[rancid] SSH public-keys

shouldbe q931 shouldbeq931 at gmail.com
Wed Jan 11 19:40:54 UTC 2012


On Wed, Jan 11, 2012 at 4:50 PM, Michael Maymann <michael at maymann.org> wrote:
> Hi Shouldbe,
>
> Sorry for not stating this... busy day at work...:
> tried to change "show system-information" -> "show system" to hrancid but
> still:
> hlogin -c "sh ver" <HOSTNAME>
> is "hanging"...
>
> So it seems I have run into 2 problems:
> 1. trying to use hlogin with ssh-key-share (add identity * id_rsa)
> configured to .cloginrc is still giving an error about password is missing
> in .cloginrc. "ssh user at host" is working fine with key-sharing
> (password-lessly)...
> 2. hlogin is "hanging" also if I use username/password directly in .cloginrc
> and even if I make the modifications to hrancid (stated above...)
>
> Am I using this wrong somehow, as it works for you...?
> Shouldbe: can you provide your .cloginrc and a tar of rancid-bin-dir (where
> hlogin/hrancid etc is located)... and perhaps give examples of how you use
> the tool to run commands on HP ProCurve equipment.
> Heasley: is this an easy/quick fix or can you recommend anything else that
> is working with both HP ProCurve and Cisco equipment... ?
>
>
> Thanks in advance :-) !
> ~maymann
>
>

I've attached a copy of hrancid, and what we "see" via ViewVC on the rancid box

I've had to slightly sanitise the output...
-------------- next part --------------
cat /usr/local/rancid/bin/hrancid
#! /usr/bin/perl
##
## $Id: hrancid.in 2246 2010-09-08 01:36:07Z heas $
##
## rancid 2.3.6
## Copyright (c) 1997-2008 by Terrapin Communications, Inc.
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
##    must display the following acknowledgement:
##        This product includes software developed by Terrapin Communications,
##        Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
##    back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
#
# Amazingly hacked version of Hank's rancid - this one tries to
# deal with HP procurves.
#
#  RANCID - Really Awesome New Cisco confIg Differ
#
# usage: rancid [-dV] [-l] [-f filename | hostname]
#
use Getopt::Std;
getopts('dflV');
if ($opt_V) {
    print "rancid 2.3.6\n";
    exit(0);
}
$log = $opt_l;
$debug = $opt_d;
$file = $opt_f;
$host = $ARGV[0];
$clean_run = 0;
$found_end = 0;                         # unused - hp lacks an end-of-config tag
$timeo = 90;                            # hlogin timeout in seconds

my(@commandtable, %commands, @commands);# command lists
my($aclsort) = ("ipsort");              # ACL sorting mode
my($filter_commstr);                    # SNMP community string filtering
my($filter_pwds);                       # password filtering mode

my($systeminfo) = 0;                    # show system-information

# This routine is used to print out the router configuration
sub ProcessHistory {
    my($new_hist_tag,$new_command,$command_string, at string) = (@_);
    if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command))
        && scalar(%history)) {
        print eval "$command \%history";
        undef %history;
    }
    if (($new_hist_tag) && ($new_command) && ($command_string)) {
        if ($history{$command_string}) {
            $history{$command_string} = "$history{$command_string}@string";
        } else {
            $history{$command_string} = "@string";
        }
    } elsif (($new_hist_tag) && ($new_command)) {
        $history{++$#history} = "@string";
    } else {
        print "@string";
    }
    $hist_tag = $new_hist_tag;
    $command = $new_command;
    1;
}

sub numerically { $a <=> $b; }

# This is a sort routine that will sort numerically on the
# keys of a hash as if it were a normal array.
sub keynsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort numerically keys(%lines)) {
        $sorted_lines[$i] = $lines{$key};
        $i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# keys of a hash as if it were a normal array.
sub keysort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort keys(%lines)) {
        $sorted_lines[$i] = $lines{$key};
        $i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# values of a hash as if it were a normal array.
sub valsort{
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $key (sort values %lines) {
        $sorted_lines[$i] = $key;
        $i++;
    }
    @sorted_lines;
}

# This is a numerical sort routine (ascending).
sub numsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $num (sort {$a <=> $b} keys %lines) {
        $sorted_lines[$i] = $lines{$num};
        $i++;
    }
    @sorted_lines;
}

