[Day #95 PyATS Series] Automate Cable Matrix Validation (LLDP/CDP Topology) using pyATS for Cisco [Python for Network Engineer]
Table of Contents
Introduction on the Key Points
In modern multi-vendor network environments, keeping track of physical connectivity and validating the cable matrix is critical for network health, troubleshooting, and avoiding misconfigurations. Manual cable documentation is error-prone and doesn’t scale well in large deployments. Today’s deep-dive focuses on automating cable matrix validation using pyATS, leveraging LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) across Cisco, Arista, Palo Alto, and FortiGate devices.
Using Python for Network Engineer, l will build production-ready automation frameworks that execute consistent LLDP/CDP data gathering, analyze inter-device topology maps, and validate the physical and logical cable connections. We’ll demonstrate a real-world, step-by-step validation framework that integrates CLI and GUI data sources, provides structured results, and simplifies troubleshooting.
Topology Overview
Lab Topology Diagram:

- Cisco Switch 1 – Acts as LLDP/CDP capable device with various downstream devices.
- Arista Switch – Provides LLDP topology data.
- Palo Alto Firewall – LLDP data available via API.
- FortiGate Firewall – LLDP/CDP data accessible via CLI.
We’re validating physical interconnections and neighbor relationships across devices.
Topology & Communications
- LLDP/CDP data is collected via CLI commands for Cisco and Arista switches.
- Palo Alto and FortiGate require API calls or CLI access to extract topology information.
- Data is normalized into a structured Python dictionary.
- Validation is performed by comparing the discovered topology against a predefined golden cable matrix YAML file.
All communications are secured via SSH or API authentication, and structured YAML-based testbeds are used.
Workflow Script
Project Structure:
/pyats-cable-matrix-validation/ │ ├── testbed.yml ├── cable_matrix.yml ├── validate_cable_matrix.py ├── logs/ └── reports/
Sample Workflow Script (validate_cable_matrix.py
):
from genie.testbed import load from pyats.topology import loader import yaml import logging logger = logging.getLogger('CableMatrixValidator') def load_golden_matrix(file_path): with open(file_path) as f: return yaml.safe_load(f) def collect_lldp_cdp_data(device): try: device.connect() output = device.parse('show lldp neighbors detail') return output except Exception as e: logger.error(f"Error collecting data from {device.name}: {e}") return None finally: device.disconnect() def validate_matrix(golden_matrix, collected_data): results = [] for device_name, neighbors in golden_matrix.items(): actual_neighbors = collected_data.get(device_name, {}).get('neighbors', []) missing = set(neighbors) - set(actual_neighbors) extra = set(actual_neighbors) - set(neighbors) results.append({ 'device': device_name, 'missing': list(missing), 'extra': list(extra) }) return results def main(): testbed = load('testbed.yml') golden_matrix = load_golden_matrix('cable_matrix.yml') collected_data = {} for device_name, device in testbed.devices.items(): logger.info(f"Collecting LLDP/CDP from {device_name}") output = collect_lldp_cdp_data(device) neighbors = [n['neighbor'] for n in output.get('lldp', {}).get('neighbors', [])] collected_data[device_name] = {'neighbors': neighbors} results = validate_matrix(golden_matrix, collected_data) with open('reports/cable_validation_report.yaml', 'w') as f: yaml.dump(results, f) print("Cable matrix validation completed. Check reports/cable_validation_report.yaml") if __name__ == '__main__': main()
Explanation by Line
- Import Modules: We import
pyats
,genie
, andyaml
for testbed handling and data processing. - Load Golden Matrix: We load a predefined expected LLDP/CDP matrix in YAML format.
- collect_lldp_cdp_data(): Connects to the device, executes
show lldp neighbors detail
(or CDP equivalent), and parses the output using Genie parser. - validate_matrix(): Compares the collected neighbor data against the golden matrix and flags missing or extra links.
