From ak at ilk.net Fri Dec 1 15:26:18 2006 From: ak at ilk.net (Alexander Koch) Date: Fri, 1 Dec 2006 16:26:18 +0100 Subject: [rancid] Fortinet Fortigate - fgtrancid? Message-ID: <20061201152618.GE8489@ilk.net> Hello, I'am trying to get rancid working with Fortinets Fortigates. Is anyone already working on this? Regards, Alex -- Alexander Koch, mailto: ak at ilk.net ILK Internet GmbH, Akademiestrasse 25 - 27, D-76133 Karlsruhe Tel: +49 (0) 721 9100 0, Fax: +49 (0) 721 9100 191 http://www.ilk.net From helmwork at ruraltel.net Mon Dec 4 16:52:10 2006 From: helmwork at ruraltel.net (Eric Helm) Date: Mon, 04 Dec 2006 10:52:10 -0600 Subject: [rancid] Enable requires username and password Message-ID: <4574523A.8060807@ruraltel.net> I'm having problems with a device that requires a Username and Password for enable access. I've tried 'add enableprompt' and 'add enauser' to my .cloginrc file. However, when I test with rancid-run, it attempts to use only an enable password, but not a username/password. Anyone have an example I can reference, or an idea of what I'm doing wrong? I've got something like this in my .cloginrc file: add enableprompt fbi4000-turin.vic* {"User Name:"} add enauser fbi4000-turin.vic* ranciduser add user fbi4000-turin.vic* ranciduser add userpassword fbi4000-turin.vic* {userpass} add method fbi4000-turin* telnet add user fbi4000-turin* ranciduser add password fbi4000-turin* {userpass} {enablepass} Access to the fbi4000-turin* works OK, but its not using user auth for enable access. The fbi4000-turin.vic* are the devices having issues. Thanks, Eric From heas at shrubbery.net Mon Dec 4 16:52:31 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 4 Dec 2006 08:52:31 -0800 Subject: [rancid] Re: Enable requires username and password In-Reply-To: <4574523A.8060807@ruraltel.net> References: <4574523A.8060807@ruraltel.net> Message-ID: <20061204165231.GD22126@shrubbery.net> Mon, Dec 04, 2006 at 10:52:10AM -0600, Eric Helm: > I'm having problems with a device that requires a Username and Password > for enable access. I've tried 'add enableprompt' and 'add enauser' to my > .cloginrc file. However, when I test with rancid-run, it attempts to use > only an enable password, but not a username/password. Anyone have an > example I can reference, or an idea of what I'm doing wrong? > > I've got something like this in my .cloginrc file: > add enableprompt fbi4000-turin.vic* {"User Name:"} > add enauser fbi4000-turin.vic* ranciduser > add user fbi4000-turin.vic* ranciduser > add userpassword fbi4000-turin.vic* {userpass} > add method fbi4000-turin* telnet > add user fbi4000-turin* ranciduser > add password fbi4000-turin* {userpass} {enablepass} > > Access to the fbi4000-turin* works OK, but its not using user auth for > enable access. The fbi4000-turin.vic* are the devices having issues. Foundry's have this bug. See flogin. From helmwork at ruraltel.net Mon Dec 4 17:30:20 2006 From: helmwork at ruraltel.net (Eric Helm) Date: Mon, 04 Dec 2006 11:30:20 -0600 Subject: [rancid] Re: Enable requires username and password In-Reply-To: <20061204165231.GD22126@shrubbery.net> References: <4574523A.8060807@ruraltel.net> <20061204165231.GD22126@shrubbery.net> Message-ID: <45745B2C.5000102@ruraltel.net> john heasley wrote: > Mon, Dec 04, 2006 at 10:52:10AM -0600, Eric Helm: >> I'm having problems with a device that requires a Username and Password >> for enable access. I've tried 'add enableprompt' and 'add enauser' to my >> .cloginrc file. However, when I test with rancid-run, it attempts to use >> only an enable password, but not a username/password. Anyone have an >> example I can reference, or an idea of what I'm doing wrong? >> >> I've got something like this in my .cloginrc file: >> add enableprompt fbi4000-turin.vic* {"User Name:"} >> add enauser fbi4000-turin.vic* ranciduser >> add user fbi4000-turin.vic* ranciduser >> add userpassword fbi4000-turin.vic* {userpass} >> add method fbi4000-turin* telnet >> add user fbi4000-turin* ranciduser >> add password fbi4000-turin* {userpass} {enablepass} >> >> Access to the fbi4000-turin* works OK, but its not using user auth for >> enable access. The fbi4000-turin.vic* are the devices having issues. > > Foundry's have this bug. See flogin. > How could I force a few of a bunch of Foundry's to use a user/login for the enable? /Eric From heas at shrubbery.net Mon Dec 4 19:51:07 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 4 Dec 2006 11:51:07 -0800 Subject: [rancid] Re: Enable requires username and password In-Reply-To: <45745B2C.5000102@ruraltel.net> References: <4574523A.8060807@ruraltel.net> <20061204165231.GD22126@shrubbery.net> <45745B2C.5000102@ruraltel.net> Message-ID: <20061204195107.GG21782@shrubbery.net> Mon, Dec 04, 2006 at 11:30:20AM -0600, Eric Helm: > >> add enauser fbi4000-turin.vic* ranciduser add userprompt these two affect matching & value for an enable username. > > How could I force a few of a bunch of Foundry's to use a user/login for > the enable? > > /Eric From Atle.Ostbo at tdcsong.no Tue Dec 5 12:58:15 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Tue, 5 Dec 2006 13:58:15 +0100 Subject: [rancid] Possible to use different .cloginrc fie for groups ? Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F348D@NO-SVG1EX01.nordiclan.net> Hi I want to split the differents types of routeres souch as cisco, cat5 in different group. There is also different passwords for logging in to this also. Is it possible to have different .cloginrc password files for each group? Med vennlig hilsen/Best regards Atle ?stb? Network Services TDC Song AS Prof.O.Hanssensvei 7 Postboks 8034 N-4068 Stavanger Tlf/Phone: +47 51 20 26 51 Mobil/Mobile: +47 40 000 651 Faks/Fax +47 51 20 26 01 E-post/E-mail: atle.ostbo at tdcsong.no Web: tdcsong.no -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061205/d81b7963/attachment.html From heas at shrubbery.net Tue Dec 5 17:09:10 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 5 Dec 2006 09:09:10 -0800 Subject: [rancid] Re: Possible to use different .cloginrc fie for groups ? In-Reply-To: <357EEDAD7111AE46916A5D882E361E5F3F348D@NO-SVG1EX01.nordiclan.net> References: <357EEDAD7111AE46916A5D882E361E5F3F348D@NO-SVG1EX01.nordiclan.net> Message-ID: <20061205170910.GD9440@shrubbery.net> Tue, Dec 05, 2006 at 01:58:15PM +0100, Atle ?stb?: > Hi > > I want to split the differents types of routeres