# This is a sort routine that will sort on the
# ip address when the ip address is anywhere in
# the strings.
sub ipsort {
    local(%lines) = @_;
    local($i) = 0;
    local(@sorted_lines);
    foreach $addr (sort sortbyipaddr keys %lines) {
        $sorted_lines[$i] = $lines{$addr};
        $i++;
    }
    @sorted_lines;
}

# These two routines will sort based upon IP addresses
sub ipaddrval {
    my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
    $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0]));
}
sub sortbyipaddr {
    &ipaddrval($a) <=> &ipaddrval($b);
}

# This routine parses "show version"
sub ShowVersion {
    print STDERR "    In ShowVersion: $_" if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if(/^$prompt/);
        next if(/^(\s*|\s*$cmd\s*)$/);
        return(-1) if (/command authorization failed/i);
        return(-1) if /^(Invalid|Ambiguous) input:/i;

        s/^image//i;
        s/^\s*//g;

        ProcessHistory("COMMENTS","keysort","C1", ";Image: $_") && next;
    }
    return(0);
}

# This routine parses "show flash"
sub ShowFlash {
    print STDERR "    In ShowFlash: $_" if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(-1) if (/command authorization failed/i);
        return(1) if /^(Invalid|Ambiguous) input:/i;
        return(1) if /^\s*\^\s*$/;

        ProcessHistory("COMMENTS","keysort","D0",";Flash: $_");
    }

    return;
}

# This routine parses "show system-information" or "show system information"
sub ShowSystem {
    print STDERR "    In ShowSystem: $_" if ($debug);

    if ($systeminfo) {
        $_ = <INPUT>;
        return(0);
    }

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(-1) if (/command authorization failed/i);
        return(0) if /^(Invalid|Ambiguous) input:/i;

        if (/memory\s+-\s+total\s+:\s+(\S+)/i) {
            my($mem) = $1;
            $mem =~ s/,//g;
            $mem /= (1024 * 1024);
            ProcessHistory("COMMENTS","keysort","B0",";Memory: " . int($mem) .
                           "M\n");
            next;
        }
        /serial\s+number\s+:\s+(\S+)/i &&
            ProcessHistory("COMMENTS","keysort","A1",";Serial Number: $1\n");
        /firmware\s+revision\s+:\s+(\S+)/i &&
            ProcessHistory("COMMENTS","keysort","C0",";Image: Firmware $1\n");
        /rom\s+version\s+:\s+(\S+)/i &&
            ProcessHistory("COMMENTS","keysort","C1",";Image: ROM $1\n");
    }
    $systeminfo = 1;

    return(0);
}

# This routine parses "show module".
sub ShowModule {
    print STDERR "    In ShowModule: $_" if ($debug);

    my(@lines);
    my($slot);

    while (<INPUT>) {
        tr/\015//d;
        return if (/^\s*\^$/);
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(-1) if (/command authorization failed/i);
        return(1) if /^(Invalid|Ambiguous) input:/i;

        ProcessHistory("COMMENTS","keysort","E0","; $_") && next;
    }

    return(0);
}

# This routine parses "show stack"
sub ShowStack {
    print STDERR "    In ShowStack: $_" if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(-1) if (/command authorization failed/i);
        return(1) if /^(Invalid|Ambiguous) input:/i;

        s/stacking - (Stacking Status).*/$1/i;
        s/\s*members unreachable .*$//i;

        ProcessHistory("COMMENTS","keysort","F0",";$_");

        /auto grab/i && last;
    }
    return(0);
}

# This routine processes a "write term"
sub WriteTerm {
    print STDERR "    In WriteTerm: $_" if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if(/^$prompt/);
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        s/^<-+ More -+>\s*//;
        s/^$/;/;

        # skip the crap
        /^running configuration:/i && next;

        # filter out any RCS/CVS tags to avoid confusing local CVS storage
        s/\$(Revision|Id):/ $1:/;
        /^; (\S+) configuration editor;/i &&
            ProcessHistory("COMMENTS","keysort","A0",";Chassis type: $1\n") &&
            next;

        # order logging statements - doesnt appear to do syslog as of right now
        /^logging (\d+\.\d+\.\d+\.\d+)/ &&
            ProcessHistory("LOGGING","ipsort","$1","$_") && next;

