From jba at analogue.net Thu Apr 4 10:47:52 2002 From: jba at analogue.net (jeffrey arnold) Date: Thu, 4 Apr 2002 05:47:52 -0500 (EST) Subject: Rancid & PIX. Message-ID: first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net From AZhang at reliant.com Thu Apr 4 13:47:28 2002 From: AZhang at reliant.com (Zhang, Anchi) Date: Thu, 4 Apr 2002 07:47:28 -0600 Subject: Rancid & PIX. Message-ID: It has worked for me without any change to the program but I have never tried it using telnet and/or without AAA. log2% rancid eo-pit-pix1 log2% clogin eo-pit-pix1 eo-pit-pix1 spawn ssh -c 3des -x -l azhang eo-pit-pix1 azhang at eo-pit-pix1's password: Type help or '?' for a list of available commands. eo-pit-pix1> eo-pit-pix1> enable Password: ********** eo-pit-pix1# -----Original Message----- From: jeffrey arnold [mailto:jba at analogue.net] Sent: Thursday, April 04, 2002 4:48 AM To: rancid-discuss at shrubbery.net Subject: Rancid & PIX. first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net From jcoke at ibeam.com Thu Apr 4 15:15:57 2002 From: jcoke at ibeam.com (John Coke) Date: Thu, 4 Apr 2002 09:15:57 -0600 Subject: Rancid & PIX. Message-ID: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT> Works like a champ. If you take a look at crancid, there is code to recognize the PIX and to "ask" it different things than it asks say a Cat5. -John -----Original Message----- From: jeffrey arnold [mailto:jba at analogue.net] Sent: Thursday, April 04, 2002 4:48 AM To: rancid-discuss at shrubbery.net Subject: Rancid & PIX. first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net From heas at shrubbery.net Thu Apr 4 19:51:27 2002 From: heas at shrubbery.net (john heasley) Date: Thu, 4 Apr 2002 11:51:27 -0800 Subject: Rancid & PIX. In-Reply-To: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT>; from jcoke@ibeam.com on Thu, Apr 04, 2002 at 09:15:57AM -0600 References: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT> Message-ID: <20020404115127.D20220@shrubbery.net> Thu, Apr 04, 2002 at 09:15:57AM -0600, John Coke: > Works like a champ. If you take a look at crancid, there is code to > recognize the PIX and to "ask" it different things than it asks say a Cat5. > > -John to be pedantic, the script that currently handles the PIX is bin/rancid, same one as for a cisco router. so, in router.db, it would be of type 'cisco' (router.db(5)). anyway, it may not be as complete as it could be for a pix, as i don't have one to poke. if anyone happens to notice things that should be added, please drop us a note. thanks. cheers. > -----Original Message----- > From: jeffrey arnold [mailto:jba at analogue.net] > Sent: Thursday, April 04, 2002 4:48 AM > To: rancid-discuss at shrubbery.net > Subject: Rancid & PIX. > > > > first off, thanks to all who have contributed to such a great tool. > > I'm interested in hearing if anyone has gotten rancid working with a cisco > PIX. A cursory glance at clogin makes me believe that some initial > framework is there, but full PIX support is not ready. Is this a fair > evaluation? > > Any info will be much appreciated. > > cheers, > -jba > -- > [jba at analogue.net] :: analogue.networks.nyc :: http://analogue.net > From jmartine at alhsys.com Fri Apr 5 06:25:56 2002 From: jmartine at alhsys.com (=?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?=) Date: Fri, 5 Apr 2002 08:25:56 +0200 Subject: rancid & Procurve 2524 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV> Hello to all, I'm working the marvellous rancid tool since two weeks ago. I have registered all the cisco routers, but know I have problems to collect the cinfiguration of HP Procurve 2524 switches. I use the following definitions in routers.db and .cloginrc: ========= routers.db ========= ... 192.168.1.78:hp:up ... ========= .cloginrc ========= add autoenable 192.168.1.78 1 add password 192.168.1.78 telnetpasswd enablepasswd The switch is autoeabled, i.e. when I telnet by hand and press 'intro' I have the '#' prompt, and I can run commands as 'show config'. But rancid tells that can't contact the device. If I debug the connection following the FAQ guidelines I see that rancid makes me to specify the line with the password although it don't use them. the execution of .hlogi or .clogin shows me the connection to the switch like telnet, but it blocks, perhaps rancid is waiting for some characters from switch, and the switch is waiting for characters from rancid. Hos anybody practical experience with HP Procurve switches like 2524? Best Regards. From johan.grip at emea.sykes.com Fri Apr 5 06:26:45 2002 From: johan.grip at emea.sykes.com (Johan Grip) Date: Fri, 5 Apr 2002 07:26:45 +0100 Subject: Patch for modem autodiscovery Message-ID: <59CFF4F7B037D411804800508B6D22B2495D68@UKEDIMAIL02> Hi all. Just dropping a patch for those of us having modem autoconfigure discovery configured on async lines. This