souch as cisco, cat5 in different group. There is also different passwords for logging in to this also. > > Is it possible to have different .cloginrc password files for each group? if you use rancid 2.3.2.a6, you can set CLOGINRC in your enviroment to affect the login scripts. Then from cron CLOGINRC=foo;export CLOGINRC;rancid-run groupA CLOGINRC=bar;export CLOGINRC;rancid-run groupB From john at hypergeek.net Tue Dec 5 20:42:56 2006 From: john at hypergeek.net (John A. Kilpatrick) Date: Tue, 5 Dec 2006 12:42:56 -0800 (PST) Subject: [rancid] Netscaler Support Message-ID: <20061205124123.G3404@iama.hypergeek.net> Just out of curiosity has anyone got rancid working with version 6.1 or later of the Netscaler software? I'm having a similar problem to others in that it just hangs - not seeing the prompt it wants I guess. I'm wondering what previous versions of the software were like - if it dumped you into the FreeBSD shell (and that's what rancid is looking for) then sending the command "shell" after login would fix that. But if anyone has any other ideas I'd love to hear them. Thanks, John -- John A. Kilpatrick john at hypergeek.net Email| http://www.hypergeek.net/ john-page at hypergeek.net Text pages| ICQ: 19147504 remember: no obstacles/only challenges From Atle.Ostbo at tdcsong.no Wed Dec 6 07:26:10 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Wed, 6 Dec 2006 08:26:10 +0100 Subject: [rancid] Re: Possible to use different .cloginrc fie for groups ? In-Reply-To: <20061205170910.GD9440@shrubbery.net> Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F348F@NO-SVG1EX01.nordiclan.net> Hi, thats great. Thank you for the answer. ------------------------------------------------ Best regards Atle ?stb? Network Services > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 5. desember 2006 18:09 > To: Atle ?stb? > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Possible to use different .cloginrc fie > for groups ? > > Tue, Dec 05, 2006 at 01:58:15PM +0100, Atle ?stb?: > > Hi > > > > I want to split the differents types of routeres souch as > cisco, cat5 in different group. There is also different > passwords for logging in to this also. > > > > Is it possible to have different .cloginrc password files > for each group? > > if you use rancid 2.3.2.a6, you can set CLOGINRC in your > enviroment to affect the login scripts. Then from cron > CLOGINRC=foo;export CLOGINRC;rancid-run groupA > CLOGINRC=bar;export CLOGINRC;rancid-run groupB > From Atle.Ostbo at tdcsong.no Wed Dec 6 12:26:17 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Wed, 6 Dec 2006 13:26:17 +0100 Subject: [rancid] Re: Possible to use different .cloginrc fie for groups ? In-Reply-To: <357EEDAD7111AE46916A5D882E361E5F3F348F@NO-SVG1EX01.nordiclan.net> Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F3492@NO-SVG1EX01.nordiclan.net> Hi I have change the home dir to be /home/marvin I don't want to have other files then config files in the rancid config dir. The config files are stored in the /usr/local/rancid/var/cisco/configs I think the rsync will work - the marvin user have read permission to the files. ------------------------------------------------ Med vennlig hilsen/Best regards Atle ?stb? Network Services > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Atle ?stb? > Sent: 6. desember 2006 08:26 > To: john heasley > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Possible to use different .cloginrc fie > for groups ? > Importance: Low > > Hi, thats great. > > Thank you for the answer. > > > > ------------------------------------------------ > > Best regards > > > Atle ?stb? > Network Services > > > > > -----Original Message----- > > From: john heasley [mailto:heas at shrubbery.net] > > Sent: 5. desember 2006 18:09 > > To: Atle ?stb? > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Possible to use different .cloginrc fie for > > groups ? > > > > Tue, Dec 05, 2006 at 01:58:15PM +0100, Atle ?stb?: > > > Hi > > > > > > I want to split the differents types of routeres souch as > > cisco, cat5 in different group. There is also different > passwords for > > logging in to this also. > > > > > > Is it possible to have different .cloginrc password files > > for each group? > > > > if you use rancid 2.3.2.a6, you can set CLOGINRC in your > enviroment to > > affect the login scripts. Then from cron > > CLOGINRC=foo;export CLOGINRC;rancid-run groupA > > CLOGINRC=bar;export CLOGINRC;rancid-run groupB > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Atle.Ostbo at tdcsong.no Wed Dec 6 12:27:13 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Wed, 6 Dec 2006 13:27:13 +0100 Subject: [rancid] Recall: Re: Possible to use different .cloginrc fie for groups ? Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F3494@NO-SVG1EX01.nordiclan.net> Atle ?stb? would like to recall the message, "[rancid] Re: Possible to use different .cloginrc fie for groups ?". From adudek16 at gmail.com Wed Dec 6 21:00:02 2006 From: adudek16 at gmail.com (A Dude) Date: Wed, 6 Dec 2006 16:00:02 -0500 Subject: [rancid] clogin enable and password option behavior Message-ID: <96ba9bee0612061300m7b95df46yba9eb691ba818c02@mail.gmail.com> Is there some reason that I cannot specify both a password and enable when using clogin? My idea is to use a web page to pass the username, password, and enable to clogin and collect the data from the commands, primarily to automate getting show tech and show log info. Everything works if I remove either the enable or the password option. Is this the expected behavior? [adudek16 at redbaron ~]$ clogin -u test -e twctest -p testing -x rantest 10.82.88.11 10.82.88.11 can't read "passwd": no such variable while executing "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype" ("foreach" body line 111) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/usr/sbin/clogin" line 616) [adudek16 at redbaron ~]$ [adudek16 at redbaron ~]$ clogin -u adudek16 -e twctest -x rantest 10.82.88.11 10.82.88.11 spawn telnet 10.82.88.11 Trying 10.82.88.11... Connected to testing.msdp.net. Escape character is '^]'. User Access Verification Username: Kerberos: No default realm defined for Kerberos! adudek Password: twc-test>enable Password: twc-test# [-snip-] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061206/00457ae7/attachment.html From heas at shrubbery.net Wed Dec 6 21:16:22 2006 