        # no so sure this match is correct.  show running doesnt seem to
        # actually o/p anything after "password (manager|operator)"
        if (/^(\s*)password (manager|operator)?/ && $filter_pwds >= 1) {
            ProcessHistory("LINE-PASS","","",";$1password $2 <removed>\n");
            next;
        }

        if (/^(snmp-server community) (\S+)/) {
            if ($filter_commstr) {
                ProcessHistory("SNMPSERVERCOMM","keysort","$_",
                        ";$1 <removed>$'") && next;
            } else {
                ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;
            }
        }
        # order/prune snmp-server host statements - it actually appears to do
        # the sortting for us, but just in case it changes ...
        # we only prune lines of the form
        # snmp-server host a.b.c.d <community>
        if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) {
            if ($filter_commstr) {
                my($ip) = $1;
                my($line) = "snmp-server host $ip";
                my(@tokens) = split(' ', $');
                my($token);
                while ($token = shift(@tokens)) {
                    if ($token eq 'version') {
                        $line .= " " . join(' ', ($token, shift(@tokens)));
                    } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) {
                        $line .= " " . $token;
                    } else {
                        $line = ";$line " . join(' ', ("<removed>", join(' ', at tokens)));
                        last;
                    }
                }
                ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n");
            } else {
                ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_");
            }
            next;
        }

        # order/prune tacacs/radius server statements
        if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 key <removed>\n");
            next;
        }
        if (/^(tacacs-server host \d+\.\S+) key / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 key <removed>\n");
            next;
        }

        # prune passwords from stack member statements
        if (/^(stack member .* password )\S+/ && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1<removed>$'");
            next;
        }

        # order arp lists
        /^ip arp\s+(\d+\.\d+\.\d+\.\d+)/ &&
            ProcessHistory("ARP","$aclsort","$1","$_") && next;

        /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ &&
            ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n")
            && next;

        # blech!!!!
        /^auto-tftp / &&
            ProcessHistory("","","",";$_") && next;


        # the rest are from rancid (i.e.: cisco), but suspect they will someday
        # be applicable or close to it.

        /^tftp-server flash /   && next; # kill any tftp remains
        /^ntp clock-period /    && next; # kill ntp clock-period
        /^ length /             && next; # kill length on serial lines
        /^ width /              && next; # kill width on serial lines
        if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) {
            ProcessHistory("ENABLE","","",";$1$2 <removed>\n");
            next;
        }
        if (/^username (\S+)(\s.*)? password /) {
            if ($filter_pwds >= 1) {
                ProcessHistory("USER","keysort","$1",";username $1$2 password <removed>\n");
            } else {
                ProcessHistory("USER","keysort","$1","$_");
            }
            next;
        }

        if (/^(ip ftp password) / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 <removed>\n"); next;
        }
        if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 <removed>\n"); next;
        }
        if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 <removed>\n"); next;
        }
        # sort route-maps
        if (/^route-map (\S+)/) {
            my($key) = $1;
            my($routemap) = $_;
            while (<INPUT>) {
                tr/\015//d;
                last if (/^$prompt/ || ! /^(route-map |[ !])/);
                if (/^route-map (\S+)/) {
                    ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
                    $key = $1;
                    $routemap = $_;
                } else  {
                    $routemap .= $_;
                }
            }
            ProcessHistory("ROUTEMAP","keysort","$key","$routemap");
        }
        # order access-lists
        /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ &&
            ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next;
        # order extended access-lists
        /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ &&
            ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next;
        /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ &&
            ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next;
        /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ &&
            ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next;

        # order alias statements
        /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next;
        # delete ntp auth password
        if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) {
            ProcessHistory("","","",";$1 <removed>\n"); next;
        }
        # order ntp peers/servers
        if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) {
            $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5);
            ProcessHistory("NTP","keysort",$sortkey,"$_");
            next;
        }
        # order ip host line statements
        /^ip host line(\d+)/ &&
            ProcessHistory("IPHOST","numsort","$1","$_") && next;
        # order ip nat source static statements
        /^ip nat (\S+) source static (\S+)/ &&
            ProcessHistory("IP NAT $1","ipsort","$2","$_") && next;
        # order ip rcmd lines
        /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next;

