[rancid] Re: What's difference between "show running-config" and "show config" parsing?

Alex Malberty alex.malberty at babycenter.com
Wed Jun 4 16:46:56 UTC 2008

I had the same problem. I could not get show running-config to show an
output using a low privilege user. It is a Cisco IOS configuration that
cannot be bypassed. I even opened a ticket with Cisco to find out how to
make show running-config show an output. You can use show config, but
that is not necessarily what is actually running on the device. So, I
had to deal with it using an enable user to get the running-config. 

Alejandro A. Malberty
Systems Administrator
BabyCenter, LLC

amalberty at babycenter.com
p:  415.344.7626


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Tuesday, June 03, 2008 9:23 PM
To: 'rancid-discuss at shrubbery.net'
Subject: [rancid] What's difference between "show running-config" and
"show config" parsing?


I have a situation where the end user doesn't permit enable access to 
the rancid user. On return, they allow all "show" commands by doing some

"privilege exec" commands on the router. That means, I can't run "show 
run" command if I am logged in as rancid user. However I can do "show 
config" command which reads the startup configuration file from the

I compared end of both configuration and they are identical.
---------- show run output last 4 lines -----------
ntp clock-period 17179646
ntp server x.x.x.x  prefer
ntp server x.x.x.y
---------- show config output last 4 lines --------
ntp clock-period 17179646
ntp server x.x.x.x  prefer
ntp server x.x.x.y

Literally no difference at all.

However following doesn't work and throws "End of run not found" error 
in the log.

1. Configure .cloginrc with following setup. and modify bin/rancid 
script to run "show config" command instead of show run.
add user *       {rancid}
add password * {rancidpass}
add method * ssh
add cyphertype * {3des}
add autoenable * 1   # I set autoenable to 1 because rancid account 
login puts to "#" prompt since its a priv-2 account

Technically it should work fine since both commands produces same output

and end of file but it doesn't work for some reason. Any advise on how 
to troubleshoot this one?

Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

More information about the Rancid-discuss mailing list