[rancid] RANCID/clogin context-change FWSM/ASA
Daniel Tuecks
dtuecks at googlemail.com
Wed Nov 18 11:13:30 UTC 2015
Hey,
back in 2006 there was a patch on this list:
http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html. We
are still using this patch even today with rancid-3.2. With this you can
tweak your .cloginrc to switch the context on login. Each contexts is
treated as a separate device:
# Base login for the asa-01 device
add user asa-01 username
add password asa-01 password password
add method asa-01 {ssh:22}
add autoenable asa-01 {0}
add cyphertype asa-01 3DES
# Login to admin on asa-01
add method asa-01-admin {usercmd}
add usercmd asa-01-admin {clogin} {asa-01}
add usercmd_chat asa-01-admin {asa-01/admin#} {changeto system\r} {asa-01#}
{changeto context admin\r} {asa-01/admin#} {\r}
# Login to fwcontext on asa-01
add method asa-01-fwcontext {usercmd}
add usercmd asa-01-fwcontext {clogin} {asa-01}
add usercmd_chat asa-01-fwcontext {asa-01/admin#} {changeto system\r}
{asa-01#} {changeto context fwcontext\r} {asa-01/fwcontext#} {\r}
With this you can do 'clogin asa-01-fwcontext'.
Regards,
Daniel
2015-11-18 7:51 GMT+01:00 christian.filips at tu-dortmund.de <
christian.filips at tu-dortmund.de>:
> I found a working solution:
>
> /usr/lib/rancid/bin/clogin -c 'terminal pager 0;changeto context
> admin\rchangeto context system;sh running-config\rexit'
>
> The prompt seems not to be the problem, the problem appears at the
> "changeto"!
> I saw, that it worked with the actual logged-in-user: "admin# changeto
> context admin" No timeout!
> So i tried it with the actual one and DIRECTLY with a "return" (\r) behind
> it an change tu the system context - this works, without ";"!
> The same problem later in the commands, so i type also a \r at before the
> "exit". Fine!
>
> Now i can work with the script.
> Thanks and greetings.
> :-)
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im
> Auftrag von Howard Jones
> Gesendet: Dienstag, 17. November 2015 22:17
> An: rancid-discuss at shrubbery.net
> Betreff: Re: [rancid] RANCID/clogin context-change FWSM/ASA
>
> I did look at this a while ago and there was also a change required in
> clogin so that the expect script also looked for a wider variety prompt.
>
> On 17/11/15 20:58, Alan McKinnon wrote:
> > The code that does it usually looks something like this in main() (it
> > can be different for each *rancid parser script):
> >
> > if (!defined($prompt)) {
> > $prompt = ($_ =~ /^([^#>]+[#>])/)[0];
> > $prompt =~ s/([][}{)(\\])/\\$1/g;
> > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
> > }
> >
> > This should do the right thing:
> >
> > $prompt = ($_ =~ /^([^#>]+[#>])\s*$/)[0];
> >
> > That will skip the first two prompts in your output below and pick the
> > 3rd, and correct, one. To work, the FSWM prompt must behave
> > predictably like this.
> >
> >
> > On 17/11/2015 17:51, Lee Rian (CENSUS/TCO FED) wrote:
> >>> What could be the problem here?
> >>
> >> RANCID looks for the prompt. If it doesn't see it you get a timeout
> >>
> >>
> >> I'm going to guess the problem is the prompt is different in the
> >> system context. I just tried it & got:
> >>
> >>
> >> asaname/admin> ena
> >> Password: ****************
> >> asaname/admin# changeto context system asaname#
> >>
> >>
> >> & no, sorry, I don't know how to deal with the prompt changing on you
> >> like that.
> >>
> >>
> >> Regards,
> >>
> >> Lee
> >>
> >>
> >>
> >>
> >> ------------------------------------------------------------------------
> >> *From:* Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf
> >> of christian.filips at tu-dortmund.de <christian.filips at tu-dortmund.de>
> >> *Sent:* Tuesday, November 17, 2015 4:26 AM
> >> *To:* rancid-discuss at shrubbery.net
> >> *Subject:* [rancid] RANCID/clogin context-change FWSM/ASA
> >>
> >>
> >> Hello all!
> >>
> >>
> >>
> >> I have the problem to change the context after login into a Cisco FWSM.
> >>
> >> This is my clogin-command:
> >>
> >>
> >>
> >> =============
> >>
> >> rancid at host:$ /usr/lib/rancid/bin/clogin -c 'terminal pager 0;
> changeto
> >> context system;sh running-config;exit' asa-address
> >>
> >> asa-address
> >>
> >> spawn ssh -c 3des -x -l cisco_login asa-address
> >>
> >> login at asa-address's password:
> >>
> >> Type help or '?' for a list of available commands.
> >>
> >> asa-address/admin> enable
> >>
> >> Password:
> >>
> >> asa-address/admin#
> >>
> >> asa-address/admin# terminal length 0
> >>
> >> ^
> >>
> >> ERROR: % Invalid input detected at '^' marker.
> >>
> >> asa-address/admin# terminal width 132
> >>
> >> ^
> >>
> >> ERROR: % Invalid input detected at '^' marker.
> >>
> >> asa-address/admin# terminal pager 0
> >>
> >> asa-address/admin# changeto context system
> >>
> >>
> >>
> >> Error: TIMEOUT reached
> >>
> >> rancid at host:$
> >>
> >> =============
> >>
> >>
> >>
> >> The timeout appears at nearly 45 seconds.
> >>
> >> -
> >>
> >> I tried to find out something with the -d option, but it looks ok.
> >>
> >> I could mail, if useful, the output also.
> >>
> >> -
> >>
> >> I ran this on a ASA 5585, and it works fine there!
> >>
> >> Also for our Switches (without context-change ;-)).
> >>
> >> What could be the problem here?
> >>
> >>
> >>
> >> Thanks for help or new ideas!
> >>
> >> BR
> >>
> >> Christian
> >>
> >> /Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich.
> >> Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht
> >> der für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den
> >> Absender und vernichten Sie diese Mail. Vielen Dank.
> >> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen
> >> ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher
> >> Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung
> >> eines solchen Schriftstücks per Telefax erfolgen.
> >>
> >> Important note: The information included in this e-mail is confidential.
> >> It is solely intended for the recipient. If you are not the intended
> >> recipient of this e-mail please contact the sender and delete this
> >> message. Thank you. Without prejudice of e-mail correspondence, our
> >> statements are only legally binding when they are made in the
> >> conventional written form (with personal signature) or when such
> >> documents are sent by fax. /
> >>
> >>
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >>
> >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie
> ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für
> diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender
> und vernichten Sie diese Mail. Vielen Dank.
> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen
> ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher
> Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines
> solchen Schriftstücks per Telefax erfolgen.
>
> Important note: The information included in this e-mail is confidential.
> It is solely intended for the recipient. If you are not the intended
> recipient of this e-mail please contact the sender and delete this message.
> Thank you. Without prejudice of e-mail correspondence, our statements are
> only legally binding when they are made in the conventional written form
> (with personal signature) or when such documents are sent by fax.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20151118/c65e202e/attachment.html>
More information about the Rancid-discuss
mailing list