        # catch anything that wasnt match above.
        ProcessHistory("","","","$_");
    }
    return(0);
}

# dummy function
sub DoNothing {print STDOUT;}

# Main
@commandtable = (
        {'show version'                 => 'ShowVersion'},
        {'show flash'                   => 'ShowFlash'},
        {'show system'                  => 'ShowSystem'},
        {'show system information'      => 'ShowSystem'},
        {'show module'                  => 'ShowModule'},
        {'show stack'                   => 'ShowStack'},
        {'write term'                   => 'WriteTerm'}
);
# Use an array to preserve the order of the commands and a hash for mapping
# commands to the subroutine and track commands that have been completed.
@commands = map(keys(%$_), @commandtable);
%commands = map(%$_, @commandtable);

$cisco_cmds=join(";", at commands);
$cmds_regexp = join("|", map quotemeta($_), @commands);

if (length($host) == 0) {
    if ($file) {
        print(STDERR "Too few arguments: file name required\n");
        exit(1);
    } else {
        print(STDERR "Too few arguments: host name required\n");
        exit(1);
    }
}
open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n";
select(OUTPUT);
# make OUTPUT unbuffered if debugging
if ($debug) { $| = 1; }

if ($file) {
    print STDERR "opening file $host\n" if ($debug);
    print STDOUT "opening file $host\n" if ($log);
    open(INPUT,"<$host") || die "open failed for $host: $!\n";
} else {
    print STDERR "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
    print STDOUT "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
    if (defined($ENV{NOPIPE})) {
        system "hlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "hlogin failed for $host: $!\n";
        open(INPUT, "< $host.raw") || die "hlogin failed for $host: $!\n";
    } else {
        open(INPUT,"hlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "hlogin failed for $host: $!\n";
    }
}

# determine ACL sorting mode
if ($ENV{"ACLSORT"} =~ /no/i) {
    $aclsort = "";
}
# determine community string filtering mode
if (defined($ENV{"NOCOMMSTR"}) &&
    ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) {
    $filter_commstr = 1;
} else {
    $filter_commstr = 0;
}
# determine password filtering mode
if ($ENV{"FILTER_PWDS"} =~ /no/i) {
    $filter_pwds = 0;
} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) {
    $filter_pwds = 2;
} else {
    $filter_pwds = 1;
}

ProcessHistory("","","",";RANCID-CONTENT-TYPE: hp\n;\n");
ProcessHistory("COMMENTS","keysort","B0",";\n");        # memory info
ProcessHistory("COMMENTS","keysort","C0",";\n");        # showversion
ProcessHistory("COMMENTS","keysort","D0",";\n");        # showflash
ProcessHistory("COMMENTS","keysort","E0",";\n");        # showmodule
ProcessHistory("COMMENTS","keysort","F0",";\n");        # showstack
ProcessHistory("COMMENTS","keysort","G0",";\n");
TOP: while(<INPUT>) {
    tr/\015//d;
    if (/$prompt\s*exit\s*$/i) {
        $clean_run=1;
        last;
    }
    if (/^Error:/) {
        print STDOUT ("$host clogin error: $_");
        print STDERR ("$host clogin error: $_") if ($debug);
        $clean_run=0;
        last;
    }
    while (/#\s*($cmds_regexp)\s*$/) {
        $cmd = $1;
        if (!defined($prompt)) {
            $prompt = ($_ =~ /^([^#]+)/)[0];
            $prompt =~ s/([][}{)(\\])/\\$1/g;
            $prompt .= "[#>]";
            print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
        }
        print STDERR ("HIT COMMAND:$_") if ($debug);
        if (! defined($commands{$cmd})) {
            print STDERR "$host: found unexpected command - \"$cmd\"\n";
            $clean_run = 0;
            last TOP;
        }
        $rval = &{$commands{$cmd}};
        delete($commands{$cmd});
        if ($rval == -1) {
            $clean_run = 0;
            last TOP;
        }
    }
}
print STDOUT "Done $logincmd: $_\n" if ($log);
# Flush History
ProcessHistory("","","","");
# Cleanup
close(INPUT);
close(OUTPUT);