- main(): Iterates through all devices defined in the testbed, collects LLDP/CDP neighbor data, validates it, and writes a structured YAML report.
testbed.yml Example
testbed: name: cable_validation_testbed devices: cisco1: os: ios type: switch connections: cli: protocol: ssh ip: 10.0.0.1 credentials: default: username: admin password: cisco123 arista1: os: eos type: switch connections: cli: protocol: ssh ip: 10.0.0.2 credentials: default: username: admin password: arista123 paloalto1: os: panos type: firewall connections: cli: protocol: ssh ip: 10.0.0.3 credentials: default: username: admin password: palo123 fortigate1: os: fortios type: firewall connections: cli: protocol: ssh ip: 10.0.0.4 credentials: default: username: admin password: forti123
Post-validation CLI (Real Expected Output)
pyats validate_cable_matrix.py INFO: Collecting LLDP/CDP from cisco1 INFO: Collecting LLDP/CDP from arista1 INFO: Collecting LLDP/CDP from paloalto1 INFO: Collecting LLDP/CDP from fortigate1 INFO: Cable matrix validation completed. cat reports/cable_validation_report.yaml - device: cisco1 missing: [] extra: ['arista1'] - device: arista1 missing: [] extra: [] - device: paloalto1 missing: ['fortigate1'] extra: [] - device: fortigate1 missing: [] extra: []
FAQs
Q1: What exactly is a cable matrix, and why is it critical in network validation?
A1: A cable matrix maps physical and logical connections between devices using LLDP/CDP neighbor discovery. It is critical because misconnected cables or misconfigured ports can cause loops, downtime, or misrouted traffic. Automating this ensures real-time topology consistency checks without manual CLI verification.
Q2: How does pyATS detect LLDP/CDP neighbors across multi-vendor devices?
A2: pyATS uses device-specific parsers in the Genie library. For Cisco devices, it parses show cdp neighbors detail
. For Arista, EOS LLDP is used (show lldp neighbors
). pyATS abstracts differences, so the same plugin can validate multi-vendor links, generating a unified cable matrix.
Q3: Can the automation detect miswires or unconnected ports?
A3: Yes. The script cross-checks expected connections vs. discovered neighbors. Ports with no LLDP/CDP neighbor, or neighbors not matching the expected device/port, are flagged. This allows teams to catch physical wiring errors before production impact.
Q4: How is multi-vendor support implemented in a single pyATS workflow?
A4: Using a plugin-based approach, each device type has a parser adapter. For example:
Cisco IOS → show cdp neighbors detail Arista EOS → show lldp neighbors FortiGate → get system interface lldp
The plugin normalizes outputs into a common JSON format, which is then merged to generate the cable matrix.
Q5: Can this workflow visualize the topology?
A5: Absolutely. pyATS output JSON can be fed into Graphviz, NetworkX, or Plotly to render a graphical cable matrix. This allows engineers to see the full network fabric at a glance, making it easier to identify misconfigurations.
Q6: How often should cable matrix validation be automated?
A6: Recommended schedules:
- Daily/weekly: Detect unplanned changes or outages.
- After maintenance windows: Validate new devices, re-cabling, or firmware upgrades.
- Before production deployment: Ensure new additions match intended design.
Q7: What’s the benefit of combining LLDP/CDP validation with configuration compliance?
A7: LLDP/CDP validates physical connectivity, while configuration compliance ensures logical correctness (VLANs, IPs, ACLs). Together, they provide a complete health check of the network fabric, reducing troubleshooting time and downtime risk.
Q8: Can this workflow integrate with reporting or CI/CD pipelines?
A8: Yes. Once the cable matrix is generated:
- Export as JSON, CSV, Markdown, or PDF for management reports.
- Push to GitHub or GitLab for version-controlled topology snapshots.
- Trigger alerts via Slack, email, or other channels for any discrepancies.
This makes the workflow fully automated, auditable, and production-ready.
YouTube Link
Watch the Complete Python for Network Engineer: Automate Cable Matrix Validation (LLDP/CDP Topology) using pyATS for Cisco [Python for Network Engineer] Lab Demo & Explanation on our channel:
Join Our Training
If you’re a network engineer aiming to modernize your skillset with real-world automation frameworks using Python for Network Engineer, this is your golden opportunity. Trainer Sagar Dhawan is conducting a 3-month hands-on instructor-led training program focused on Python, Ansible, and APIs for multi-vendor networks. Learn how to automate, validate, and troubleshoot complex network infrastructures in production environments.
Join Now – Python + Ansible + API for Network Engineers
Master automation. Empower your career.
Enroll Now & Future‑Proof Your Career
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088