<div dir="ltr"><div><div><div>So far I have been able to to bypass the "$" expansion with sed, by adding a "\" in front of every occurrence.<br><br></div>The question mark "?" is possible to be bypassed by using "Ctrl-V". However I could not find a way for to add that control sequence (like we can do with "\n" or "\r" ) to a script line nor make clogin inject that before an instance of "?".<br>
<br></div>The banner login and motd I could only make it work with clogin if I use just one line for the text immediately followed by the delimiter character. Any newlines will make the clogin script hang, which I suspect is because expect is waiting for some shell return string or character.<br>
<br></div><div>Since most banners are several lines, right now I am having to trim the banner statements out completely to avoid the problem. Anyone could give me some direction as to how I could make clogin play ball both with Ctrl-V and with banner text newlines? <br>
<br></div><div>Thanks,<br>Ramon<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 10:20 AM, Ramon <span dir="ltr"><<a href="mailto:ramonbatwork@gmail.com" target="_blank">ramonbatwork@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>shouldbe, thanks.... that is exactly what I was looking for. Characters "?" , "$" and "^C" all produce unwanted expansion. The "?" throws a WORD in the example you cite, breaking the config script. The "$" in a secret or password string breaks out the clogin process with because it tries to read it as a variable:<br>
<br>can't read "1": no such variable<br> while executing<br>"subst -nocommands [lindex $commands $i]"<br> (procedure "run_commands" line 26)<br> invoked from within<br>"run_commands $prompt $command"<br>
("foreach" body line 186)<br> invoked from within<br>"foreach router [lrange $argv $i end] {<br> set router [string tolower $router]<br> # attempt at platform switching.<br> set platform ""<br>
send_user ..."<br> (file "/usr/local/rancid/bin/clogin" line 740)<br><br></div>And the "^C" on the motd enters interactive mode and eventually times out:<br><br>#banner login ^C<br>Enter TEXT message. End with the character '^'.<br>
<br>Error: TIMEOUT reached<br><br><br></div>I took the ASA out of the scope yesterday when I noticed what a mess that would be. So right now I am only trying to make this work for Cisco routers and switches (2911's and 2950's specifically). Router reload in completely out of question, and configure replace has proved to be risky at times (when the command is scripted you have to use force, and it has trimmed correct vlans and left old ones in place). <br>
<br></div><div>I'm going to dig thru clogin code to see if I can come up with a workaround for the parsing problems mentioned above, any help appreciated!<span class="HOEnZb"><font color="#888888"><br><br></font></span></div>
<span class="HOEnZb"><font color="#888888"><div>Ramon<br></div><div><div><br><br><br></div></div>
</font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 12, 2013 at 5:49 PM, shouldbe q931 <span dir="ltr"><<a href="mailto:shouldbeq931@gmail.com" target="_blank">shouldbeq931@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On Tue, Feb 12, 2013 at 4:04 PM, Ramon <span dir="ltr"><<a href="mailto:ramonbatwork@gmail.com" target="_blank">ramonbatwork@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hello all, <br><br></div>
I am currently looking in to a way to implement rollback functionality using rancid. What would it take to reverse bad changes and restore the config of a cisco device back to a previous saved version?<br>
<br></div>I ask because just pushing the original config on top of the modified version would not remove or flush out certain statements, possibly leaving duplicates that would have to be removed manually.<br><br></div>My first idea was to create a negative file, by generating a "no statement" for every line in the new config that does not match the old config. After pushing the negative file and removing the changes I would push the old config to restore any of the deleted statements.<br>
<br></div>Feedback on any foreseeable issues such as possible hierarchical problems (interfaces, acls, bgp) would be very welcomed.<br><br>Thanks,<br>Ramon</div></blockquote><div><br></div></div></div><div>A few problems that I thought of</div>
<div><br></div>If you're doing a "conf t" and then sending the updates, you need to be able to parse and escape "special" characters, such as the ? in line three below<br><br>1 ip ddns update method <a href="http://dyn.he.net" target="_blank">dyn.he.net</a><br>
2 HTTP<br>3 add <a href="http://dynamicrouter.domain.com:hjo97864hhj06hA@ipv4.dyn.dns.he.net/nic/update?hostname=" target="_blank">http://dynamicrouter.domain.com:hjo97864hhj06hA@ipv4.dyn.dns.he.net/nic/update?hostname=</a><h>&myip=<a><br>
<br>The thought of escaping characters lead me onto motd lines...</div><div class="gmail_quote"><br></div><div class="gmail_quote"><div class="gmail_quote">banner motd ^C</div><div class="gmail_quote">This is not the router you are looking for</div>
<div class="gmail_quote">^C</div><div><br></div><div>And finally, the order of NAT rules on an ASA can be critical, this would mean either removing all of them (affecting all traffic) and then adding all of them, or being able to parse all of the NAT rule lines to add the sequence to the rollback, such as <br>
</div><br> no nat 14<br> nat (inside,outside) 14 source static i-server <a href="http://i-server.domain.com" target="_blank">i-server.domain.com</a> service tcp-in-https tcp-in-https<br><br></div><div class="gmail_quote">
I'm sure there are lots of other similar cases</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">If you can cope with a reload, then would go with either a tftp boot, or erase startup, tftp copy to startup and then reload.</div><div class="gmail_quote">
<br></div><div class="gmail_quote">As well as rancid, I also like to archive to a FTP server, so when TFTP isn't an option (such as a remote site router, I can simply go</div><div class="gmail_quote"><br></div>
<div class="gmail_quote"> erase start</div><div class="gmail_quote"> copy ftp://user:pass@host/path/file startup</div><div class="gmail_quote"><br></div><div class="gmail_quote">And then reload</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">For a client that bought CSM, I manage their ASA firewalls with CSM, after a particularly bad experience with the built in CSM rollback, I now do the changes and deploy normally rather than a rollback deploy if changes need to be "reverted".</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Cheers</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>