causes the config to change the baudrate on the lines when the cisco attempts to locate a modem there, casuing lots and lots of unneeded commits. Bugs: It will also remove the speed setting from FastEthernet interface, which is not a concern for me, but might be for you. Anyway, here goes: --- rancid.in Tue Mar 19 07:38:47 2002 +++ rancid Fri Apr 5 07:14:56 2002 @@ -888,6 +888,8 @@ /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces + /^ speed / && next; # kill speed on async lines + /^ [rt]xspeed / && next; # kill even more async speeds if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); next; Kind regards, Johan Grip From heas at shrubbery.net Fri Apr 5 08:06:39 2002 From: heas at shrubbery.net (john heasley) Date: Fri, 5 Apr 2002 00:06:39 -0800 Subject: rancid & Procurve 2524 In-Reply-To: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV>; from jmartine@alhsys.com on Fri, Apr 05, 2002 at 08:25:56AM +0200 References: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV> Message-ID: <20020405000639.I17115@shrubbery.net> Fri, Apr 05, 2002 at 08:25:56AM +0200, Juan Jos? Mu?oz Martinez: > > Hello to all, > > I'm working the marvellous rancid tool since two weeks ago. > I have registered all the cisco routers, but know I have problems to collect > the cinfiguration of HP Procurve 2524 switches. > I use the following definitions in routers.db and .cloginrc: > > ========= > routers.db > ========= > ... > 192.168.1.78:hp:up > ... > > ========= > .cloginrc > ========= > add autoenable 192.168.1.78 1 > add password 192.168.1.78 telnetpasswd enablepasswd > > > The switch is autoeabled, i.e. when I telnet by hand and press 'intro' I > have the '#' prompt, and I can run commands as 'show config'. But rancid > tells that can't contact the device. > If I debug the connection following the FAQ guidelines I see that rancid > makes me to specify the line with the password although it don't use them. > the execution of .hlogi or .clogin shows me the connection to the switch > like telnet, but it blocks, perhaps rancid is waiting for some characters > from switch, and the switch is waiting for characters from rancid. "press I" leads me to believe that you're getting the silly menu system or they've added something terribly silly to the login procedure. rancid must have the command-line interface. eg: % ./hlogin 192.168.0.2 192.168.0.2 spawn hpfilter telnet 192.168.0.2 Trying 192.168.0.2... Connected to 192.168.0.2. Escape character is '^]'. HP J4813A ProCurve Switch 2524 Firmware revision F.02.13 Copyright (C) 1991-1998 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Connecting to Tacacs server 192.168.0.1 User Access Verification Username: user Password: HP ProCurve Switch 2524> enable Password: HP ProCurve Switch 2524# > > Hos anybody practical experience with HP Procurve switches like 2524? > > Best Regards. From jmartine at alhsys.com Fri Apr 5 11:53:07 2002 From: jmartine at alhsys.com (=?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?=) Date: Fri, 5 Apr 2002 13:53:07 +0200 Subject: rancid & Procurve 2524 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV> I've got it. I've configured login password with "password operator" command and enable password with "password manager", and then with the line "add password 192.168.1.78 login-pass enable-pass" in .cloginrc rancid can collect the configuration and status. -----Mensaje original----- De: john heasley [mailto:heas at shrubbery.net] Enviado el: viernes, 05 de abril de 2002 10:07 Para: Juan Jos? Mu?oz Martinez CC: rancid-discuss at shrubbery.net Asunto: Re: rancid & Procurve 2524 Fri, Apr 05, 2002 at 08:25:56AM +0200, Juan Jos? Mu?oz Martinez: > > Hello to all, > > I'm working the marvellous rancid tool since two weeks ago. > I have registered all the cisco routers, but know I have problems to collect > the cinfiguration of HP Procurve 2524 switches. > I use the following definitions in routers.db and .cloginrc: > > ========= > routers.db > ========= > ... > 192.168.1.78:hp:up > ... > > ========= > .cloginrc > ========= > add autoenable 192.168.1.78 1 > add password 192.168.1.78 telnetpasswd enablepasswd > > > The switch is autoeabled, i.e. when I telnet by hand and press 'intro' I > have the '#' prompt, and I can run commands as 'show config'. But rancid > tells that can't contact the device. > If I debug the connection following the FAQ guidelines I see that rancid > makes me to specify the line with the password although it don't use them. > the execution of .hlogi or .clogin shows me the connection to the switch > like telnet, but it blocks, perhaps rancid is waiting for some characters > from switch, and the switch is waiting for characters from rancid. "press I" leads me to believe that you're getting the silly menu system or they've added something terribly silly to the login procedure. rancid must have the command-line