From cboyd at gizmopartners.com Mon Nov 4 16:25:15 2019 From: cboyd at gizmopartners.com (Chris Boyd) Date: Mon, 04 Nov 2019 10:25:15 -0600 Subject: [rancid] Dell EMC OS10 switch Message-ID: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> Howdy, I see that questions came up about using RANCID with a Dell EMC switch running OS10 back in July, and the potential answer was to use the "onefinity" router type. Never saw any followup on if it actually worked. So if anyone is using a Dell EMC switch with RANCID successfuly, please let me know.... Thanks! From howie at thingy.com Mon Nov 4 16:51:23 2019 From: howie at thingy.com (Howard Jones) Date: Mon, 4 Nov 2019 16:51:23 +0000 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> Message-ID: I made a slightly-tweaked version of the Force10 type for our Dell S3048-ON switches. In etc/rancid.types.conf: dell10;script;dell10rancid dell10;login;clogin And then these are the differences from f10rancid: A few commands don't exist - removed those. The switch likes to beep (send ctrl-G) in responses, so I strip control chars out. It also doesn't have 'end' at the end of the config, so the default 'saw all commands' stuff didn't work. Patch is for RANCID 3.7, but hopefully the gist is clear. $ diff -Nau f10rancid dell10rancid --- f10rancid?? 2018-04-25 08:10:28.907312760 +0000 +++ dell10rancid??????? 2019-10-22 09:50:31.871744282 +0000 @@ -1,6 +1,6 @@ ?#! /usr/bin/perl ?## -## $Id: f10rancid.in 3613 2017-02-22 21:37:22Z heas $ +## $Id: dell10rancid.in 3613 2017-02-22 21:37:22Z heas $ ?## ?## rancid 3.7 ?## Copyright (c) 1997-2017 by Henry Kilmer and John Heasley @@ -183,7 +183,7 @@ ??????? next if(/^(\s*|\s*$cmd\s*)$/); ??????? return(-1) if (/command authorization failed/i); -?????? / Type: / && chop && chop && +?????? / Type: / && chop && ??????????? ProcessHistory("COMMENTS","keysort","A1", "!$_\n"); ??????? /^.* Version.*$/ && @@ -608,15 +608,16 @@ ?# Main ?@commandtable = ( -?????? {'show version'???????????????? => 'ShowVersion'}, -?????? {'show bootvar'???????????????? => 'ShowBoot'}, -?????? {'dir flash:'?????????????????? => 'DirSlotN'}, -?????? {'dir slot0:'?????????????????? => 'DirSlotN'}, -?????? {'show chassis'???????????????? => 'ShowChassis'}, -?????? {'show system'????????????????? => 'ShowChassis'}, -?????? {'show inventory'?????????????? => 'ShowInventory'}, -?????? {'show vlan'??????????????????? => 'ShowVLAN'}, -?????? {'show running'???????????????? => 'WriteTerm'} +?????? {'show version'???????????????? => 'ShowVersion'}, +#??????? {'show bootvar'???????????????? => 'ShowBoot'}, +#??????? {'dir flash:'?????????????????? => 'DirSlotN'}, +#??????? {'dir slot0:'?????????????????? => 'DirSlotN'}, +#??????? {'show chassis'???????????????? => 'ShowChassis'}, +??????? {'show system'????????????????? => 'ShowChassis'}, +??????? {'show inventory'?????????????? => 'ShowInventory'}, +??????? {'show vlan'??????????????????? => 'ShowVLAN'}, +??????? {'show running-configuration'???????????????? => 'WriteTerm'} + ?); ?# Use an array to preserve the order of the commands and a hash for mapping ?# commands to the subroutine and track commands that have been completed. @@ -684,13 +685,23 @@ ???? $filter_pwds = 1; ?} -ProcessHistory("","","","!RANCID-CONTENT-TYPE: force10\n!\n"); +ProcessHistory("","","","!RANCID-CONTENT-TYPE: dell10\n!\n"); ?ProcessHistory("COMMENTS","keysort","B0","!\n"); ?ProcessHistory("COMMENTS","keysort","F0","!\n"); ?ProcessHistory("COMMENTS","keysort","G0","!\n"); ?TOP: while() { ???? tr/\015//d; -??? if (/\#\s?exit$/) { + +??? print STDERR "LINE: $_\n" if ($debug); + +??? if (/^Session\sterminated\s*/) { +??????? print STDERR "SAW SESSION TERMINATED\n" if ($debug); +?????? $clean_run=1; +??????? $found_end=1; +?????? last; +??? } +??? if (/\#\s?exit\s*$/) { +??????? print STDERR "SAW EXIT\n" if ($debug); ??????? $clean_run=1; ??????? last; ???? } @@ -702,9 +713,11 @@ ???? } ???? while (/#\s*($cmds_regexp)\s*$/) { ??????? $cmd = $1; +??????? print STDERR "Looking for $cmd\n" if ($debug); ??????? if (!defined($prompt)) { ??????????? $prompt = ($_ =~ /^([^#]+#)/)[0]; ??????????? $prompt =~ s/([][}{)(\\])/\\$1/g; +??????????? $prompt =~ tr/\040-\176//cd; ??????????? print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); ??????? } ??????? print STDERR ("HIT COMMAND:$_") if ($debug); @@ -714,8 +727,10 @@ ??????????? last TOP; ??????? } ??????? $rval = &{$commands{$cmd}}(*INPUT, *OUTPUT, $cmd); +??????? print STDERR "LEFT $cmd\n" if ($debug); ??????? delete($commands{$cmd}); ??????? if ($rval == -1) { +??????????? print STDERR "$host: $cmd did not return cleanly\n" if ($debug); ??????????? $clean_run = 0; ??????????? last TOP; ??????? } On 04/11/2019 16:25, Chris Boyd wrote: > Howdy, > > I see that questions came up about using RANCID with a Dell EMC switch > running OS10 back in July, and the potential answer was to use the > "onefinity" router type. Never saw any followup on if it actually > worked. > > So if anyone is using a Dell EMC switch with RANCID successfuly, please > let me know.... > > Thanks! > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Nov 4 17:12:49 2019 From: heas at shrubbery.net (john heasley) Date: Mon, 4 Nov 2019 17:12:49 +0000 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> Message-ID: <20191104171249.GB9225@shrubbery.net> Mon, Nov 04, 2019 at 04:51:23PM +0000, Howard Jones: > I made a slightly-tweaked version of the Force10 type for our Dell > S3048-ON switches. > > In etc/rancid.types.conf: > > dell10;script;dell10rancid > dell10;login;clogin > > And then these are the differences from f10rancid: > > A few commands don't exist - removed those. The switch likes to beep > (send ctrl-G) in responses, so I strip control chars out. It also > doesn't have 'end' at the end of the config, so the default 'saw all > commands' stuff didn't work. > > Patch is for RANCID 3.7, but hopefully the gist is clear. > I haven't looked at Howard's, but will. However, I am assuming that this is Dell NOS 10; maybe there is a difference from OS10 - i do not know, but maybe someone will enlighten me. rancid 3.10 has a dnos10 type that is new from another user; maybe the two should be merged. From howie at thingy.com Mon Nov 4 17:27:26 2019 From: howie at thingy.com (Howard Jones) Date: Mon, 4 Nov 2019 17:27:26 +0000 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: <20191104171249.GB9225@shrubbery.net> References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> <20191104171249.GB9225@shrubbery.net> Message-ID: On 04/11/2019 17:12, john heasley wrote: > Mon, Nov 04, 2019 at 04:51:23PM +0000, Howard Jones: >> I made a slightly-tweaked version of the Force10 type for our Dell >> S3048-ON switches. >> >> In etc/rancid.types.conf: >> >> dell10;script;dell10rancid >> dell10;login;clogin >> >> And then these are the differences from f10rancid: >> >> A few commands don't exist - removed those. The switch likes to beep >> (send ctrl-G) in responses, so I strip control chars out. It also >> doesn't have 'end' at the end of the config, so the default 'saw all >> commands' stuff didn't work. >> >> Patch is for RANCID 3.7, but hopefully the gist is clear. >> > I haven't looked at Howard's, but will. However, I am assuming that this > is Dell NOS 10; maybe there is a difference from OS10 - i do not know, but > maybe someone will enlighten me. rancid 3.10 has a dnos10 type that is > new from another user; maybe the two should be merged. Mine is very much a minimum-viable-changes job, so if NOS10==OS10, the other version is likely better! I am not the user for these switches, so I don't know much about them - I was just asked to get them working with our existing RANCID. Ours report version 10.4.1.1 (no prefix or suffix), for what it's worth. From bjorn at basis-consulting.com Tue Nov 5 08:02:19 2019 From: bjorn at basis-consulting.com (=?utf-8?Q?Bj=C3=B8rn_Skobba?=) Date: Tue, 5 Nov 2019 09:02:19 +0100 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> <20191104171249.GB9225@shrubbery.net> Message-ID: <2DE74D26-2187-48E2-A245-6140D3AE5247@basis-consulting.com> On 4 Nov 2019, at 18:27, Howard Jones wrote: > > On 04/11/2019 17:12, john heasley wrote: >> Mon, Nov 04, 2019 at 04:51:23PM +0000, Howard Jones: >>> I made a slightly-tweaked version of the Force10 type for our Dell >>> S3048-ON switches. >>> >>> In etc/rancid.types.conf: >>> >>> dell10;script;dell10rancid >>> dell10;login;clogin >>> >>> And then these are the differences from f10rancid: >>> >>> A few commands don't exist - removed those. The switch likes to beep >>> (send ctrl-G) in responses, so I strip control chars out. It also >>> doesn't have 'end' at the end of the config, so the default 'saw all >>> commands' stuff didn't work. >>> >>> Patch is for RANCID 3.7, but hopefully the gist is clear. >>> >> I haven't looked at Howard's, but will. However, I am assuming that this >> is Dell NOS 10; maybe there is a difference from OS10 - i do not know, but >> maybe someone will enlighten me. rancid 3.10 has a dnos10 type that is >> new from another user; maybe the two should be merged. > > Mine is very much a minimum-viable-changes job, so if NOS10==OS10, the other version is likely better! > > I am not the user for these switches, so I don't know much about them - I was just asked to get them working with our existing RANCID. Ours report version 10.4.1.1 (no prefix or suffix), for what it's worth. It looks like Dell S3048-ON can use either the ?old? Force10 FTOS(OS9) or Dell?s OS10 (aka (D)NOS10). As you are running the latter, the dnos10 type John mention should work. It is also based on a modified version of the f10rancid script. From a quick browse of the diff, I think they are pretty much doing the same thing. I?m using the dnos10 for our Dell S5296F-ON switches running OS10 (version 10.4.x) /bj?rn -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Tue Nov 5 11:34:05 2019 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Tue, 5 Nov 2019 11:34:05 +0000 Subject: [rancid] web frontend for git based rancid In-Reply-To: <20191030161357.H11888@naund.org> References: <20191030161357.H11888@naund.org> Message-ID: On Wed, Oct 30, 2019 at 11:14 PM Andreas Ott wrote: > > Hello, > > we have recently uplifted a server from the stoneage to a current version of > rancid, also now using git as the version control system. > > In previous generations we used cvsweb (cvs backend) and WebSVN (svn > backend) to provide at least read-only view for our operations/support > team into the different devices. For the git backend we installed gitlist > but find it lacking, especially when it comes to a very common need > "display diff between version X and version Y". > > Has anyone solved this problem in gitlist, or what other web frontend > are you using to display data from the git repository that can do this? > > Thanks, andreas > -- > Andreas Ott andreas at naund.org > My solution for this was to use a commit hook to push to an instance of gitlab ce. I miss the simple interface of viewvc, but progress... Cheers Arne From heas at shrubbery.net Tue Nov 5 17:05:55 2019 From: heas at shrubbery.net (john heasley) Date: Tue, 5 Nov 2019 17:05:55 +0000 Subject: [rancid] web frontend for git based rancid In-Reply-To: References: <20191030161357.H11888@naund.org> Message-ID: <20191105170555.GC76016@shrubbery.net> Tue, Nov 05, 2019 at 11:34:05AM +0000, shouldbe q931: > On Wed, Oct 30, 2019 at 11:14 PM Andreas Ott wrote: > > > > Hello, > > > > we have recently uplifted a server from the stoneage to a current version of > > rancid, also now using git as the version control system. > > > > In previous generations we used cvsweb (cvs backend) and WebSVN (svn > > backend) to provide at least read-only view for our operations/support > > team into the different devices. For the git backend we installed gitlist > > but find it lacking, especially when it comes to a very common need > > "display diff between version X and version Y". > > > > Has anyone solved this problem in gitlist, or what other web frontend > > are you using to display data from the git repository that can do this? > > > > Thanks, andreas > > -- > > Andreas Ott andreas at naund.org > > > > My solution for this was to use a commit hook to push to an instance > of gitlab ce. Not know the exact nature of your hack, but if using git, there is a simple method to have a remote without hacking. See the rancid FAQ S2Q8. From howie at thingy.com Tue Nov 5 17:14:12 2019 From: howie at thingy.com (Howard Jones) Date: Tue, 5 Nov 2019 17:14:12 +0000 Subject: [rancid] web frontend for git based rancid In-Reply-To: References: <20191030161357.H11888@naund.org> Message-ID: <6c87d28e-813c-87c4-b84e-589218538837@thingy.com> On 05/11/2019 11:34, shouldbe q931 wrote: > My solution for this was to use a commit hook to push to an instance > of gitlab ce. > > I miss the simple interface of viewvc, but progress... If you get fewer features, what is the progress? (serious question - I use viewvc+svn for rancid, even though I long ago switched to git for actual code. I don't know what I'd gain from this switch for rancid... there are no PRs, no merges and a single "author") From andreas at naund.org Tue Nov 5 17:31:06 2019 From: andreas at naund.org (Andreas Ott) Date: Tue, 5 Nov 2019 09:31:06 -0800 Subject: [rancid] web frontend for git based rancid In-Reply-To: References: <20191030161357.H11888@naund.org> Message-ID: Would you mind elaborating how you get gitlist to compare arbitrary revisions? I tried looking for gitlist documentation but it's "sparse". Thanks, andreas On Wed, Oct 30, 2019 at 4:20 PM Jason Biel wrote: > gitlist allows you to compare revisions. > > On Wed, Oct 30, 2019 at 6:14 PM Andreas Ott wrote: > >> Hello, >> >> we have recently uplifted a server from the stoneage to a current version >> of >> rancid, also now using git as the version control system. >> >> In previous generations we used cvsweb (cvs backend) and WebSVN (svn >> backend) to provide at least read-only view for our operations/support >> team into the different devices. For the git backend we installed gitlist >> but find it lacking, especially when it comes to a very common need >> "display diff between version X and version Y". >> >> Has anyone solved this problem in gitlist, or what other web frontend >> are you using to display data from the git repository that can do this? >> >> Thanks, andreas >> -- >> Andreas Ott andreas at naund.org >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > -- > Jason > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Nov 5 18:11:04 2019 From: heas at shrubbery.net (john heasley) Date: Tue, 5 Nov 2019 18:11:04 +0000 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: <2DE74D26-2187-48E2-A245-6140D3AE5247@basis-consulting.com> References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> <20191104171249.GB9225@shrubbery.net> <2DE74D26-2187-48E2-A245-6140D3AE5247@basis-consulting.com> Message-ID: <20191105181104.GH76016@shrubbery.net> Tue, Nov 05, 2019 at 09:02:19AM +0100, Bj?rn Skobba: > It looks like Dell S3048-ON can use either the ?old? Force10 FTOS(OS9) or Dell?s OS10 (aka (D)NOS10). As you are running the latter, the dnos10 type John mention should work. It is also based on a modified version of the f10rancid script. From a quick browse of the diff, I think they are pretty much doing the same thing. I?m using the dnos10 for our Dell S5296F-ON switches running OS10 (version 10.4.x) FWIW, I expect that these modules will diverge as DNOS evolves, as it seems to be Dell's goal. From cboyd at gizmopartners.com Thu Nov 7 00:45:23 2019 From: cboyd at gizmopartners.com (Chris Boyd) Date: Wed, 6 Nov 2019 18:45:23 -0600 Subject: [rancid] Dell EMC OS10 switch In-Reply-To: <20191105181104.GH76016@shrubbery.net> References: <579a76d61ab040c36c7de0f23b04e560da085c81.camel@gizmopartners.com> <20191104171249.GB9225@shrubbery.net> <2DE74D26-2187-48E2-A245-6140D3AE5247@basis-consulting.com> <20191105181104.GH76016@shrubbery.net> Message-ID: <1B28D8FB-F3FD-4415-958F-D8015C377F77@gizmopartners.com> OK, so my takeaway from this thread is that people are Working On It, and I?ll see support for these get rolled in sometime. I?ll make sure I have a copy of the config until the support is official. Thanks! ?Chris From linuxthreads at gmail.com Thu Nov 7 10:53:49 2019 From: linuxthreads at gmail.com (Linux Threads) Date: Thu, 7 Nov 2019 12:53:49 +0200 Subject: [rancid] rejoin AD Message-ID: Hi Freeradius Users, I was hoping you can help me in the right direction, after following http://deployingradius.com/documents/configuration/active_directory.html all is working fine however I have to join the domain repeatedly sudo /usr/bin/net join -U NETWORK-SERVICES%mypassword is there a way to check that the domain membership discontinued and then rejoin? I am running the above in cron hourly I am sure there is a better way Regards Juan From mathias at mamawe.net Thu Nov 14 09:58:28 2019 From: mathias at mamawe.net (Mathias Weidner) Date: Thu, 14 Nov 2019 10:58:28 +0100 Subject: [rancid] pfSense module Message-ID: <20191114095828.GA5159@mamawe.net> Hi all, I'm starting to use pfSense in more and more places and I would like to use RANCID to capture configuration changes like we do for other devices. I've searched the sources, the web and this mailing list. So far I've found: * 3 scripts from 2010 in share/contrib/pfsense in the sources. * http://www.shrubbery.net/pipermail/rancid-discuss/2011-June/005728.html a thread in this list on how to set the shell in pfSense to work smoothly with RANCID. * http://www.shrubbery.net/pipermail/rancid-discuss/2012-December/006603.html a thread in this list on how to use the scripts in share/contrib/pfsense. * https://github.com/dotwaffle/rancid-git a repository that contains an older version of rancid and at least two scripts (pflogin, pfrancid) that deal