[rancid] proxy-login rancid collection

Hagen, Skye (skyeh@uidaho.edu) skyeh at uidaho.edu
Wed Mar 25 17:01:37 UTC 2015


My particular need is when I have multiple contexts on a Cisco ASA. While
I can easily setup rancid to get the config for each individual context,
there is a special 'system' area that cannot be accessed directly. It can
only be accessed by logging into one of the contexts, then changing to the
system area. (This system area handles the physical interfaces, and the
allocation of these interfaces to the individual contexts.) To get from
the context to the system area is a single command, 'changeto system'. I
don't need to enter any additional credentials. The prompt will also
change.

I am using the 'usercmd' patch to accomplish this now, in rancid 2.3.6.
Here is what my .cloginrc looks like:

# Backup system context
# 'asa1-system.its.uidaho.edu' is just a name for rancid. No DNS or
address is needed.
# The magic happens one line below: login to asa1-system.its.uidaho.edu
via {clogin} for {my-context-enabled-device}
# When logged in, change to system context and backup
add method asa1-system.its.uidaho.edu {usercmd}
add usercmd asa1-system.its.uidaho.edu {clogin}
{asa1-accessfw.its.uidaho.edu}
add usercmd_chat asa1-system.its.uidaho.edu {#} {changeto system\r} {#}
{terminal pager 0\r}



The router.db files looks like:

asa1-system.its.uidaho.edu:cisco:up:System Context, Added by me on
7-24-2014
asa1-accessfw.its.uidaho.edu:cisco:up:Added by me on 7-16-2014



Here is the output showing the prompts and responses.

[rancid at netman-collect rancid]$ ssh me at asa1-accessfw
Warning: Permanently added 'asa1-accessfw,129.101.252.62' (RSA) to the
list of known hosts.
me at asa1-accessfw's password:
Type help or '?' for a list of available commands.
lib-asa1/ACCESSFW/act/pri> en
Password: *********
lib-asa1/ACCESSFW/act/pri# changeto system
lib-asa1/act/pri# 


Hope this helps, Skye.



On 3/25/15, 9:14 AM, "heasley" <heas at shrubbery.net> wrote:

>Many have asked for this and it will probably be the primary addition to
>rancid 3.3, but I do not have a use for it, so although I've digested most
>of the maillist discussion on the topic ('out of band access script
>change',
>'download configs from on router through another', etc), I'm not sure that
>I'd include all the relevant features, therefore i want to solicit input.
>
>I am tempted to limit the utility to executing other login scripts, ie:
>the assumption that it through a device supported by one of rancid's login
>scripts, rather than an arbitrary unix command.
>
>Please feel free to reply to me directly or to the list.
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss



More information about the Rancid-discuss mailing list