[rancid] Cisco ASA various troubles

Alexander Griesser AGriesser at anexia-it.com
Mon May 29 09:02:50 UTC 2017


slavesup-* is only valid on Cisco routers/switches I think - I'm not aware of any supervisor engines even on the bigger ASAs, so I guess this command is invalid on all ASAs.
"show running-config all" works on all my ASAs (ASAv, physical ASA, security context) - so this one seems to be good and platform independent.


Alexander Griesser
Head of Systems Operations

ANEXIA Internetdienstleistungs GmbH

E-Mail: AGriesser at anexia-it.com<mailto:AGriesser at anexia-it.com>
Web: http://www.anexia-it.com<http://www.anexia-it.com/>

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Doug Hughes
Gesendet: Freitag, 26. Mai 2017 21:24
An: rancid-discuss at shrubbery.net
Betreff: Re: [rancid] Cisco ASA various troubles

Doesn't work on ASA 55* here either.

However, regarding the first command, these here don't have redundant bootflash, so that first command may be valid on certain systems. I couldn't say.

For the secocnd command, I'd recommnd just: "show running-config all" on ASA.

On 5/26/2017 12:06 PM, Alexander Griesser wrote:

If I comment out those two lines in rancid.types.base, it works again:

#cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600

#cisco;command;ios::WriteTerm;show running-config view full;workaround

for role-based CLI

The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now?

yes; i should have separated ASA/PIX from cisco a long time ago.  maybe a future version.

That would be good, I guess :)

Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms):


all of those failures should be ignored.  are you sure that the user running rancid is allowed to run those commands?

Yes, I did also login with my priv 15 account and issued those commands and got the same error message - nothing about command authorization error or anything along those lines, just the "invalid input detected" error.

ie: they are unsupported, but perhaps the CLI is returning a command authorization failure error instead of invlid input?

Not as far as I can tell. I think those commands are just not valid for ASAs.

For the sake of testing, I did just spin up one of those virtual ASAs (Cisco ASAv) and have tried to run these commands there - doesn't work either:

# show running-config view full


ERROR: % Invalid input detected at '^' marker.

# dir /all ?

  /recursive       List files recursively

  all-filesystems  List files on all filesystems

  disk0:           Directory or file name

  flash:           Directory or file name

  system:          Directory or file name


# dir /all slavesup-bootflash:


ERROR: % Invalid input detected at '^' marker.

if not, more debug output is needed and we should take it off-list.

I would be very greatful for that - just let me know how to provide the needed debug output and where to send it to.

Thank you very much!




Rancid-discuss mailing list

Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>


Doug Hughes
Keystone NAP
Fairless Hills, PA
1.844.KEYBLOCK (539.2562)

[cid:image001.png at 01D2D86B.1BEB9550]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170529/d85ac3ba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3476 bytes
Desc: image001.png
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170529/d85ac3ba/attachment.png>

More information about the Rancid-discuss mailing list