[rancid] Re: Retrieving cisco configuration using SNMP+TFTP
Kanagaraj Krishna
kanagaraj at aims.com.my
Fri Jun 30 04:08:27 UTC 2006
I'm also using TACACS+ which limits the commands of the RANCID user. Working
fine.
----- Original Message -----
From: "Shekhar Basnet" <shekhar at mos.com.np>
To: <rancid-discuss at shrubbery.net>
Sent: Friday, June 30, 2006 12:02 PM
Subject: [rancid] Re: Retrieving cisco configuration using SNMP+TFTP
> On Thu, 2006-06-29 at 17:31, Jee Kay wrote:
> > On 29/06/06, Kevin <kkadow at gmail.com> wrote:
> > > Risks and headaches of scripting the CLI are exactly why I went with
> > > the Cisco SNMP solution -- we have technical and political cause not
> > > to have a Unix machine/script with "enable" access into
> > > production-critical Cisco gear.
> >
> > Just as a data point - you realise 'enable' access doesn't necessarily
> > mean 'privilege level 15' right? What we do here is lower 'show
> > startup-config' to priv level 2 and give the RANCID user priv2...
> > works grand :) Also means the RANCID user cannot affect the router in
> > any way.
> >
> I use TACACS+ downloaded from the shrubbery site. The RANCID user is
> able to run only the show commands and nothing more than that.
>
> S.
>
> > Ras
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
More information about the Rancid-discuss
mailing list