[rancid] ASA Config for Rancid

Gauthier, Chris cgauthier at comscore.com
Tue Sep 12 21:23:13 UTC 2017


Zenoss is a tool that has RANCiD integration/pluin connectivity.



Chris GauthierSenior Network Engineer | comScore, Inc.
o +1 503-331-2704cgauthier at comscore.com
317 SW Alder St, Suite 500 | Portland | OR97204
............................................................................................................................................................................................................................

On 9/12/17, 1:42 PM, "Rancid-discuss on behalf of Ryan West" <rancid-discuss-bounces at shrubbery.net on behalf of rwest at zyedge.com> wrote:

    On Tue, Sep 12, 2017 at 15:40:52, Piegorsch, Weylin William wrote:
    > 
    > Thanks Ryan.  We used to do exactly that, but it got to the point that ASAs
    > were doing far more than merely firewall – to name a few:
    > 
    > VPN
    > ... well ok these are just ASAs
    > 
    > Firewall
    >   PIX, ASA, PaloAlto 3k, PaloAlto 7k, PaloAlto 500, and I think there’s a
    > CheckPoint somewhere we haven’t yet replaced
    > 
    > NAT
    >   ASA, ASR1k, Catalyst6k, 7301, 3825
    > 
    > Routing
    >   Oh let me count the ways....
    > 
    > BGP Service Advertisement
    >   Nexus7k, ASR9k, ASR1k, 7301, ASA
    > 
    > Since the devices performing a function are so varied, the naming standard
    > cannot take model into account, merely function.  It got to the point where I
    > was essentially starting to list every ASA by specific name; after a few of
    > these it became clear this approach wouldn’t scale.
    > 
    > And to answer the other question – somewhere around 20,000 devices;
    > 11,000+ VoIP handsets, 6,000–7,000 access points, and 3,000+ of everything
    > else (though largely only that last are needed in rancid).
    > 
    
    Sounds like a fun problem to have.  There are some open source NMS products out there that integrate with RANCID and can probably write out the file for you, otherwise you would need to modify how RANCID works and have it switch to the type of device after login with a show ver command or something similar.  Let us know if you come up with anything though, I like the idea of having the device login decide the type, or at least a discovery mechanism for RANCID that would write out the proper lines to .cloginrc.
    
    -ryan
    
    _______________________________________________
    Rancid-discuss mailing list
    Rancid-discuss at shrubbery.net
    http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170912/4cafb723/attachment.html>


More information about the Rancid-discuss mailing list