[rancid] Reasoning behind not running a "show vlan" if specific VTP options are set?
Lee
ler762 at gmail.com
Sat Jan 14 14:00:52 UTC 2017
On 1/13/17, heasley <heas at shrubbery.net> wrote:
> Fri, Jan 13, 2017 at 10:24:43AM -0500, Lee:
>> On 1/13/17, Mischa Diehm <mischa.diehm at unibas.ch> wrote:
>> > Hi
>> >
>> > I was wondering why we didn’t get any
>> > !VLAN…
>> > lines for our nexus 7700 rancid runs and found out that on the nexus a
>> > „show
>> > vtp“ gives:
>> >
>> > XXX-cc# show vtp status
>> > Service not enabled
>> >
>> > looking at the code I found that in /usr/share/perl5/rancid/nxos.pm:
>> >
>> > In sub ShowVTP
>> > # Nexus 5k and 1000v do note support vtp
>> > if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) {
>> > $DO_SHOW_VLAN = 0;
>> > }
>> > and later in sub ShowVLAN:
>> >
>> > ($_ = <$INPUT>, return(1)) if (!$DO_SHOW_VLAN);
>> >
>> > Similar for ios.. I wonder why it would be bad to have the output of
>> > „show
>> > vlan“ in the config even if we were running the VTP-Modes exclude like
>> > „Server“. Okay the vlan configs might be inside the config (not always
>> > like
>> > in the „Server“ case) but the „show vlan“ shows more information like
>> > which
>> > interfaces are configured etc. So wouldn’t it be good to just remove
>> > this
>> > restriction?
>
> It causes nevery-ending changes in the config as ports become
> active/inactive, eg: someone disconnects or powers-off equipment.
For IOS switches I added
'show vlan all-ports'
'show vlan'
before
'show vlan-switch'
and added this bit at the end of sub ShowVLAN
$DO_SHOW_VLAN = 0; # -LR-
# -LR- not everything supports "show vlan all-ports"
# -LR- so do "show vlan all-ports" first and, if it succeeds,
# -LR- clear the flag so we do not do a plain "show vlan"
return(0);
so rancid would save only the output from the first show vlan command
that succeeded.
'show vlan all-ports' shows vlan info even for shutdown switchports &
most all our stuff supports show vlan all-ports, so config-churn
wasn't a problem.
> and in the case of VTP, it potentially is network wide.
<.. snip rant about vtp ..>
> if you wanted to monitor such things, its
> probably best done in a NMS, where you'd catch all such changes.
It's nice having rancid collect vlan info; you can do things like
process all the configs to create a summary listing of
vlanNum vlanName: switch1 switch2 ... switchN
showing what vlans are configured where, do config sanity checks that
for all "switchport voice vlan NNN" the vlan NNN name starts with
"voice_", etc.
> rancid 3.5 added for some modules:
>
> # FILTER_OSC determines if oscillating data such as keys, passwords, etc
> are
> # filtered from configs by the value set (NO | YES). FILTER_PWDS may
> override
> # this. see rancid.conf(5).
> #FILTER_OSC=YES; export FILTER_OSC
>
> such a thing could be dependent upon this configuration, but again I do not
> see the point.
which is why it's so nice having the source code :) Whatever pain
caused by collecting vlan info in rancid was, i thought, more than
offset by the utility of having rancid collect vlan info.
Best Regards,
Lee
More information about the Rancid-discuss
mailing list