firewall blade in 6509 system context backup issue

Gee-clough, Aaron (NIH/CIT) geecla at mail.nih.gov
Fri Sep 16 15:51:56 UTC 2005


Could you assign an IP to the admin context and treat it like a unique
device?  (Ie ssh to it directly, rather than sessioning to it from the
switch.)
 
aaron

------------------
Aaron Gee-Clough
DNST/CIT/NEB/NSS
Contractor.  Geek. 

 


  _____  

From: Hopper, Faron W. [mailto:faron.hopper at capgemini.com] 
Sent: Wednesday, September 14, 2005 5:38 PM
To: david_laporte at harvard.edu
Cc: rancid-discuss at shrubbery.net
Subject: RE: firewall blade in 6509 system context backup issue




I tried adding the \n and it still just hangs.


Faron Hopper
Capgemini
Network Engineer
3315 N. Oak Trfy
Kansas City, MO 64116
816.459.5139



-----Original Message-----
From: David LaPorte [mailto:david_laporte at harvard.edu
<mailto:david_laporte at harvard.edu> ]
Sent: Wed 9/14/2005 3:36 PM
To: Hopper, Faron  W.
Cc: rancid-discuss at shrubbery.net
Subject: Re: firewall blade in 6509 system context backup issue

Just a thought, but try adding a "\n" in there:

clogin -c "changeto system\nshow version" hostname


Hopper, Faron W. wrote:
> Hello,
>     Well, thanks to everyone's help, I am almost finished setting up
> RANCID to retrieve all of my configs.  I have one last issue that I
> would like to ask everyone's opinion on.  We have 2 new firewall blades
> for Cisco's 6500 series switches.  These firewall blades have the
> concept of contexts or virtual firewalls.  When I use clogin to login
> into the virtual firewall, I can issue the changeto <context> command it
> will change the context. Everything works fine until i try to run clogin
> -c "changeto system; show version" hostname.  I think the problem is
> that the prompt changes.  Is it possible to use the enableprompt to
> catch this?  I haven't tried it yet, but from reading the man page it
> doesn't sound like it will look for a different prompt once I am already
> logged in.  Here is the clogin info.
>
>
> bash-3.00# clogin ddcxf01c-fw-admin
> ddcxf01c-fw-admin
> spawn ssh -c 3des -x -l kcsc\netcfgbak ddcxf01c-fw-admin
> kcsc\\netcfgbak at ddcxf01c-fw-admin's password:
> Type help or '?' for a list of available commands.
> ddcxf01c/admin>
> ddcxf01c/admin> enable
> Password: ********
> ddcxf01c/admin#
> ddcxf01c/admin# changeto system
> ddcxf01c# sh ver
>
> FWSM Firewall Version 2.3(2) <system>
> FWSM Device Manager Version 4.1(1)
>
> Compiled on Wed 06-Apr-05 13:08 by dalecki
>
> ddcxf01c up 22 days 15 hours
>
> Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
> Flash  2.20    TOSHIBA THNCF128MBA @ 0xc321, 20MB
>
> 0: gb-ethernet0: irq 5
> 1: gb-ethernet1: irq 7
> 2: ethernet0: irq 11
>
> Licensed Features:
> Failover:           Enabled
> VPN-DES:            Enabled
> VPN-3DES:           Enabled
> Maximum Interfaces: 256 (per security context)
> Cut-through Proxy:  Enabled
> Guards:             Enabled
> URL-filtering:      Enabled
> Throughput:         Unlimited
> ISAKMP peers:       Unlimited
> Security Contexts:  20
>
> This machine has an Unrestricted (UR) license.
>
> Serial Number:
> Running Activation Key:
> Configuration last modified by kcsc\netcfgbak at 15:16:53 Sep 14 2005
> ddcxf01c# exit
>
> Logoff
>
>
>
> Thanks in advance,
>
> Faron Hopper
> Capgemini
> Network Engineer
> 3315 N. Oak Trfy
> Kansas City, MO 64116
> 816.459.5139
>

--
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
   PGP: 0x4DC3E508
        4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508




More information about the Rancid-discuss mailing list