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Dec 2006 13:16:22 -0800 Subject: [rancid] Re: clogin enable and password option behavior In-Reply-To: <20061206211538.AC1D611CE2F@ni.shrubbery.net> <96ba9bee0612061300m7b95df46yba9eb691ba818c02@mail.gmail.com> References: <20061206211538.AC1D611CE2F@ni.shrubbery.net> <96ba9bee0612061300m7b95df46yba9eb691ba818c02@mail.gmail.com> Message-ID: <20061206211622.GT29055@shrubbery.net> Wed, Dec 06, 2006 at 04:00:02PM -0500, A Dude: > Is there some reason that I cannot specify both a password and enable when > using clogin? > My idea is to use a web page to pass the username, password, and enable to > clogin and collect the data from the commands, primarily to automate getting > show tech and show log info. > Everything works if I remove either the enable or the password option. Is > this the expected behavior? > > [adudek16 at redbaron ~]$ clogin -u test -e twctest -p testing -x rantest > 10.82.88.11 > 10.82.88.11 > can't read "passwd": no such variable > while executing > "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype" > ("foreach" body line 111) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoena..." > (file "/usr/sbin/clogin" line 616) A bug; please try this patch. Index: clogin.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/clogin.in,v retrieving revision 1.106 diff -d -u -r1.106 clogin.in --- clogin.in 6 Dec 2006 02:12:31 -0000 1.106 +++ clogin.in 6 Dec 2006 21:15:30 -0000 @@ -754,6 +754,9 @@ } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] + } else { + set passwd $userpasswd + set enapasswd $enapasswd } # Figure out username From Atle.Ostbo at tdcsong.no Thu Dec 7 10:54:10 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Thu, 7 Dec 2006 11:54:10 +0100 Subject: [rancid] "svn warning - is already under version control" message while running the rancid-run -r Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F3497@NO-SVG1EX01.nordiclan.net> Hi I have try to use rancid to take care of the configuration changes for our routers. I export an node list from our HP OpenView NNM and build an list of over 5000 cisco routers. The rancid starting: Tue Dec 5 23:00:01 CET 2006 - and was finish: ending: Thu Dec 7 05:22:23 CET 2006 It's take a long time to build the svn repository - it use nearly 24 hours to do that. I don't know why this take so longe time. Example of message for each router: property 'svn:ignore' set on '.' /usr/local/rancid/dead.letter... Saved message in /usr/local/rancid/dead.letter A 1880-sijgjgls_gjovik_30019266.cpe.no.sn.net Adding 1880-sijgjgls_gjovik_30019266.cpe.no.sn.net Transmitting file data . Committed revision 400. Added 1880-sijgjgls_gjovik_30019266.cpe.no.sn.net ... .... ... and the end of the log file is the following message: svn: Commit failed (details follow): svn: Out of date: '/cisco' in transaction '46y' Sending . /usr/local/rancid/dead.letter... Saved message in /usr/local/rancid/dead.letter ending: Thu Dec 7 05:22:23 CET 2006 ~ - - - I have set up swatch to se after syslog messages from our routers, when there come an message about configuration changes the rancid-run -r start up, in this case there is a strange problem - when rancid-run -r start the rancid start to add all the routers in the router.db file again to the svn repository.... - se the log file: starting: Thu Dec 7 10:46:12 CET 2006 /usr/local/rancid/dead.letter... Saved message in /usr/local/rancid/dead.letter svn: warning: 1880-sijgjgls_gjovik_30019266.cpe.no.sn.net' is already under version control Added 1880-sijgjgls_gjovik_30019266.cpe.no.sn.net And now it have done that in the last hour - and the time now is: Thu Dec 7 11:51:15 CET 2006 and it's not finish yes ;-( --------------------------------------- Is there any way to perform the rancid to get config from one router without check in all of them, only get the new config from the -r ? Med vennlig hilsen/Best regards Atle ?stb? Network Services TDC Song AS Prof.O.Hanssensvei 7 Postboks 8034 N-4068 Stavanger Tlf/Phone: +47 51 20 26 51 Mobil/Mobile: +47 40 000 651 Faks/Fax +47 51 20 26 01 E-post/E-mail: atle.ostbo at tdcsong.no Web: tdcsong.no -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061207/649a200e/attachment.html From adudek16 at gmail.com Thu Dec 7 15:36:05 2006 From: adudek16 at gmail.com (A Dude) Date: Thu, 7 Dec 2006 10:36:05 -0500 Subject: [rancid] Re: clogin enable and password option behavior In-Reply-To: <20061206211622.GT29055@shrubbery.net> References: <20061206211538.AC1D611CE2F@ni.shrubbery.net> <96ba9bee0612061300m7b95df46yba9eb691ba818c02@mail.gmail.com> <20061206211622.GT29055@shrubbery.net> Message-ID: <96ba9bee0612070736u145b9970t3d18cfec37103402@mail.gmail.com> That works. I'm not sure if the same bug is in any other xlogin scripts since I just use cisco. Thanks Aaron On 12/6/06, john heasley wrote: > > Wed, Dec 06, 2006 at 04:00:02PM -0500, A Dude: > > Is there some reason that I cannot specify both a password and enable > when > > using clogin? > > My idea is to use a web page to pass the username, password, and enable > to > > clogin and collect the data from the commands, primarily to automate > getting > > show tech and show log info. > > Everything works if I remove either the enable or the password option. > Is > > this the expected behavior? > > > > [adudek16 at redbaron ~]$ clogin -u test -e twctest -p testing -x rantest > > 10.82.88.11 > > 10.82.88.11 > > can't read "passwd": no such variable > > while executing > > "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype" > > ("foreach" body line 111) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out prompt. > > # Since autoena..." > > (file "/usr/sbin/clogin" line 616) > > A bug; please try this patch. > > Index: clogin.in > =================================================================== > RCS file: /home/rancid/.CVS/rancid/bin/clogin.in,v > retrieving revision 1.106 > diff -d -u -r1.106 clogin.in > --- clogin.in 6 Dec 2006 02:12:31 -0000 1.106 > +++ clogin.in 6 Dec 2006 21:15:30 -0000 > @@ -754,6 +754,9 @@ > } > set passwd [join [lindex $pswd 0] ""] > set enapasswd [join [lindex $pswd 1] ""] > + } else { > + set passwd $userpasswd > + set enapasswd $enapasswd > } > > # Figure out username > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061207/e159bd94/attachment.html From Todd at equivoice.com Thu Dec 7 21:51:02 2006 From: Todd at equivoice.com (Todd Heide) Date: Thu, 7 Dec 2006 15:51:02 -0600 Subject: [rancid] New server ODD issues Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22046DD5A@exchange.Equivoice.local> Just got the production server up and running, at least I thought. I noticed that some devices weren't getting updated on subsequent passes. Checked the logs and find this in one of the groups. cvs commit: Up-to-date check failed for `configs/10.15.1.1' Thanks Todd Heide -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061207/d20a2106/attachment.html From Anton.Schweitzer at o2.com Fri Dec 8 08:32:35 2006 From: Anton.Schweitzer at o2.com (Anton.Schweitzer at o2.com) Date: Fri, 8 Dec 2006 09:32:35 +0100 Subject: [rancid] RANCID stopped writing routers.down file Message-ID: Hi All, after i upgraded my /bin files to the new version a6 RANCID stopped writting the routers.down files. I still get the mails with the failed boxes which are correct. Any Ideas ? Cheers Anton Anton Schweitzer CNO IP Backoffice o2 (Germany) GmbH & Co.OHG Georg Brauchle-Ring 23-25, D-80992 M?nchen Tel +49(0)89-2442-5794 Mobil +49(0)176-23407715 Fax +49(0)89-2442-5632 anton.schweitzer at o2.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061208/91c48116/attachment.html From Atle.Ostbo at tdcsong.no Fri Dec 8 10:33:34 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Fri, 8 Dec 2006 11:33:34 +0100 Subject: [rancid] rancid-run -r Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F349F@NO-SVG1EX01.nordiclan.net> Hi I have set up swatch (sylog watcher) to look after config canges messages from our routers in the network. When an message with /SYS-5-CONFIG_I/ message is detected in the logfile it will start the script /usr/local/rancid/bin/rancid-run The problem is the rancid want to update the status for all of the config files before it will start the downloading the new configuration of the . (when you have 5000+ config files it take a long time to get the updated configuration checked in) Is it possible to only do the following when -r are spesified: - download config for the - comit the new config file for the Med vennlig hilsen/Best regards Atle ?stb? Network Services TDC Song AS Prof.O.Hanssensvei 7 Postboks 8034 N-4068 Stavanger Tlf/Phone: +47 51 20 26 51 Mobil/Mobile: +47 40 000 651 Faks/Fax +47 51 20 26 01 E-post/E-mail: atle.ostbo at tdcsong.no Web: tdcsong.no -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061208/9756c0eb/attachment.html From heas at shrubbery.net Sat Dec 9 02:20:04 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 8 Dec 2006 18:20:04 -0800 Subject: [rancid] Re: Netscaler Support In-Reply-To: <20061205124123.G3404@iama.hypergeek.net> References: <20061205124123.G3404@iama.hypergeek.net> Message-ID: <20061209022004.GY29571@shrubbery.net> Tue, Dec 05, 2006 at 12:42:56PM -0800, John A. Kilpatrick: > > Just out of curiosity has anyone got rancid working with version 6.1 or > later of the Netscaler software? I'm having a similar problem to others > in that it just hangs - not seeing the prompt it wants I guess. > > I'm wondering what previous versions of the software were like - if it > dumped you into the FreeBSD shell (and that's what rancid is looking for) > then sending the command "shell" after login would fix that. But if > anyone has any other ideas I'd love to hear them. The netscaler module was contributed; I know nothing of them myself. But, it would appear that it does expect a root sheel, since it runs these commands: 'cat /etc/ns.conf' 'get log setting' I guess you are saying that the new software provides some kind of CLI, thus the nslogin script will likely need a bit of work along with the nsrancid script. From heas at shrubbery.net Sat Dec 9 02:32:10 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 8 Dec 2006 18:32:10 -0800 Subject: [rancid] Re: "svn warning - is already under version control" message while running the rancid-run -r In-Reply-To: <357EEDAD7111AE46916A5D882E361E5F3F3497@NO-SVG1EX01.nordiclan.net> References: <357EEDAD7111AE46916A5D882E361E5F3F3497@NO-SVG1EX01.nordiclan.net> Message-ID: <20061209023210.GC29571@shrubbery.net> Thu, Dec 07, 2006 at 11:54:10AM +0100, Atle ?stb?: > Hi > > I have try to use rancid to take care of the configuration changes for our routers. > > I export an node list from our HP OpenView NNM and build an list of over 5000 cisco routers. > > The rancid starting: Tue Dec 5 23:00:01 CET 2006 - and was finish: ending: Thu Dec 7 05:22:23 CET 2006 > > It's take a long time to build the svn repository - it use nearly 24 hours to do that. I don't know why this take so longe time. I think you should be asking yourself why this so slow. Is your system's directly cache too small? Disk performance problems? Is there contention for locks on the svn database? You might also ask yourself if 5000 devices in a single group is a good design. Seems like that would produce rather overwhelming diffs. > Is there any way to perform the rancid to get config from one router without check in all of them, only get the new config from the -r ? Not with the current code. From Atle.Ostbo at tdcsong.no Mon Dec 11 09:06:01 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Mon, 11 Dec 2006 10:06:01 +0100 Subject: [rancid] Re: "svn warning - is already under version control" message while running the rancid-run -r In-Reply-To: <20061209023210.GC29571@shrubbery.net> Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F34A1@NO-SVG1EX01.nordiclan.net> Hi John >>I think you should be asking yourself why this so slow. Is your system's >>directly cache too small? Disk performance problems? Is there contention >>for locks on the svn database? I am running an DELL server with the following configuration: CPU's: ------ System Specifics.....: GenuineIntel 4 Intel(R) Pentium(R) D CPU 3.00GHz GenuineIntel 4 Intel(R) Pentium(R) D CPU 3.00GHz, 3000 3000 MHz 1024348 kB RAM 2097144 kB swap space Operating System.....: Linux version 2.6.9-42.0.3.ELsmp (brewbuilder at hs20-bc2-2.build.redhat.com) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-3)) #1 SMP Mon Sep 25 17:24:31 EDT 2006 Disk Configuration: ------------------ Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 4128448 511596 3407140 14% / /dev/sda3 194449 25871 158538 15% /boot none 512172 0 512172 0% /dev/shm /dev/mapper/VolGroup00-LogVol05 4128448 51048 3867688 2% /home /dev/mapper/VolGroup00-LogVol03 