[rancid] Unable to Conduct Cisco Wireless Controller Backup
Piegorsch, Weylin William
weylin at bu.edu
Mon Jul 30 10:59:39 UTC 2018
Hi John,
I'm still playing around with AAA. What I'm finding, is that the f*&^% WLC CLI authorization mechanism is all bork bork bork. I can set a read-only role, but that disables the ability to issue the "config pager disable" command since the entire "config *" command tree is not available. I can set a higher role, and perhaps the command will appear, but I'm struggling to figure out how to create a custom role definition (I suspect it might be impossible since the Cisco WLC is designed to be GUI-based). We can discuss another time allowing automation to make changes to the system - I'm fighting this battle internally but it's not going well, for now let's just say I need to demonstrate confidence that rancid will only get data, not change anything more complicated than a "last login" notice.
In any event - so, this leaves me with the CLI role I have, and without the "config paging disable" to be used.
I'm running rancid 3.4.1, I notice the latest 3.8 is slightly different in wlogin. But, they're relatively similar, and neither version (I think?) catches the specific prompts that might appear to prompt for paging. Might they possibly be added? See below what I did to wlogin v3.4.1 (aka my installation), let me know if I did this wrong (I'm an accomplished network engineer... but a poor excuse for a software engineer).
Also, wlogin uses "exit" to close the CLI when -c or -x is specified; it needs to be "logout" instead regardless of user role. Where do I change this? I suppose I can do this in rancid.types.base (.conf?), but I'd prefer not to since I /do/ use *login with the -p and -u options on occasion with some simple BASH command-line scripts to accomplish manual campus-wide pre-planned changes. I tried grep'ing through some files, that didn't work too well.
Weylin
I modified 3.4.1 bin/wlogin on this line:
for {set i 0} {$i < $num_commands} { incr i} {
send -- "[subst -nocommands [lindex $commands $i]]\r"
expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)"
exp_continue
}
-re "^--More--\[\r\n]+" { # specific match c1900 pager
send " "
exp_continue
}
-re "\[\n\r]+" { send_user -- "$expect_out(buffer)"
exp_continue
}
+ -re "^--More-- .*" { send "q" # note the [[:space:]] between --More-- and the period
+ exp_continue
+ }
}
}}
On 7/27/18, 6:30 PM, "Piegorsch, Weylin William" <weylin at bu.edu> wrote:
This might be a tacacs issue. When I log in as a normal user, the config paging disable command appears when I type "?". I'll play around with that over the weekend.
Weylin
(cumm111-wism-aca05) >?
debug Manages system debug options.
exit
grep Print lines matching a pattern.
help Help
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
show Display switch options and settings.
(cumm111-wism-aca05) >
On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" <weylin at bu.edu> wrote:
Ah; thanks, I see it there. Something is amiss with that. "eval... ; cat -v" output below.
Weylin
[rancid at nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C cumm111-wism-aca05.bu.edu` &> output
[rancid at nsgv-prod-59 ~]$ cat -v output
cumm111-wism-aca05.bu.edu
spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-wism-aca05.bu.edu^M
^M
Access to this system is permitted for authorized persons only. All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at Boston University is subject to the terms of the Boston University Conditions of Use and Policy on Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M
(cumm111-wism-aca05) ^M
User: rancid^M
Password:*******^M
(cumm111-wism-aca05) >^M
(cumm111-wism-aca05) >config paging disable^M
^M
Incorrect usage. Use the '?' or <TAB> key to list commands.^M
^M
(cumm111-wism-aca05) >show udi^M
^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2"
^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M
^M
(cumm111-wism-aca05) >show sysinfo^M
^M
Manufacturer's Name.............................. Cisco Systems Inc.^M
Product Name..................................... Cisco Controller^M
Product Version.................................. 8.2.166.0^M
Bootloader Version............................... 1.0.20^M
Field Recovery Image Version..................... 7.6.101.1^M
Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2^M
Build Type....................................... DATA + WPS
^M
System Name...................................... cumm111-wism-aca05^M
System Location.................................. 111 Cummington St., Room B05^M
System Contact................................... Network Operations Center^M
System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M
Redundancy Mode.................................. SSO^M
IP Address....................................... 10.123.18.234^M
IPv6 Address..................................... ::^M
Last Reset....................................... Software reset^M
System Up Time................................... 98 days 3 hrs 47 mins 5 secs^M
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)^M
System Stats Realtime Interval................... 5^M
System Stats Normal Interval..................... 180
^M
^M
Error: TIMEOUT reached
[rancid at nsgv-prod-59 ~]$
On 7/27/18, 11:16 AM, "heasley" <heas at shrubbery.net> wrote:
Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William:
> I did some experimenting, issuing the "config paging disable" CLI command on initial login seems to eliminate the paging issue, similar to the ASA "terminal pager 0" or the IOS "terminal length 0".
> weylin
wlogin should have sent this command at the beginning. please look at
the beginning of the transcript with the device.
> On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" <weylin at bu.edu> wrote:
>
> When I login as myself and run the "show sysinfo" command, I get the below output. I notice that rancid (wlogin) gets stuck on the prompt at the end there. When expect sees the prompt, a <space> would be the appropriate response. I'm not sure how to disable paging, unfortunately.
>
> Weylin
>
> (cumm111-wism-aca05) >show sysinfo
>
> Manufacturer's Name.............................. Cisco Systems Inc.
> Product Name..................................... Cisco Controller
> Product Version.................................. 8.2.166.0
> Bootloader Version............................... 1.0.20
> Field Recovery Image Version..................... 7.6.101.1
> Firmware Version................................. FPGA 1.7, Env 0.0, USB console 2.2
> Build Type....................................... DATA + WPS
>
> System Name...................................... cumm111-wism-aca05
> System Location.................................. 111 Cummington St., Room B05
> System Contact................................... Network Operations Center
> System ObjectID.................................. 1.3.6.1.4.1.9.1.1293
> Redundancy Mode.................................. SSO
> IP Address....................................... 10.123.18.234
> IPv6 Address..................................... ::
> Last Reset....................................... Software reset
> System Up Time................................... 97 days 17 hrs 26 mins 34 secs
> System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
> System Stats Realtime Interval................... 5
> System Stats Normal Interval..................... 180
>
>
> --More-- or (q)uit
>
>
>
>
>
> On 7/26/18, 6:43 PM, "heasley" <heas at shrubbery.net> wrote:
>
> Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin William:
> > I should note that using the NOPIPE=yes thing causes the "controller wlogin error: Error: Connection closed (ssh): controller" message that I show below. If I omit the NOPIPE environment variable on the CLI, I get the output I showed in the other email, where it hangs in the middle of output.
> >
> > weylin
>
> i dont see the problem in what you've provided; you'll have to share more
> output with me.
>
> eval `rancid -t cisco-wlc8 -C hostname` &> output
>
>
>
>
More information about the Rancid-discuss
mailing list