interface. eg: % ./hlogin 192.168.0.2 192.168.0.2 spawn hpfilter telnet 192.168.0.2 Trying 192.168.0.2... Connected to 192.168.0.2. Escape character is '^]'. HP J4813A ProCurve Switch 2524 Firmware revision F.02.13 Copyright (C) 1991-1998 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Connecting to Tacacs server 192.168.0.1 User Access Verification Username: user Password: HP ProCurve Switch 2524> enable Password: HP ProCurve Switch 2524# > > Hos anybody practical experience with HP Procurve switches like 2524? > > Best Regards. From heas at shrubbery.net Fri Apr 5 18:16:41 2002 From: heas at shrubbery.net (john heasley) Date: Fri, 5 Apr 2002 10:16:41 -0800 Subject: rancid & Procurve 2524 In-Reply-To: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV>; from jmartine@alhsys.com on Fri, Apr 05, 2002 at 01:53:07PM +0200 References: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV> Message-ID: <20020405101641.E2452@shrubbery.net> Fri, Apr 05, 2002 at 01:53:07PM +0200, Juan Jos? Mu?oz Martinez: > I've got it. > > I've configured login password with "password operator" command and enable > password with "password manager", and then with the line "add password are those part of the configuration? what is their significance (so, i may make a note in the FAQ/manpage)? From jmartine at alhsys.com Wed Apr 10 13:40:33 2002 From: jmartine at alhsys.com (=?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?=) Date: Wed, 10 Apr 2002 15:40:33 +0200 Subject: rancid & Procurve 2524 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A4C@ALHMAILSRV> Hello, sorry for the delay. the teo commands are typed in CLI mode through telnet or console, but you can set the password for operator and administrator through menu options through (first typing 'menu' command). the configuration loks like a cisco device, if you are in menu mode you must go to CLI mode, if you enter with telnet and the prompt is '>' you must type enable and enter password if defined to get privileged prompt '#'. Then to start configuration you must enter comand 'config terminal', now you get the configuration prompt (config)# and can enter configuration commands. password operator Here is the sequence of commands and inputs: HP ProCurve Switch 2524> en HP ProCurve Switch 2524# alhambra. Invalid input: alhambra. HP ProCurve Switch 2524# pass Invalid input: pass HP ProCurve Switch 2524# conf term HP ProCurve Switch 2524(config)# password operator New password: ******** Please retype new password: ********* Retyped password differs from initially typed password. HP ProCurve Switch 2524(config)# password manager New password: ********* Please retype new password: ********* HP ProCurve Switch 2524(config)# exit HP ProCurve Switch 2524# write mem HP ProCurve Switch 2524# exit HP ProCurve Switch 2524> exit Do you want to log out (Y/N)?Y For polling of the switch with rancid add the followin lines to .cloginrc and router.db: .cloginrc ============= ... add password 192.168.1.78 login-pass enable-pass ... router.db ============= ... 192.168.1.78:hp:up ... I expect to learn more about procurve switches command line, I provide you more information as I get it. Best Regards. > -----Mensaje original----- > De: john heasley [mailto:heas at shrubbery.net] > Enviado el: viernes, 05 de abril de 2002 20:17 > Para: Juan Jos? Mu?oz Martinez > CC: rancid-discuss at shrubbery.net > Asunto: Re: rancid & Procurve 2524 > > > Fri, Apr 05, 2002 at 01:53:07PM +0200, Juan Jos? Mu?oz Martinez: > > I've got it. > > > > I've configured login password with "password operator" > command and enable > > password with "password manager", and then with the line > "add password > > are those part of the configuration? what is their > significance (so, i > may make a note in the FAQ/manpage)? > > From fergus.roche at loudeye.com Tue Apr 30 19:42:01 2002 From: fergus.roche at loudeye.com (Fergus Roche) Date: 30 Apr 2002 12:42:01 -0700 Subject: blogin Timeout Message-ID: <1020195721.3982.50.camel@chub.int.loudeye.com> I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs and times out. I have had the same problem with 2.2b8 and 2.2 on 2 different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake (2.2.14-15) I have tried various combinations of entries in .cloginrc, but always with the same result. Any help would be much appreciated. $ bin/blogin bay-nr1 bay-nr1 spawn telnet bay-nr1 Trying 10.10.0.1... Connected to bay-nr1 Escape character is '^]'. ******************************** * Bay Networks,Inc. * * Copyright (c) 1996-1999 * * All Rights Reserved * * Accelar 1200 * * Software Release 2.0.5.7 * ******************************** Login: Error: TIMEOUT reached $ cat .cloginrc add user bay-nr1 readwrite add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, but that appears to have been included in the 2.2 release. $ cat router.db bay-nr1:baynet:up