[rancid] Re: Retrieving cisco configuration using SNMP+TFTP
Shekhar Basnet
shekhar at mos.com.np
Fri Jun 30 04:02:59 UTC 2006
On Thu, 2006-06-29 at 17:31, Jee Kay wrote:
> On 29/06/06, Kevin <kkadow at gmail.com> wrote:
> > Risks and headaches of scripting the CLI are exactly why I went with
> > the Cisco SNMP solution -- we have technical and political cause not
> > to have a Unix machine/script with "enable" access into
> > production-critical Cisco gear.
>
> Just as a data point - you realise 'enable' access doesn't necessarily
> mean 'privilege level 15' right? What we do here is lower 'show
> startup-config' to priv level 2 and give the RANCID user priv2...
> works grand :) Also means the RANCID user cannot affect the router in
> any way.
>
I use TACACS+ downloaded from the shrubbery site. The RANCID user is
able to run only the show commands and nothing more than that.
S.
> Ras
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list