if (defined($ENV{NOPIPE})) {
    unlink("$host.raw") if (! $debug);
}

# check for completeness
if (scalar(%commands) || !$clean_run) {
    if (scalar(%commands)) {
        printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
        printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug);
    }
    if (!$clean_run) {
        print STDOUT "$host: End of run not found\n";
        print STDERR "$host: End of run not found\n" if ($debug);
        system("/usr/bin/tail -1 $host.new");
    }
    unlink "$host.new" if (! $debug);
-------------- next part --------------
;RANCID-CONTENT-TYPE: hp
;
;Chassis type: J8698A
;Serial Number: SG843SV10Q
;
;Memory: 122M
;
;Image: stamp:    /sw/code/build/btm(K_15_06)
;Image: Oct  8 2011 17:39:18
;Image: K.15.06.0008
;Image: 85
;Image: Boot Image:     Primary
;Image: ROM K.15.19
;
;Flash: Image             Size (bytes) Date     Version
;Flash: ----------------- ------------ -------- --------------------
;Flash: Primary Image    :    14844423 10/09/11 K.15.06.0008        
;Flash: Secondary Image  :    14844423 10/09/11 K.15.06.0008        
;Flash: Boot ROM Version : K.15.19
;Flash: Default Boot     : Primary
;
;  Status and Counters - Module Information
;   Chassis: E5412zl J8698A!        Serial Number:   SG843SV10Q
;                               Allow V1 Modules:   Yes
;   Management Module: J8726A      Serial Number:  ID840AS027   Core Dump: YES
;                                                                       Core  Mod
;   Slot Module Description                     Serial Number  Status   Dump  Ver
;   ---- -------------------------------------- -------------- -------- ----- ---
;   A    HP J8702A 24p Gig-T zl Module          SG934AT1FD     Up       NO    1  
;   B    HP J8702A 24p Gig-T zl Module          SG837AT0L2     Up       NO    1  
;   C    HP J8702A 24p Gig-T zl Module          SG842AT0JQ     Up       NO    1  
;   D    HP J8702A 24p Gig-T zl Module          SG835AT0HN     Up       NO    1  
;   I    HP J8702A 24p Gig-T zl Module          SG820AT1RM     Up       NO    1  
;   J    HP J8702A 24p Gig-T zl Module          SG835AT0H9     Up       NO    1  
;   K    HP J8702A 24p Gig-T zl Module          SG937AT06S     Up       NO    1  
;   L    HP J8702A 24p Gig-T zl Module          SG837AT0H9     Up       NO    1  
;
;
; Ver #01:0d:0c
;
hostname "PS-5412zl-2nd" 
time daylight-time-rule Middle-Europe-and-Portugal 
fastboot 
qos dscp-map 101110 priority 6 
module 1 type J8702A 
module 2 type J8702A 
module 3 type J8702A 
module 4 type J8702A 
module 9 type J8702A 
module 10 type J8702A 
module 11 type J8702A 
module 12 type J8702A 
interface A1 
   name "trunk to dc-8 with C1" 
exit
interface B18 
   name "ASA Secondary Venus" 
exit
interface B21 
   name "Venus 500mb" 
exit
interface B23 
   name "PS-LSQ-Venus-Link" 
exit
interface B24 
   name "Venus External" 
exit
interface C1 
   name "trunk to dc-8 with A1" 
exit
interface C2 
   name "Company-AP-1" 
exit
interface D24 
   name "Link to LSQ" 
   speed-duplex 100-full 
exit
interface I1 
   name "trunk to clusterfs" 
exit
interface I2 
   name "trunk to clusterfs" 
exit
interface K1 
   name "trunk to clusterfs" 
exit
interface K2 
   name "trunk to clusterfs" 
exit
interface K3 
   name "ASA Primary Venus" 
exit
interface K4 
   name "ASA Primary Inside" 
exit
interface K5 
   name "ASA Primary VLANS" 
exit
interface K6 
   name "ASA Primary Management" 
exit
interface K7 
   name "BeBonded" 
exit
interface K8 
   name "Company-SSL-2" 
exit
interface K9 
   name "Team-DC-1" 
exit
interface K11 
   name "Company-x64-b" 
exit
interface K12 