Thanks, Fergus Roche Loudeye Technologies From phil.pierotti at ebay.com Mon Apr 15 16:33:04 2002 From: phil.pierotti at ebay.com (Pierotti, Phil) Date: Mon, 15 Apr 2002 09:33:04 -0700 Subject: RANCID and Cisco Catalyst Switches Message-ID: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com> Cisco Catalyst Switches effectively modify the configuration every time a port changes link state - by tweaking the active "spantree portcost" and "spantree portvlancost". Does anyone know/have a hack/tweak to make RANCID ignore these "differences" in the configurations? On a switch with end-users connecting/disconnecting/rebooting (ie working normally) you'll see a change every single time RANCID runs. Thanks, Phil P ---------------------------------------------------------------------------- -- Phil.Pierotti at eBay.com ---------------------------------------------------------------------------- -- Phil Pierotti Ph: 408 376 5820 Senior Network Engineer Cell: 408 410 1818 eBay, Inc. From heas at shrubbery.net Tue Apr 30 22:12:34 2002 From: heas at shrubbery.net (john heasley) Date: Tue, 30 Apr 2002 22:12:34 +0000 Subject: blogin Timeout In-Reply-To: <1020195721.3982.50.camel@chub.int.loudeye.com>; from fergus.roche@loudeye.com on Tue, Apr 30, 2002 at 12:42:01PM -0700 References: <1020195721.3982.50.camel@chub.int.loudeye.com> Message-ID: <20020430221234.J20617@shrubbery.net> Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche: > I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs > and times out. I have had the same problem with 2.2b8 and 2.2 on 2 > different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on > RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake > (2.2.14-15) > I have tried various combinations of entries in .cloginrc, but always > with the same result. Any help would be much appreciated. please try attached. set for rancid-2.2.1 maint rel RSN. > > > $ bin/blogin bay-nr1 > bay-nr1 > spawn telnet bay-nr1 > Trying 10.10.0.1... > Connected to bay-nr1 > Escape character is '^]'. > > ******************************** > * Bay Networks,Inc. * > * Copyright (c) 1996-1999 * > * All Rights Reserved * > * Accelar 1200 * > * Software Release 2.0.5.7 * > ******************************** > > Login: > Error: TIMEOUT reached > > > $ cat .cloginrc > add user bay-nr1 readwrite > add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, > but that appears to have been included in the 2.2 release. > > > $ cat router.db > bay-nr1:baynet:up > > > > Thanks, > Fergus Roche > Loudeye Technologies -------------- next part -------------- #!@EXPECT_PATH@ -- ## ## ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # blogin - Bay Networks(Nortel) login # # Unlike the Cisco's, there is no enable function on the Bay's. # Instead there are seperate User and Manager accounts. A 'system' command # exists, which i am told does nothing. # # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set enable 0 # The default is that you login non-enabled (tacacs can have you login already enabled) set autoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 0 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "Error: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } set cmd_fd [open $cmd_file r] set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set enable 0 # Does tacacs automatically enable us? } -autoenable { set autoenable 1 set enable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script global u_prompt p_prompt e_prompt set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" exit 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { send_user "\nError: ssh failed: $reason\n" exit 1 } } elseif ![string compare $prog "rsh"] { if [ catch {spawn rsh -l $user $router} reason ] { send_user "\nError: rsh failed: $reason\n" exit 1 } } else { puts "\nError: unknown connection method: $prog" return 1 } incr progs -1 sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog)\n"; return 1 } } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "$u_prompt" { send "$user\r" expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 } -re "$p_prompt" { send "$userpswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } -re "$p_prompt" { if ![string compare $prog "ssh"] { send "$userpswd\r" } else { send "$passwd\r" } expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -re "$e_prompt" { send "$enapasswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } denied { send_user "\nError: Check your Enable passwd\n"; return 1} "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "more off\r" expect $prompt {} regsub -all "\[)(]" $prompt {\\&} reprompt # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "^\[^\n\r *]*$reprompt" {} -re "^\[^\n\r]*$reprompt." { exp_continue } -re "\[\n\r]" { exp_continue } } } } else { send "[subst -nocommands $command]\r" expect { -re "^\[^\n\r *]*$reprompt" {} -re "^\[^\n\r]*$reprompt." { exp_continue } -re "\[\n\r]" { exp_continue } } } send "logout\r" expect { "\n" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $autoenable { set prompt "#" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "#" } else { set autoenable 0 set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "Error - no password for $router in $password_file.