with pfSense firewalls. But unfortunately it's deprecated and no longer maintained. * http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009927.html a thread in this list regarding the dotwaffle repository. I also found some scripts that would directly backup the configuration from pfSense into a version control system but these seemed not work from inside RANCID as far as I have seen. What I would like is to save the configuration for our pfSense firewalls together with the other configuration files in the regular RANCID run. Before starting to adapt something of the above mentioned to our needs I want to ask if anybody here is using RANCID to backup pfSense configuration and if so how you're doing it. And last but not least, are there any other efforts to get a pfSense module into main line RANCID? Kind regards, Mathias From Wayne.Eisenberg at CarolinasIT.com Mon Nov 18 22:40:22 2019 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Mon, 18 Nov 2019 22:40:22 +0000 Subject: [rancid] moving rancid to new server Message-ID: Hi, I need to move my rancid (3.8) setup to a new server. Is it ok to tar/gzip the entire directory and copy it or just do a bulk copy via scp of the entire /usr/local/rancid directory from the old to new server (and the .cloginrc file, of course)? Or should I re-install and re-configure from scratch on the new server? It's not the same distro, but as long as the other packages (like expect) are installed, it should be pretty portable, yes? Thanks, Wayne From heas at shrubbery.net Mon Nov 18 23:10:27 2019 From: heas at shrubbery.net (john heasley) Date: Mon, 18 Nov 2019 23:10:27 +0000 Subject: [rancid] moving rancid to new server In-Reply-To: References: Message-ID: <20191118231027.GF56968@shrubbery.net> Mon, Nov 18, 2019 at 10:40:22PM +0000, Wayne Eisenberg: > Hi, > > I need to move my rancid (3.8) setup to a new server. Is it ok to tar/gzip the entire directory and copy it or just do a bulk copy via scp of the entire /usr/local/rancid directory from the old to new server (and the .cloginrc file, of course)? Or should I re-install and re-configure from scratch on the new server? It's not the same distro, but as long as the other packages (like expect) are installed, it should be pretty portable, yes? in theory, yes. rsync/tar/whatever. there are only 2 C programs in the package; as long as their libraries are satisfied (ldd ) and there are no path changes, it should work. YMMV From troyb at spacelink.com Sat Nov 23 00:58:07 2019 From: troyb at spacelink.com (Troy Beisigl) Date: Fri, 22 Nov 2019 16:58:07 -0800 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes Message-ID: Hello, We are seeing an issue on several WS-C3650-48PS (IOS-XE) switches whereby almost every rancid check shows changes that are solely the port showing active or inactive on a particular vlan. Is there some way to ignore that? This appears to happen when a port state changes. An example of what we see each time is below. - !VLAN: 10 VLAN0010 active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11 - !VLAN: Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20 - !VLAN: Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 - !VLAN: Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36 - !VLAN: Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44 - !VLAN: Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6 - !VLAN: Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14 + !VLAN: 10 VLAN0010 active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10 + !VLAN: Gi1/0/11, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19 + !VLAN: Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27 + !VLAN: Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35 + !VLAN: Gi1/0/36, Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43 + !VLAN: Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5 + !VLAN: Best, -Troy From on at LEFerguson.com Sat Nov 23 01:08:40 2019 From: on at LEFerguson.com (on at LEFerguson.com) Date: Sat, 23 Nov 2019 01:08:40 +0000 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes In-Reply-To: References: Message-ID: Yeah, this is something I keep meaning to change as well. I haven't done it, but I think you can just put something like next if (^!VLAN:); in showVLAN in ios.pm. You'll see similar checks. But I also just want to put a plug in that this is a good candidate for a rancid option. I would think that people fall into two camps -- those who declare VLAN's by