   name "Company-Hyperv-1" 
exit
interface K22 
   name "Cisco IPv6" 
exit
interface L6 
   name "Netgear VLAN access point" 
exit
interface L20 
   name "Company-csm-c" 
exit
interface L21 
   name "trunk to 1st floor" 
exit
interface L22 
   name "trunk to 1st floor" 
exit
interface L23 
   name "trunk to 5406" 
exit
interface L24 
   name "trunk to 5406" 
exit
trunk L21-L22 Trk21 Trunk 
trunk L23-L24 Trk22 Trunk 
trunk I1-I2,K1-K2 Trk23 LACP 
trunk A1,C1 Trk28 LACP 
ip default-gateway 10.200.1.254 
ip routing 
vlan 1 
   name "DEFAULT_VLAN" 
   untagged B23,D24,Trk28 
   tagged B24 
   no untagged A2-A24,B1-B22,C2-C24,D1-D23,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23 
   no ip address 
   exit 
vlan 40 
   name "LSQ-40" 
   tagged Trk21-Trk22 
   no ip address 
   exit 
vlan 41 
   name "LSQ-41" 
   tagged Trk21-Trk22 
   no ip address 
   exit 
vlan 200 
   name "PS-200" 
   untagged A3-A24,B1-B16,B19,B22,C2-C24,D1-D23,I3-I24,J1-J24,K4,K8-K21,L1-L5,L7-L20,Trk21-Trk23 
   ip address 10.200.1.11 255.255.0.0 
   ipv6 address 386:386:386:200::11/64 
   tagged B23,D24,L6,Trk28 
   exit 
vlan 201 
   name "PS-201" 
   untagged K23-K24 
   ip address 10.201.1.1 255.255.255.0 
   tagged Trk21-Trk22,Trk28 
   exit 
vlan 202 
   name "PS 202" 
   forbid K3 
   ip address 10.202.1.11 255.255.0.0 
   tagged A2-A24,B1-B16,B22-B23,C2-C24,D1-D24,I3-I24,J1-J24,K8-K21,K23,L1-L20,Trk21-Trk22,Trk28 
   exit 
vlan 220 
   name "UrbanWimax" 
   tagged B20,K5,Trk21-Trk22 
   no ip address 
   exit 
vlan 205 
   name "Guest Wifi" 
   tagged B20,C2,K5,L6,Trk21-Trk22 
   no ip address 
   exit 
vlan 215 
   name "Venus" 
   untagged B18,B21,K3,K22 
   tagged K5,Trk21-Trk22 
   no ip address 
   exit 
vlan 209 
   name "Blueprint" 
   tagged B20,B23,D24,K5,Trk21-Trk22 
   no ip address 
   exit 
vlan 210 
   name "WebDMZ" 
   tagged B20,K5,Trk21-Trk22 
   no ip address 
   exit 
vlan 250 
   name "ccr" 
   untagged A2 
   ip address 10.250.1.1 255.255.255.0 
   tagged Trk21-Trk22 
   exit 
vlan 251 
   name "ccr-priv" 
   tagged A2,Trk21-Trk22,Trk28 
   no ip address 
   exit 
vlan 999 
   name "nowhere" 
   tagged Trk21-Trk22 
   no ip address 
   exit 
vlan 1001 
   name "PS-LSQ-LINK" 
   ip address 10.1.1.1 255.255.255.0 
   ipv6 address 386:386:386:1001::200/64 
   tagged B23,D24,Trk21-Trk22 
   exit 
vlan 221 
   name "ASA Cluster" 
   untagged B17,K6 
   tagged Trk21-Trk22 
   no ip address 
   exit 
vlan 225 
   name "BeBonded" 
   untagged K7 
   tagged B20,Trk22 
   no ip address 
   exit 
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
power-over-ethernet pre-std-detect
qos device-priority 10.201.1.5 priority 6
qos device-priority 10.202.0.0/16 priority 6
sflow 1 destination 10.200.105.51
sflow 1 polling A2-A24,B1-B24,C2-C24,D1-D24,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23,Trk28 20
sflow 1 sampling A2-A24,B1-B24,C2-C24,D1-D24,I3-I24,J1-J24,K3-K24,L1-L20,Trk21-Trk23,Trk28 50
timesync sntp
sntp unicast
sntp server priority 1 10.200.100.231
sntp server priority 2 10.200.100.232
ip dns server-address priority 1 10.200.100.231
ip ssh filetransfer
ip route 0.0.0.0 0.0.0.0 10.200.1.254
ip route 10.40.0.0 255.255.0.0 10.1.1.2
ipv6 route ::/0 386:386:386:200::254
ipv6 route 386:386:386:40::/64 386:386:386:1001::40
ipv6 unicast-routing
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk21 priority 4
spanning-tree Trk22 priority 4
spanning-tree Trk23 priority 4
spanning-tree Trk28 priority 4
spanning-tree priority 1
no tftp client
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
;password manager <removed>
;


More information about the Rancid-discuss mailing list