\n" continue } if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "Error - no enable password for $router in $password_file.\n" continue } set passwd [lindex $pswd 0] set enapasswd [lindex $pswd 1] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [find user $router] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [find userpassword $router] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [find enauser $router] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet}} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { send "more off\r" expect $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 From heas at shrubbery.net Tue Apr 30 22:18:49 2002 From: heas at shrubbery.net (john heasley) Date: Tue, 30 Apr 2002 22:18:49 +0000 Subject: blogin Timeout In-Reply-To: <20020430221234.J20617@shrubbery.net>; from heas@shrubbery.net on Tue, Apr 30, 2002 at 10:12:34PM +0000 References: <1020195721.3982.50.camel@chub.int.loudeye.com> <20020430221234.J20617@shrubbery.net> Message-ID: <20020430221849.K20617@shrubbery.net> Tue, Apr 30, 2002 at 10:12:34PM +0000, john heasley: > Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche: > > I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs > > and times out. I have had the same problem with 2.2b8 and 2.2 on 2 > > different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on > > RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake > > (2.2.14-15) > > I have tried various combinations of entries in .cloginrc, but always > > with the same result. Any help would be much appreciated. > > please try attached. set for rancid-2.2.1 maint rel RSN. actually, scratch that comment. you probably want this version; but, i think the problem is really the case of "Login". the user prompt its looking for is the regex "(Username|login|user name):". if you add to .cloginrc: add userprompt bay-nr1 {Login:} i think this will work. i'm interested to know if the case has changed or if we've made a mistake somewhere along the line and inadvertently changed the regex. > > > > > > $ bin/blogin bay-nr1 > > bay-nr1 > > spawn telnet bay-nr1 > > Trying 10.10.0.1... > > Connected to bay-nr1 > > Escape character is '^]'. > > > > ******************************** > > * Bay Networks,Inc. * > > * Copyright (c) 1996-1999 * > > * All Rights Reserved * > > * Accelar 1200 * > > * Software Release 2.0.5.7 * > > ******************************** > > > > Login: > > Error: TIMEOUT reached > > > > > > $ cat .cloginrc > > add user bay-nr1 readwrite > > add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, > > but that appears to have been included in the 2.2 release. > > > > > > $ cat router.db > > bay-nr1:baynet:up > > > > > > > > Thanks, > > Fergus Roche > > Loudeye Technologies > #!@EXPECT_PATH@ -- > ## > ## > ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting. > ## All rights reserved. > ## > ## This software may be freely copied, modified and redistributed without > ## fee for non-commerical purposes provided that this copyright notice is > ## preserved intact on all copies and modified copies. > ## > ## There is no warranty or other guarantee of fitness of this software. > ## It is provided solely "as is". The author(s) disclaim(s) all > ## responsibility and liability with respect to this software's usage > ## or its effect upon hardware, computer systems, other software, or > ## anything else. > ## > ## > # > # blogin - Bay Networks(Nortel) login > # > # Unlike the Cisco's, there is no enable function on the Bay's. > # Instead there are seperate User and Manager accounts. A 'system' command > # exists, which i am told does nothing. > # > > # Usage line > set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ > \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ > \[-s script-file\] \[-t timeout\] \[-u username\] \ > \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ > \[-y ssh_cypher_type\] router \[router...