[rancid] Cisco ASA various troubles

heasley heas at shrubbery.net
Fri May 26 16:02:08 UTC 2017 

Fri, May 26, 2017 at 03:46:33PM +0000, Alexander Griesser:
> Hi,
> 
> again, after the upgrade to 3.6, the following errors started to appear on our infrastructure:
> 
> Device:
> Cisco Adaptive Security Appliance Software Version 9.1(7) <context>
> 
> Trying to get all of the configs.
> 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full
> =====================================
> Getting missed routers: round 1.
> 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full
> =====================================
> Getting missed routers: round 2.
> 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full
> =====================================
> Getting missed routers: round 3.
> 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full
> =====================================
> Getting missed routers: round 4.
> 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full
> 
> If I comment out those two lines in rancid.types.base, it works again:
> 
> #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600
> #cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI
> 
> The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now?

yes; i should have separated ASA/PIX from cisco a long time ago.  maybe a
future version.

> Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms):
> 
> Cisco Adaptive Security Appliance Software Version 9.1(7)11
> # show running-config view full
>                                       ^
> ERROR: % Invalid input detected at '^' marker.
> 
> # show version | inc Adaptive
> Cisco Adaptive Security Appliance Software Version 9.8(1)
> # show running-config view full
>                                          ^
> ERROR: % Invalid input detected at '^' marker.
> # dir /all slavesup-bootflash:
>                             ^
> ERROR: % Invalid input detected at '^' marker.

all of those failures should be ignored.  are you sure that the user
running rancid is allowed to run those commands?  ie: they are unsupported,
but perhaps the CLI is returning a command authorization failure error
instead of invlid input?

if not, more debug output is needed and we should take it off-list.

More information about the Rancid-discuss mailing list