[rancid] Re: Pulling down context configs from a Cisco FWSM

Lance rancid at gheek.net
Wed Mar 28 14:19:19 UTC 2007


When you do a "show run" after changing contexts does it give you a
slightly different config or an entirely different config.
Unfortunately at my place of business we only have a need to run 2
basic contexts, the default admin and system. So I don't work with

I don't intend on this being a context session 101, but why do you
create contexts for each customer you have (as it appears to me)? You
might enlighten me and I might switch to such a model. :-D


> -------- Original Message --------
> Subject: [rancid] Re: Pulling down context configs from a Cisco FWSM
> From: Rob Shepherd <rob at techniumcast.com>
> Date: Wed, March 28, 2007 3:16 am
> To: rancid-discuss at shrubbery.net
> Ed Ravin wrote:
> > On Tue, Mar 27, 2007 at 07:55:40AM -0700, Lance wrote:
> >> In my opinion it shouldn't be too hard. The hardest part would be
> >> looking at the output from "show contexts" and substringing or
> >> delimiting the line via expect and then dynamically changing to each
> >> one and doing the commands needed needed.
> >
> > The problem is that we're asking the *login scripts to do something
> > that is outside their model - normally the *rancid scripts send the
> > list of exact commands to run, the *login scripts run them and put the
> > output in a file, and then the *rancid scripts parse the output.
> >
> > There's just no hook for dynamic / interactive commands, or returning
> > multiple files.  You've got the ability to "plugin" an external script,
> > maybe that would be the place to start, to write a TCL script that can
> > be called with the "-s" option to clogin, that would deliver the
> > individual files for each context.
> >
> > But then we have to get the files into the *rancid program.  It
> > would be nice to do this without some ugly hack, like the ones I
> > usually code to get around RANCID's limitations.
> >
> >> Ed Ravin should be able to code something pretty quick. He has solid
> >> coding skills and should be able to do this in a matter of a few hours
> >> max I would think. That is up to him though.
> >
> > Thanks for the flowers, but you are being awfully generous with my time!
> > I have a suspicion that Austin and John are also otherwise engaged.
> 1) An option would be to have a seperate component for discovering the contexts and laying them out in a file like hosts are at present.
> I'd be happy to do this manually as I only add contexts every 3-4 months anyway.
> 2) An additional command, after "enable" select the correct context.
> ...would this be a variation of clogin?
> I guess clogin can perform the enable command... and enter the password. Does it detect the change in prompt? to decide if it's in enable mode?
> The prompt changes also when in context mode....
> Here's the output of a login session. it goes straight to the admin context, then I switch to the system context, then to another context.
> > rob at penguin:/tmp >ssh
> > rob at's password:
> > Type help or '?' for a list of available commands.
> > cast-tec-mr2-c5-fsm1/cast>
> > cast-tec-mr2-c5-fsm1/cast> enable
> > Password: ****
> > cast-tec-mr2-c5-fsm1/cast# changeto system
> > cast-tec-mr2-c5-fsm1# changeto context etl
> > cast-tec-mr2-c5-fsm1/etl#
> Would this be a case of entending clogin to perform a context switch?
> Cheers
> Rob
> --
> Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd
> Technium CAST | LL57 4HJ | http://www.techniumcast.com
> rob at techniumcast.com | 01248 675024 | 077988 72480
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list