\]\n" > > # env(CLOGIN) may contain: > # x == do not set xterm banner or name > > # Password file > set password_file $env(HOME)/.cloginrc > # Default is to login to the router > set do_command 0 > set do_script 0 > # The default is to automatically enable > set enable 0 > # The default is that you login non-enabled (tacacs can have you login already enabled) > set autoenable 0 > # The default is to look in the password file to find the passwords. This > # tracks if we receive them on the command line. > set do_passwd 1 > set do_enapasswd 0 > > # Find the user in the ENV, or use the unix userid. > if {[ info exists env(CISCO_USER) ] } { > set default_user $env(CISCO_USER) > } elseif {[ info exists env(USER) ]} { > set default_user $env(USER) > } else { > # This uses "id" which I think is portable. At least it has existed > # (without options) on all machines/OSes I've been on recently - > # unlike whoami or id -nu. > if [ catch {exec id} reason ] { > send_error "\nError: could not exec id: $reason\n" > exit 1 > } > regexp {\(([^)]*)} "$reason" junk default_user > } > > # Sometimes routers take awhile to answer (the default is 10 sec) > set timeout 45 > > # Process the command line > for {set i 0} {$i < $argc} {incr i} { > set arg [lindex $argv $i] > > switch -glob -- $arg { > # Username > -u* - > -U* { > if {! [ regexp .\[uU\](.+) $arg ignore user]} { > incr i > set username [ lindex $argv $i ] > } > # VTY Password > } -p* - > -P* { > if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { > incr i > set userpasswd [ lindex $argv $i ] > } > set do_passwd 0 > # VTY Password > } -v* - > -v* { > if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { > incr i > set passwd [ lindex $argv $i ] > } > set do_passwd 0 > # Enable Username > } -w* - > -W* { > if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { > incr i > set enausername [ lindex $argv $i ] > } > # Environment variable to pass to -s scripts > } -E* > { > if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { > set E$varname $varvalue > } else { > send_user "Error: invalid format for -E in $arg\n" > exit 1 > } > # Enable Password > } -e* > { > if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} { > incr i > set enapasswd [ lindex $argv $i ] > } > set do_enapasswd 0 > # Command to run. > } -c* - > -C* { > if {! [ regexp .\[cC\](.+) $arg ignore command]} { > incr i > set command [ lindex $argv $i ] > } > set do_command 1 > # Expect script to run. > } -s* - > -S* { > if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { > incr i > set sfile [ lindex $argv $i ] > } > if { ! [ file readable $sfile ] } { > send_user "\nError: Can't read $sfile\n" > exit 1 > } > set do_script 1 > # 'ssh -c' cypher type > } -y* - > -Y* { > if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { > incr i > set cypher [ lindex $argv $i ] > } > # alternate cloginrc file > } -f* - > -F* { > if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { > incr i > set password_file [ lindex $argv $i ] > } > # Timeout > } -t* - > -T* { > if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { > incr i > set timeout [ lindex $argv $i ] > } > # Command file > } -x* - > -X { > if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { > incr i > set cmd_file [ lindex $argv $i ] > } > set cmd_fd [open $cmd_file r] > set cmd_text [read $cmd_fd] > close $cmd_fd > set command [join [split $cmd_text \n] \;] > set do_command 1 > # Do we enable? > } -noenable { > set enable 0 > # Does tacacs automatically enable us? > } -autoenable { > set autoenable 1 > set enable 0 > } -* { > send_user "\nError: Unknown argument! $arg\n" > send_user $usage > exit 1 > } default { > break > } > } > } > # Process routers...no routers listed is an error. > if { $i == $argc } { > send_user "\nError: $usage" > } > > # Only be quiet if we are running a script (it can log its output > # on its own) > if { $do_script } { > log_user 0 > } else { > log_user 1 > } > > # > # Done configuration/variable setting. Now run with it... > # > > # Sets Xterm title if interactive...if its an xterm and the user cares > proc label { host } { > global env > # if CLOGIN has an 'x' in it, don't set the xterm name/banner > if [info exists env(CLOGIN)] { > if {[string first "x" $env(CLOGIN)] != -1} { return } > } > # take host from ENV(TERM) > if [info exists env(TERM)] { > if [regexp \^(xterm|vs) $env(TERM) ignore ] { > send_user "\033]1;[lindex [split $host "."] 0]\a" > send_user "\033]2;$host\a" > } > } > } > > # This is a helper function to make the password file easier to > # maintain. Using this the password file has the form: > # add password sl* pete cow > # add password at* steve > # add password * hanky-pie > proc add {var args} { global int_$var ; lappend int_$var $args} > proc include {args} { > global env > regsub -all "(^{|}$)" $args {} args > if { [ regexp "^/" $args ignore ] == 0 } { > set args $env(HOME)/$args > } > source_password_file $args > } > > proc find {var router} { > upvar int_$var list > if { [info exists list] } { > foreach line $list { > if { [string match [lindex $line 0] $router ] } { > return [lrange $line 1 end] > } > } > } > return {} > } > > # Loads the password file. Note that as this file is tcl, and that > # it is sourced, the user better know what to put in there, as it > # could install more than just password info... I will assume however, > # that a "bad guy" could just as easy put such code in the clogin > # script, so I will leave .cloginrc as just