[rancid] show policy detail on extreme switches

lexore lexore at gmail.com
Wed May 21 11:18:16 UTC 2014


Hello.

We use rancid to backup configs of Extreme switches.
I noticed, that rancid don't save output of "show policy detail".
We need to backup this too.
I tried to add support of this command to xrancid.
I wrote subroutine (copy of WriteTerm), added string to @commandtable,
but without success.
Syntax of output "show policy detail" significant differ from usual
cisco-style configs.
Is anyone solved this for it's own needs?
Or maybe you could suggest, how i can add support of this command in xrancid?

I attached example of ouput "show policy detail" to message.
Copy here: http://pastebin.com/p6h4bgsE
We use Extreme Summit X670V
ExtremeXOS version 15.3.1.4 v1531b4-patch1-29

Thanks in advance.
Igor.

--
lexore at gmail.com
-------------- next part --------------
Policies at Policy Server:
Policy: IXFilter
entry IXFilter1 {
if match all {
    ethernet-destination-address 01:80:c2:00:00:02 ;
    ethernet-type 0x8809 ;
}
then {
    permit  ;
}
}
entry IXFilter2 {
if match all {
    ethernet-type 0x0800 ;
}
then {
    permit  ;
}
}
entry IXFilter3 {
if match all {
    ethernet-type 0x0806 ;
}
then {
    permit  ;
}
}
entry IXFilter4 {
if match all {
    ethernet-type 0x86dd ;
}
then {
    permit  ;
}
}
entry IXFilter6 {
if match all {
    ethernet-destination-address 00:00:00:00:00:00 / 00:00:00:00:00:00 ;
}
then {
    deny  ;
}
}
Number of clients bound to policy: 1
Client: acl bound once

Policy: SrvFilter
entry SrvFilter1 {
if match all {
    ethernet-destination-address 01:80:c2:00:00:02 ;
    ethernet-type 0x8809 ;
}
then {
    permit  ;
}
}
entry SrvFilter2 {
if match all {
    ethernet-type 0x0800 ;
}
then {
    permit  ;
}
}
entry SrvFilter3 {
if match all {
    ethernet-type 0x0806 ;
}
then {
    permit  ;
}
}
entry SrvFilter4 {
if match all {
    ethernet-type 0x86dd ;
}
then {
    permit  ;
}
}
entry SrvFilter5 {
if match all {
    ethernet-destination-address 00:00:00:00:00:00 / 00:00:00:00:00:00 ;
}
then {
    deny  ;
}
}
Number of clients bound to policy: 1
Client: acl bound once

Policy: UpStreamFilter
entry LACP_permit {
if match all {
    ethernet-destination-address 01:80:c2:00:00:02 ;
    ethernet-type 0x8809 ;
}
then {
    packet-count LACP_permit ;
    permit  ;
}
}
entry IPV4_permit {
if match all {
    ethernet-type 0x0800 ;
}
then {
    packet-count IPV4_permit ;
    permit  ;
}
}
entry ARP_permit {
if match all {
    ethernet-type 0x0806 ;
}
then {
    packet-count ARP_permit ;
    permit  ;
}
}
entry IPV6_permit {
if match all {
    ethernet-type 0x86dd ;
}
then {
    packet-count IPV6_permit ;
    permit  ;
}
}
entry STP_deny {
if match all {
    ethernet-type 0x0802 ;
}
then {
    packet-count STP_deny ;
    permit  ;
}
}
entry ALL_deny {
if match all {
    ethernet-destination-address 00:00:00:00:00:00 / 00:00:00:00:00:00 ;
}
then {
    packet-count ALL_deny ;
    permit  ;
}
}
Number of clients bound to policy: 1
Client: acl bound once

Policy: vty-access
entry AllowTheseSubnets {
if match any {
    source-address 1.1.1.0/24 ;
}
then {
    permit  ;
}
}
Number of clients bound to policy: 1
Client: exsshd bound once


More information about the Rancid-discuss mailing list