable matrix YAML file.

All communications are secured via SSH or API authentication, and structured YAML-based testbeds are used.

Workflow Script

Project Structure:

/pyats-cable-matrix-validation/
│
├── testbed.yml
├── cable_matrix.yml
├── validate_cable_matrix.py
├── logs/
└── reports/

Sample Workflow Script (validate_cable_matrix.py):

from genie.testbed import load
from pyats.topology import loader
import yaml
import logging

logger = logging.getLogger('CableMatrixValidator')

def load_golden_matrix(file_path):
    with open(file_path) as f:
        return yaml.safe_load(f)

def collect_lldp_cdp_data(device):
    try:
        device.connect()
        output = device.parse('show lldp neighbors detail')
        return output
    except Exception as e:
        logger.error(f"Error collecting data from {device.name}: {e}")
        return None
    finally:
        device.disconnect()

def validate_matrix(golden_matrix, collected_data):
    results = []
    for device_name, neighbors in golden_matrix.items():
        actual_neighbors = collected_data.get(device_name, {}).get('neighbors', [])
        missing = set(neighbors) - set(actual_neighbors)
        extra = set(actual_neighbors) - set(neighbors)
        results.append({
            'device': device_name,
            'missing': list(missing),
            'extra': list(extra)
        })
    return results

def main():
    testbed = load('testbed.yml')
    golden_matrix = load_golden_matrix('cable_matrix.yml')

    collected_data = {}
    for device_name, device in testbed.devices.items():
        logger.info(f"Collecting LLDP/CDP from {device_name}")
        output = collect_lldp_cdp_data(device)
        neighbors = [n['neighbor'] for n in output.get('lldp', {}).get('neighbors', [])]
        collected_data[device_name] = {'neighbors': neighbors}

    results = validate_matrix(golden_matrix, collected_data)

    with open('reports/cable_validation_report.yaml', 'w') as f:
        yaml.dump(results, f)

    print("Cable matrix validation completed. Check reports/cable_validation_report.yaml")

if __name__ == '__main__':
    main()

Explanation by Line

• Import Modules: We import pyats, genie, and yaml for testbed handling and data processing.
• Load Golden Matrix: We load a predefined expected LLDP/CDP matrix in YAML format.
• collect_lldp_cdp_data(): Connects to the device, executes show lldp neighbors detail (or CDP equivalent), and parses the output using Genie parser.
• validate_matrix(): Compares the collected neighbor data against the golden matrix and flags missing or extra links.
• main(): Iterates through all devices defined in the testbed, collects LLDP/CDP neighbor data, validates it, and writes a structured YAML report.

testbed.yml Example

testbed:
  name: cable_validation_testbed
  devices:
    cisco1:
      os: ios
      type: switch
      connections:
        cli:
          protocol: ssh
          ip: 10.0.0.1
      credentials:
        default:
          username: admin
          password: cisco123
    arista1:
      os: eos
      type: switch
      connections:
        cli:
          protocol: ssh
          ip: 10.0.0.2
      credentials:
        default:
          username: admin
          password: arista123
    paloalto1:
      os: panos
      type: firewall
      connections:
        cli:
          protocol: ssh
          ip: 10.0.0.3
      credentials:
        default:
          username: admin
          password: palo123
    fortigate1:
      os: fortios
      type: firewall
      connections:
        cli:
          protocol: ssh
          ip: 10.0.0.4
      credentials:
        default:
          username: admin
          password: forti123

Post-validation CLI (Real Expected Output)

pyats validate_cable_matrix.py

INFO: Collecting LLDP/CDP from cisco1
INFO: Collecting LLDP/CDP from arista1
INFO: Collecting LLDP/CDP from paloalto1
INFO: Collecting LLDP/CDP from fortigate1
INFO: Cable matrix validation completed.

cat reports/cable_validation_report.yaml

- device: cisco1
  missing: []
  extra: ['arista1']
- device: arista1
  missing: []
  extra: []
- device: paloalto1
  missing: ['fortigate1']
  extra: []
- device: fortigate1
  missing: []
  extra: []

FAQs

Q1: What exactly is a cable matrix, and why is it critical in network validation?
A1: A cable matrix maps physical and logical connections between devices using LLDP/CDP neighbor discovery. It is critical because misconnected cables or misconfigured ports can cause loops, downtime, or misrouted traffic. Automating this ensures real-time topology consistency checks without manual CLI verification.

Q2: How does pyATS detect LLDP/CDP neighbors across multi-vendor devices?
A2: pyATS uses device-specific parsers in the Genie library. For Cisco devices, it parses show cdp neighbors detail. For Arista, EOS LLDP is used (show lldp neighbors). pyATS abstracts differences, so the same plugin can validate multi-vendor links, generating a unified cable matrix.

Q3: Can the automation detect miswires or unconnected ports?
A3: Yes. The script cross-checks expected connections vs. discovered neighbors. Ports with no LLDP/CDP neighbor, or neighbors not matching the expected device/port, are flagged. This allows teams to catch physical wiring errors before production impact.

Q4: How is multi-vendor support implemented in a single pyATS workflow?
A4: Using a plugin-based approach, each device type has a parser adapter. For example:

Cisco IOS → show cdp neighbors detail  
Arista EOS → show lldp neighbors  
FortiGate → get system interface lldp  

The plugin normalizes outputs into a common JSON format, which is then merged to generate the cable matrix.

Q5: Can this workflow visualize the topology?
A5: Absolutely. pyATS output JSON can be fed into Graphviz, NetworkX, or Plotly to render a graphical cable matrix. This allows engineers to see the full network fabric at a glance, making it easier to identify misconfigurations.

Q6: How often should cable matrix validation be automated?
A6: Recommended schedules:

• Daily/weekly: Detect unplanned changes or outages.
• After maintenance windows: Validate new devices, re-cabling, or firmware upgrades.
• Before production deployment: Ensure new additions match intended design.

Q7: What’s the benefit of combining LLDP/CDP validation with configuration compliance?
A7: LLDP/CDP validates physical connectivity, while configuration compliance ensures logical correctness (VLANs, IPs, ACLs). Together, they provide a complete health check of the network fabric, reducing troubleshooting time and downtime risk.

Q8: Can this workflow integrate with reporting or CI/CD pipelines?
A8: Yes. Once the cable matrix is generated:

• Export as JSON, CSV, Markdown, or PDF for management reports.
• Push to GitHub or GitLab for version-controlled topology snapshots.
• Trigger alerts via Slack, email, or other channels for any discrepancies.

This makes the workflow fully automated, auditable, and production-ready.

YouTube Link

Watch the Complete Python for Network Engineer: Automate Cable Matrix Validation (LLDP/CDP Topology) using pyATS for Cisco [Python for Network Engineer] Lab Demo & Explanation on our channel:

Join Our Training

If you’re a network engineer aiming to modernize your skillset with real-world automation frameworks using Python for Network Engineer, this is your golden opportunity. Trainer Sagar Dhawan is conducting a 3-month hands-on instructor-led training program focused on Python, Ansible, and APIs for multi-vendor networks. Learn how to automate, validate, and troubleshoot complex network infrastructures in production environments.

Join Now – Python + Ansible + API for Network Engineers

Master automation. Empower your career.

Enroll Now & Future‑Proof Your Career
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088