4128448 50924 3867812 2% /tmp /dev/mapper/VolGroup00-LogVol02 8256952 5071532 2765992 65% /usr /dev/mapper/VolGroup00-LogVol04 4128448 239204 3679532 7% /var You write something about the system's cache size, could you please come with more info on that (- how to checkout + and fix) ? >> Is there contention for locks on the svn database? What did you mean ? - I don't know. >>You might also ask yourself if 5000 devices in a single group is a good >>design. Seems like that would produce rather overwhelming diffs. Yes, I need the all config backup's in the same group. It's only 5000 files - I have read about subversion server with more that 30000 files, so I don't se any performance problem with that. ------------------------------------------------ Med vennlig hilsen/Best regards Atle ?stb? Network Services > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 9. desember 2006 03:32 > To: Atle ?stb? > Cc: john heasley; rancid-discuss at shrubbery.net > Subject: Re: "svn warning - is already under version > control" message while running the rancid-run -r > > Thu, Dec 07, 2006 at 11:54:10AM +0100, Atle ?stb?: > > Hi > > > > I have try to use rancid to take care of the configuration > changes for our routers. > > > > I export an node list from our HP OpenView NNM and build an > list of over 5000 cisco routers. > > > > The rancid starting: Tue Dec 5 23:00:01 CET 2006 - and was > finish: ending: Thu Dec 7 05:22:23 CET 2006 > > > > It's take a long time to build the svn repository - it use > nearly 24 hours to do that. I don't know why this take so longe time. > > I think you should be asking yourself why this so slow. Is > your system's > directly cache too small? Disk performance problems? Is > there contention > for locks on the svn database? > > You might also ask yourself if 5000 devices in a single group > is a good > design. Seems like that would produce rather overwhelming diffs. > > > Is there any way to perform the rancid to get config from > one router without check in all of them, only get the new > config from the -r ? > > Not with the current code. > From saku+rancid at ytti.fi Mon Dec 11 11:21:21 2006 From: saku+rancid at ytti.fi (Saku Ytti) Date: Mon, 11 Dec 2006 13:21:21 +0200 Subject: [rancid] few contrib rancid hacks, also is there any need for sharing rancid hacks? Message-ID: <20061211112121.GA25131@mx.ytti.net> I think many people have added support for niche systems to rancid that doesn't make much sense adding to the distribution. I've made support for telco systems binos based boxes (email me if you want them). Should there be some site to host those rancid hacks? Anyhow, I was bored this weekend and rewrote some of my hacks to a format where they might work in other environments too, if you want to try them out check http://ip.fi/rancid_hacks/ some 'documentation available as http://ip.fi/rancid_hacks/README.txt Or are all rancid hacks more or less company specific that it makes no sense sharing them? I still have few that I haven't rewritten to ruby, most notably 'csanitise' that has test sets for different boxes with multiple unit tests in simple 'scripting' language. However it's quite ugly and I'm not sure if I have enough interest to port it to ruby or even rewrite it in perl to not assume so much about environment. Thanks, -- ++ytti -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061211/e6231013/attachment.bin From mnoriega at amnetcorp.com Mon Dec 11 18:43:28 2006 From: mnoriega at amnetcorp.com (Manuel Noriega) Date: Mon, 11 Dec 2006 12:43:28 -0600 Subject: [rancid] Using RANCID on Riverstone and Tellabs equipment In-Reply-To: <20061211112121.GA25131@mx.ytti.net> References: <20061211112121.GA25131@mx.ytti.net> Message-ID: <670C44D8-C22B-4CDD-B4FE-3D8A2CF6A80B@amnetcorp.com> Hello, I've been using RANCID for a couple of months and have been able to add: Cisco Router Cisco Catalyst Switch Juniper Router But I also have some Riverstone and Tellabs equipment which I can't get to work under RANCID. In the Riverstone case I am not using RADIUS or TACACS but I can't get the enable password to work. I get an "%CONS-W-BADPASSWD, incorrect password" error. ======================================= [rancid at neo bin]$ ./rivlogin rsgt1 Trying 10.1.64.101... Connected to rsgt1 (10.1.64.101). Escape character is '^]'. ---------------------------------------------------------------------- RS 3000 System Software, Version 9.4.0.3 Riverstone Networks, Inc., Copyright (c) 2000-2004. All rights reserved. System started on 2006-05-21 17:45:54 ---------------------------------------------------------------------- Press RETURN to activate console . . . Password: rs-gua-3600-02> rs-gua-3600-02> enable Password: %CONS-W-BADPASSWD, incorrect password % Authentication failed. rs-gua-3600-02> ERROR: do_enable failed to gain enable mode. ======================================== In the .clogin file I've got: ======================================== add user rsgt* admin add userpassword rsgt* vtypassword add password rsgt* vtypassword enablepassword add method rsgt* telnet ======================================== And in the Tellabs case, since this equipment is not supported under RANCID I don't know how I should configure it since I believe it shouldn't be too dificult to get to work (but I have no experience in RANCID). What I need is simply to telnet to the equipment, enable, and execute "show running-config". The equipment has no vty or enable password. ======================================== telnet tellabs1 Trying 10.1.64.41... Connected to tellabsgt1 (10.1.64.41). Escape character is '^]'. ****************************************************************** * * * Tellabs 8660 Network Element * * * * Copyright (c) 2004-2006 Tellabs. All rights reserved. * * * ****************************************************************** Enter configuration commands, one per line. End with ^Z Hostname> Hostname>enable Hostname#show running-config ======================================== Any help would be much appreciated. Thanks, Manuel From ak at ilk.net Wed Dec 13 13:01:48 2006 From: ak at ilk.net (Alexander Koch) Date: Wed, 13 Dec 2006 14:01:48 +0100 Subject: [rancid] Re: few contrib rancid hacks, also is there any need for sharing rancid hacks? In-Reply-To: <20061211112121.GA25131@mx.ytti.net> References: <20061211112121.GA25131@mx.ytti.net> Message-ID: <20061213130148.GG20660@ilk.net> On Mon, Dec 11, 2006 at 01:21:21PM +0200, Saku Ytti wrote: > [...] > Should there be some site to host those rancid hacks? For me as newbie would this great. So I can look through and get an idea how things can get solved or just reuse something :) Regards, Alex -- Alexander Koch, mailto: ak at ilk.net ILK Internet GmbH, Akademiestrasse 25 - 27, D-76133 Karlsruhe Tel: +49 (0) 721 9100 0, Fax: +49 (0) 721 9100 191 http://www.ilk.net From saku+rancid at ytti.fi Thu Dec 14 08:05:30 2006 From: saku+rancid at ytti.fi (Saku Ytti) Date: Thu, 14 Dec 2006 10:05:30 +0200 Subject: [rancid] Re: few contrib rancid hacks, also is there any need for sharing rancid hacks? In-Reply-To: <20061211112121.GA25131@mx.ytti.net> References: <20061211112121.GA25131@mx.ytti.net> Message-ID: <20061214080530.GA7749@mx.ytti.net> On (2006-12-11 13:21 +0200), Saku Ytti wrote: > them out check http://ip.fi/rancid_hacks/ some 'documentation Last spam on the subject, I added thread support for cpush (well of course threads then fork clogin). -- ++ytti -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061214/f5349822/attachment.bin From Todd at equivoice.com Fri Dec 15 19:41:19 2006 From: Todd at equivoice.com (Todd Heide) Date: Fri, 15 Dec 2006 13:41:19 -0600 Subject: [rancid] Grabbing PIX In-Reply-To: <20061214080530.GA7749@mx.ytti.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2204CF155@exchange.Equivoice.local> Is there anything I need to do different when setting up the host for a PIX? 10.1.1.1:cisco:up ? Too lazy to read all the docs, and too busy to find the time :) Thanks Todd Heide Equivoice LLC From JJackson at aninetworks.com Fri Dec 15 19:42:11 2006 From: JJackson at aninetworks.com (Joseph Jackson) Date: Fri, 15 Dec 2006 11:42:11 -0800 Subject: [rancid] Re: Grabbing PIX Message-ID: That's what I do. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Friday, December 15, 2006 11:41 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Grabbing PIX Is there anything I need to do different when setting up the host for a PIX? 10.1.1.1:cisco:up ? Too lazy to read all the docs, and too busy to find the time :) Thanks Todd Heide Equivoice LLC _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From julien.touche at lycos.com Sat Dec 16 15:11:13 2006 From: julien.touche at lycos.com (Julien TOUCHE) Date: Sat, 16 Dec 2006 16:11:13 +0100 Subject: [rancid] routers map/network topology Message-ID: <45840C91.8070709@lycos.com> Hi i've just discovered rancid and if it seems to solves the problem of backup and history on network equipments, i'm not sure about topology and map. this seems to be positive http://www.nanog.org/mtg-0210/abley.html but i would like to see some examples or screenshots for example, diagram like nagios map or text map with which routers/switch is linked to which one. something like switch1 - router1 - router1b - router2 - router2b - router3 - router3b - router3c - router3d - router4 - router4b eventually with which subnet. and so on If it is possible, two questions: - how ? any guide/howto link ? - does it support nat pool/static on some of these routers ? thanks a lot Regards Julien From eravin at panix.com Mon Dec 18 15:55:17 2006 From: eravin at panix.com (Ed Ravin) Date: Mon, 18 Dec 2006 10:55:17 -0500 Subject: [rancid] cisco 2811 spurious diffs Message-ID: <20061218155517.GD5880@panix.com> A Cisco 2811 at my site was rebooted, and the diff below was mailed out by RANCID. It looks to me like this kind of stuff (the order some drivers were loaded into memory?) isn't really desirable to flag as a "router change"... > =================================================================== > @@ -35,12 +35,12 @@ > !Flash: nvram: 245752 bytes total (229867 bytes free) > ! > !Interface: FastEthernet0/0, MV96340 > !Interface: FastEthernet0/1, MV96340 > - !Interface: Serial0/0/0:0, GT96Kidb at 0x443B091C, driver data structure at 0x443B8038 > - !Interface: Serial0/0/1:0, GT96Kidb at 0x443BA8C8, driver data structure at 0x443C1FE4 > - !Interface: Serial0/1/0:0, GT96Kidb at 0x443C543C, driver data structure at 0x443CCB58 > - !Interface: Serial0/1/1:0, GT96Kidb at 0x443CFD00, driver data structure at 0x4440B380 > + !Interface: Serial0/0/0:0, GT96Kidb at 0x443E075C, driver data structure at 0x443E7E78 > + !Interface: Serial0/0/1:0, GT96Kidb at 0x443EA708, driver data structure at 0x443F1E24 > + !Interface: Serial0/1/0:0, GT96Kidb at 0x443F5458, driver data structure at 0x443FCB74 > + !Interface: Serial0/1/1:0, GT96Kidb at 0x443FFCC0, driver data structure at 0x4443B1C0 > ! > !Slot 0: type C2811 Motherboard with 2FE and integrated VPN, 2 ports > !Slot 0: hvers 3.0 rev B0 > !Slot 0: part 73-7214-10, serial > From Graeme.Danielson at airnz.co.nz Tue Dec 19 04:54:05 2006 From: Graeme.Danielson at airnz.co.nz (Danielson, Graeme) Date: Tue, 19 Dec 2006 17:54:05 +1300 Subject: [rancid] Re: routers map/network topology In-Reply-To: <45840C91.8070709@lycos.com> Message-ID: It's not picture based and L3 only but WANdoc works well for me. After installing just point it at your rancid cisco configs. It does things like hyperlinking all the networks with interfaces, consistency checks on subnets, access-lists, and basic security for snmp and vty ACLs etc. Makes navigating large network configs much easier. A part I use a bit for troubleshooting is paste in the output from a traceroute into it's webpage and it will show you the raw config for all the L3 interfaces on the path. http://www.wandoc.net -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Julien TOUCHE Sent: Sunday, 17 December 2006 4:11 a.m. To: rancid-discuss at shrubbery.net Subject: [rancid] routers map/network topology Hi i've just discovered rancid and if it seems to solves the problem of backup and history on network equipments, i'm not sure about topology and map. this seems to be positive http://www.nanog.org/mtg-0210/abley.html but i would like to see some examples or screenshots for example, diagram like nagios map or text map with which routers/switch is linked to which one. something like switch1 - router1 - router1b - router2 - router2b - router3 - router3b - router3c - router3d - router4 - router4b eventually with which subnet. and so on If it is possible, two questions: - how ? any guide/howto link ? - does it support nat pool/static on some of these routers ? thanks a lot Regards Julien _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ____________________________________________________________________ CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _____________________________________________________________________ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _____________________________________________________________________ From yuvalba at netvision.net.il Sat Dec 23 22:54:11 2006 From: yuvalba at netvision.net.il (Yuval Ben-Ari) Date: Sun, 24 Dec 2006 00:54:11 +0200 Subject: [rancid] small 6500/7600 ShowVersion bug in bin/rancid Message-ID: <58D14E53A4F69C4EAF4D29171C447CC491FF1B@NTX-CL.forest.netvision.net.il> sorry, not sure if this was already noted. I had few Catalyst 6500/7600 routers that rancid was missing the IOS image line. the show ver output is like this: IOS (tm) s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF4, RELEASE SOFTWARE (fc1) the reason for the problem is the underscore sign inside the brackets. (the regexp was looking for [A-Za-z-0-9]) my fix: @@ -160,7 +160,7 @@ # PIX fail-over license /^This PIX has an?\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; - /^(Cisco )?IOS .* Software,? \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && + /^(Cisco )?IOS .* Software,? \((.*)\), .*Version\s+(.*)$/ && I have a feeling that we are playing a game here with Cisco developers, they want to test how complex does one regexp should be in order to match all show version possible outputs. Yuval -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061224/5f51bc62/attachment.html From mnoriega at amnetcorp.com Tue Dec 26 17:21:40 2006 From: mnoriega at amnetcorp.com (Manuel Noriega) Date: Tue, 26 Dec 2006 11:21:40 -0600 Subject: [rancid] Re: Grabbing PIX In-Reply-To: References: Message-ID: <14FD16C7-2E47-4DAD-9F61-E69BDF9C6D9B@amnetcorp.com> I'm also having trouble with my PIX. I've tried with telnet or ssh, but in both cases I only get to the vty login and never to the enable. Here is my .cloginrc =================================================== add password pixgt {vtypassword} {enablepassword} add method pixgt telnet add user pixgt pix add cyphertype pixgt.amnetdatos.net des =================================================== And when I run clogin I get: =================================================== bin/clogin pixgt.amnetdatos.net pixgt spawn telnet pixgt Trying 192.168.60.200... Connected to pixgt (192.168.60.200). Escape character is '^]'. User Access Verification Password: Type help or '?' for a list of available commands. pixguate> =================================================== Once I get to this point the session stops, I can't send any command to the pix and I need to do CTRL-C to return to my linux prompt. Sincerely, Manuel Noriega ISP Engineer -------------- next part -------------- A non-text attachment was scrubbed... Name: AmnetDatos-Little.jpg Type: image/jpeg Size: 12703 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061226/27adafdc/attachment.jpg -------------- next part -------------- 13 CALLE 3-40, ZONA 10 15 NIVEL, OFICINA 15-01 GUATEMALA CITY, C.A. PBX (502) 2279 0099 FAX (502) 2279 0003 www.amnetdatos.com On Dec 15, 2006, at 1:42 PM, Joseph Jackson wrote: > That's what I do. > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide > Sent: Friday, December 15, 2006 11:41 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Grabbing PIX > > Is there anything I need to do different when setting up the host > for a > PIX? 10.1.1.1:cisco:up ? Too lazy to read all the docs, and too > busy to > find the time :) > > Thanks > > Todd Heide > > Equivoice LLC > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From pooshgul at gmail.com Tue Dec 26 17:38:14 2006 From: pooshgul at gmail.com (Pooshgul) Date: Tue, 26 Dec 2006 23:08:14 +0530 Subject: [rancid] Re: Grabbing PIX In-Reply-To: <14FD16C7-2E47-4DAD-9F61-E69BDF9C6D9B@amnetcorp.com> Message-ID: <00d201c72914$a1bd4910$24fd1dac@dhrodc.com> Hi Manuel, Try adding following line in .cloginrc. I have added this in your configuration in bold add autoenable pixgt 0 poosh -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Manuel Noriega Sent: Tuesday, December 26, 2006 10:52 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Grabbing PIX I'm also having trouble with my PIX. I've tried with telnet or ssh, but in both cases I only get to the vty login and never to the enable. Here is my .cloginrc =================================================== add password pixgt {vtypassword} {enablepassword} add method pixgt telnet add user pixgt pix add cyphertype pixgt.amnetdatos.net des add autoenable pixgt 0 =================================================== And when I run clogin I get: =================================================== bin/clogin pixgt.amnetdatos.net pixgt spawn telnet pixgt Trying 192.168.60.200... Connected to pixgt (192.168.60.200). Escape character is '^]'. User Access Verification Password: Type help or '?' for a list of available commands. pixguate> =================================================== Once I get to this point the session stops, I can't send any command to the pix and I need to do CTRL-C to return to my linux prompt. Sincerely, Manuel Noriega ISP Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061226/d5b95253/attachment.html From mnoriega at amnetcorp.com Tue Dec 26 23:25:43 2006 From: mnoriega at amnetcorp.com (Manuel Noriega) Date: Tue, 26 Dec 2006 17:25:43 -0600 Subject: [rancid] Re: Grabbing PIX In-Reply-To: <00d201c72914$a1bd4910$24fd1dac@dhrodc.com> References: <00d201c72914$a1bd4910$24fd1dac@dhrodc.com> Message-ID: Thanks poosh, that did the trick. My final configuration for anyone interested is: add password pixgt {vtypassword} {enablepassword} add method pixgt telnet add autoenable pixgt 0 Sincerely, Manuel Noriega ISP Engineer -------------- next part -------------- A non-text attachment was scrubbed... Name: AmnetDatos-Little.jpg Type: image/jpeg Size: 12703 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061226/ff0e4a56/attachment.jpg -------------- next part -------------- 13 CALLE 3-40, ZONA 10 15 NIVEL, OFICINA 15-01 GUATEMALA CITY, C.A. PBX (502) 2279 0099 FAX (502) 2279 0003 www.amnetdatos.com On Dec 26, 2006, at 11:38 AM, Pooshgul wrote: > Hi Manuel, > > > > Try adding following line in .cloginrc. I have added this in your > configuration in bold > > > > add autoenable pixgt 0 > > > > poosh > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Manuel Noriega > Sent: Tuesday, December 26, 2006 10:52 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Grabbing PIX > > > > I'm also having trouble with my PIX. I've tried with telnet or ssh, > > but in both cases I only get to the vty login and never to the enable. > > > > Here is my .cloginrc > > > > =================================================== > > add password pixgt {vtypassword} {enablepassword} > > add method pixgt telnet > > add user pixgt pix > > add cyphertype pixgt.amnetdatos.net des > > add autoenable pixgt 0 > > =================================================== > > > > And when I run clogin I get: > > > > > > =================================================== > > bin/clogin pixgt.amnetdatos.net > > pixgt > > spawn telnet pixgt > > Trying 192.168.60.200... > > Connected to pixgt (192.168.60.200). > > Escape character is '^]'. > > > > > > User Access Verification > > > > Password: > > Type help or '?' for a list of available commands. > > pixguate> > > > > =================================================== > > > > Once I get to this point the session stops, I can't send any command > > to the pix and I need to do CTRL-C to return to my linux prompt. > > > > Sincerely, > > > > Manuel Noriega > > ISP Engineer > > > > From mnoriega at amnetcorp.com Wed Dec 27 16:53:58 2006 From: mnoriega at amnetcorp.com (Manuel Noriega) Date: Wed, 27 Dec 2006 10:53:58 -0600 Subject: [rancid] Using RANCID on Riverstone and Tellabs equipment Message-ID: I managed to get my Riverstones working with RANCID so I thought I'd share my results. I found that rivlogin was sending the incorrect password so I made the following changes to the file in the do-enable process. =================================================== proc do_enable { enauser enapasswd userpswd } { global expect_out verbose global my_prompt enable_prompt set enable_prompt [ string trimright $my_prompt ">" ] set enable_prompt $enable_prompt\# if { $verbose == 1 } { puts "DEBUG: do_enable: my_prompt = $my_prompt ena_prompt = $enable_prompt" } send "enable\r" expect { # Username: { send "$enauser\r"; exp_continue } # Password: { send "$userpswd\r"; exp_continue } Password: { send "$enapasswd\r"; exp_continue } =================================================== This told rivlogin to send the enapasswd and now it's working. My rivlogin file version is: ## $Id: rivlogin.in,v 1.17 2004/02/02 17:38:36 heas Exp $ Sincerely, Manuel Noriega ISP Engineer -------------- next part -------------- A non-text attachment was scrubbed... Name: AmnetDatos-Little.jpg Type: image/jpeg Size: 12703 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061227/b38abc04/attachment.jpg -------------- next part -------------- 13 CALLE 3-40, ZONA 10 15 NIVEL, OFICINA 15-01 GUATEMALA CITY, C.A. PBX (502) 2279 0099 FAX (502) 2279 0003 www.amnetdatos.com > Hello, > > I've been using RANCID for a couple of months and have been able to > add: > > Cisco Router > Cisco Catalyst Switch > Juniper Router > > But I also have some Riverstone and Tellabs equipment which I can't > get to work under RANCID. > > In the Riverstone case I am not using RADIUS or TACACS but I can't > get the enable password to work. I get an "%CONS-W-BADPASSWD, > incorrect password" error. > > ======================================= > [rancid at neo bin]$ ./rivlogin rsgt1 > Trying 10.1.64.101... > Connected to rsgt1 (10.1.64.101). > Escape character is '^]'. > > > > ---------------------------------------------------------------------- > RS 3000 System Software, Version 9.4.0.3 > Riverstone Networks, Inc., Copyright (c) 2000-2004. All rights > reserved. > System started on 2006-05-21 17:45:54 > ---------------------------------------------------------------------- > > > Press RETURN to activate console . . . > > > Password: > rs-gua-3600-02> > rs-gua-3600-02> enable > Password: > %CONS-W-BADPASSWD, incorrect password > > % Authentication failed. > > rs-gua-3600-02> ERROR: do_enable failed to gain enable mode. > ======================================== > > In the .clogin file I've got: > > ======================================== > add user rsgt* admin > add userpassword rsgt* vtypassword > add password rsgt* vtypassword enablepassword > add method rsgt* telnet > > ======================================== > > And in the Tellabs case, since this equipment is not supported under > RANCID I don't know how I should configure it since I believe it > shouldn't be too dificult to get to work (but I have no experience in > RANCID). What I need is simply to telnet to the equipment, enable, > and execute "show running-config". The equipment has no vty or enable > password. > > ======================================== > telnet tellabs1 > Trying 10.1.64.41... > Connected to tellabsgt1 (10.1.64.41). > Escape character is '^]'. > ****************************************************************** > * * > * Tellabs 8660 Network Element * > * * > * Copyright (c) 2004-2006 Tellabs. All rights reserved. * > * * > ****************************************************************** > Enter configuration commands, one per line. End with ^Z > Hostname> > Hostname>enable > Hostname#show running-config > > ======================================== > > > Any help would be much appreciated. > > Thanks, > > Manuel > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jjones at integracon.com Thu Dec 28 14:45:08 2006 From: jjones at integracon.com (jason jones) Date: Thu, 28 Dec 2006 09:45:08 -0500 Subject: [rancid] Dell switch support Message-ID: Anyone interested in a bounty for adding Dell switch support to Rancid? I have several specific models that I need support for and would be willing to make it worth someone's time. How about $750 for implementing support for a few different models (I'll give specific model #'s)? Of course any patches implemented can go back out into the main branch of code as well. Please let me know ASAP if you are interested. Thanks! -- Jason P Jones CCSP,CCNA,CCDA,CQS-CISS,CQS-CSFS,CQS-CIPSS,CQS-CFWS,CQS-CIPCES,CQS-AWLDS,CQS-AWLFS MCSE(2000),MCSE+I(NT4),MCT,ISSP(INFOSEC),LCP,CCA,CNA,CIWA,INET+,Network+,A+ Integracon Technologies PH: 865.382.7400 TXT: 8653827400 at cingularme.com IM: jjones at integracon.com (Google Talk) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061228/ae86a672/attachment.html