an extention of that script > proc source_password_file { password_file } { > global env > if { ! [file exists $password_file] } { > send_user "\nError: password file ($password_file) does not exist\n" > exit 1 > } > file stat $password_file fileinfo > if { [expr ($fileinfo(mode) & 007)] != 0000 } { > send_user "\nError: $password_file must not be world readable/writable\n" > exit 1 > } > if [ catch {source $password_file} reason ] { > send_user "\nError: $reason\n" > exit 1 > } > } > > # Log into the router. > proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { > global spawn_id in_proc do_command do_script > global u_prompt p_prompt e_prompt > set in_proc 1 > > # try each of the connection methods in $cmethod until one is successful > set progs [llength $cmethod] > foreach prog [lrange $cmethod 0 end] { > if [string match "telnet*" $prog] { > regexp {telnet(:([^[:space:]]+))*} $prog command suffix port > if {"$port" == ""} { > set retval [ catch {spawn telnet $router} reason ] > } else { > set retval [ catch {spawn telnet $router $port} reason ] > } > if { $retval } { > send_user "\nError: telnet failed: $reason\n" > exit 1 > } > } elseif ![string compare $prog "ssh"] { > if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { > send_user "\nError: ssh failed: $reason\n" > exit 1 > } > } elseif ![string compare $prog "rsh"] { > if [ catch {spawn rsh -l $user $router} reason ] { > send_user "\nError: rsh failed: $reason\n" > exit 1 > } > } else { > puts "\nError: unknown connection method: $prog" > return 1 > } > incr progs -1 > sleep 0.3 > > # This helps cleanup each expect clause. > expect_after { > timeout { > send_user "\nError: TIMEOUT reached\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } eof { > send_user "\nError: EOF received\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } > } > > # Here we get a little tricky. There are several possibilities: > # the router can ask for a username and passwd and then > # talk to the TACACS server to authenticate you, or if the > # TACACS server is not working, then it will use the enable > # passwd. Or, the router might not have TACACS turned on, > # then it will just send the passwd. > # if telnet fails with connection refused, try ssh > expect { > -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { > catch {close}; wait > if !$progs { > send_user "\nError: Connection Refused ($prog)\n"; return 1 > } > } eof { send_user "\nError: Couldn't login\n"; wait; return 1 > } -nocase "unknown host\r" { > catch {close}; > send_user "\nError: Unknown host\n"; wait; return 1 > } "Host is unreachable" { > catch {close}; > send_user "\nError: Host Unreachable!\n"; wait; return 1 > } "No address associated with name" { > catch {close}; > send_user "\nError: Unknown host\n"; wait; return 1 > } > -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { > send "yes\r" > send_user "\nHost $router added to the list of known hosts.\n" > exp_continue } > -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" > return 1 } > -re "Offending key for .* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" > return 1 } > -re "$u_prompt" { send "$user\r" > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > "Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 } > -re "$p_prompt" { send "$userpswd\r" } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > -re "$p_prompt" { > if ![string compare $prog "ssh"] { > send "$userpswd\r" > } else { > send "$passwd\r" > } > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -re "$e_prompt" { send "$enapasswd\r" } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > "$prompt" { break; } > denied { send_user "\nError: Check your passwd for $router\n" > catch {close}; wait; return 1 > } > "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } > } > } > set in_proc 0 > return 0 > } > > # Enable > proc do_enable { enauser enapasswd } { > global prompt in_proc > global u_prompt e_prompt > set in_proc 1 > > send "enable\r" > expect { > -re "$u_prompt" { send "$enauser\r"; exp_continue} > -re "$e_prompt" { send "$enapasswd\r"; exp_continue} > "#" { set prompt "#" } > "(enable)" { set prompt "> (enable) " } > denied { send_user "\nError: Check your Enable passwd\n"; return 1} > "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" > return 1 > } > } > # We set the prompt variable (above) so script files don't need > # to know what it is. > set in_proc 0 > return 0 > } > > # Run commands given on the command line. > proc run_commands { prompt command } { > global in_proc > set in_proc 1 > > send "more off\r" > > expect $prompt {} > > regsub -all "\[)(]" $prompt {\\&} reprompt > > # Is this a multi-command? > if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > > for {set i 0} {$i < $num_commands} { incr i} { > send "[subst -nocommands [lindex $commands $i]]\r" > expect { > -re "^\[^\n\r *]*$reprompt" {} > -re "^\[^\n\r]*$reprompt." { exp_continue } > -re "\[\n\r]" { exp_continue } > } > } > } else { > send "[subst -nocommands $command]\r" > expect { > -re "^\[^\n\r *]*$reprompt" {} > -re "^\[^\n\r]*$reprompt." { exp_continue } > -re "\[\n\r]" { exp_continue } > } > } > send "logout\r" > expect { > "\n" { exp_continue } > timeout { return 0 } > eof { return 0 } > } > set in_proc 0 > } > > # > # For each router... (this is main loop) > # > source_password_file $password_file > set in_proc 0 > foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoenable is off by default, if we have it defined, it > # was done on the command line. If it is not specifically set on the > # command line, check the password file. > if $autoenable { > set prompt "#" > } else { > set ae [find autoenable $router] > if { "$ae" == "1" } { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set autoenable 0 > set prompt ">" > } > } > > # look for noenable option in .cloginrc > if { [find noenable $router] != "" } { > set enable 0 > } > > # Figure out passwords > if { $do_passwd || $do_enapasswd } { > set pswd [find password $router] > if { [llength $pswd] == 0 } { > send_user "Error - no password for $router in $password_file.\n" > continue > } > if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { > send_user "Error - no enable password for $router in $password_file.\n" > continue > } > set passwd [lindex $pswd 0] > set enapasswd [lindex $pswd 1] > } > > # Figure out username > if {[info exists username]} { > # command line username > set ruser $username > } else { > set ruser [find user $router] > if { "$ruser" == "" } { set ruser $default_user } > } > > # Figure out username's password (if different from the vty password) > if {[info exists userpasswd]} { > # command line username > set userpswd $userpasswd > } else { > set userpswd [find userpassword $router] > if { "$userpswd" == "" } { set userpswd $passwd } > } > > # Figure out enable username > if {[info exists enausername]} { > # command line enausername > set enauser $enausername > } else { > set enauser [find enauser $router] > if { "$enauser" == "" } { set enauser $ruser } > } > > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } > set p_prompt [find passprompt $router] > if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } > set e_prompt [find enableprompt $router] > if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } > > # Figure out cypher type > if {[info exists cypher]} { > # command line cypher type > set cyphertype $cypher > } else { > set cyphertype [find cyphertype $router] > if { "$cyphertype" == "" } { set cyphertype "3des" } > } > > # Figure out connection method > set cmethod [find method $router] > if { "$cmethod" == "" } { set cmethod {{telnet}} } > > # Login to the router > if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { > continue > } > if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > close; wait > continue > } > } > } > > if { $do_command } { > if {[run_commands $prompt $command]} { > continue > } > } elseif { $do_script } { > send "more off\r" > expect $prompt {} > source $sfile > close > } else { > label $router > log_user 1 > interact > } > > # End of for each router > wait > sleep 0.3 > } > exit 0 From heas at shrubbery.net Tue Apr 30 22:25:23 2002 From: heas at shrubbery.net (john heasley) Date: Tue, 30 Apr 2002 22:25:23 +0000 Subject: RANCID and Cisco Catalyst Switches In-Reply-To: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com>; from phil.pierotti@ebay.com on Mon, Apr 15, 2002 at 09:33:04AM -0700 References: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com> Message-ID: <20020430222523.M20617@shrubbery.net> Mon, Apr 15, 2002 at 09:33:04AM -0700, Pierotti, Phil: > Cisco Catalyst Switches effectively modify the configuration every time a > port changes link state - by tweaking the active "spantree portcost" and > "spantree portvlancost". this is considered (by me anyway) to extremely bad form. cisco should be forced to correct this _bug_. extreme does this crap as well. anyway, the reason we do no filter this is because in theory its an administrative knob. thus, if the config rancid saves is to be a candidate to recover a config.... > Does anyone know/have a hack/tweak to make RANCID ignore these "differences" > in the configurations? you could add a line like this around line 816 of cat5rancid within sub WriteTerm: /^spantree portcost: / && next; > On a switch with end-users connecting/disconnecting/rebooting (ie working > normally) you'll see a change every single time RANCID runs. > > Thanks, > Phil P > > ---------------------------------------------------------------------------- > -- > Phil.Pierotti at eBay.com > ---------------------------------------------------------------------------- > -- > Phil Pierotti Ph: 408 376 5820 > Senior Network Engineer Cell: 408 410 1818 > eBay, Inc.