interface (and so are not likely to want to see the changes as interfaces change) and those who do not (who might). Just a thought... Linwood -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Troy Beisigl Sent: Friday, November 22, 2019 7:58 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes Hello, We are seeing an issue on several WS-C3650-48PS (IOS-XE) switches whereby almost every rancid check shows changes that are solely the port showing active or inactive on a particular vlan. Is there some way to ignore that? This appears to happen when a port state changes. An example of what we see each time is below. - !VLAN: 10 VLAN0010 active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11 - !VLAN: Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20 - !VLAN: Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 - !VLAN: Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36 - !VLAN: Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44 - !VLAN: Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6 - !VLAN: Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14 + !VLAN: 10 VLAN0010 active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10 + !VLAN: Gi1/0/11, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19 + !VLAN: Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27 + !VLAN: Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35 + !VLAN: Gi1/0/36, Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43 + !VLAN: Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5 + !VLAN: Best, -Troy _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From weylin at bu.edu Sat Nov 23 21:50:06 2019 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Sat, 23 Nov 2019 21:50:06 +0000 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes In-Reply-To: References: Message-ID: You can also develop a custom type that doesn't call "show vlan". Also, I've had this occur twice in the past. - One time was happening campus-wide. I dug into it hard, and after a good amount of effort found out there was something actually happening based on a misunderstanding I had about native VLANs work in IOS. In other words: (a) I learned something, and (b) I found I had an actual misconfiguration. - The other time it turned out that there was a hardware fault on the ASIC (we're actually still using that particular Catalyst 3508). weylin ?On 11/22/19, 8:08 PM, "on at LEFerguson.com" wrote: Yeah, this is something I keep meaning to change as well. I haven't done it, but I think you can just put something like next if (^!VLAN:); in showVLAN in ios.pm. You'll see similar checks. But I also just want to put a plug in that this is a good candidate for a rancid option. I would think that people fall into two camps -- those who declare VLAN's by interface (and so are not likely to want to see the changes as interfaces change) and those who do not (who might). Just a thought... Linwood -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Troy Beisigl Sent: Friday, November 22, 2019 7:58 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes Hello, We are seeing an issue on several WS-C3650-48PS (IOS-XE) switches whereby almost every rancid check shows changes that are solely the port showing active or inactive on a particular vlan. Is there some way to ignore that? This appears to happen when a port state changes. An example of what we see each time is below. - !VLAN: 10 VLAN0010 active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11 - !VLAN: Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20 - !VLAN: Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 - !VLAN: Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36 - !VLAN: Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44 - !VLAN: Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6 - !VLAN: Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14 + !VLAN: 10 VLAN0010 active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10 + !VLAN: Gi1/0/11, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19 + !VLAN: Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27 + !VLAN: Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35 + !VLAN: Gi1/0/36, Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43 + !VLAN: Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5 + !VLAN: Best, -Troy _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From troy at i2bnetworks.com Fri Nov 22 17:11:13 2019 From: troy at i2bnetworks.com (Troy Beisigl) Date: Fri, 22 Nov 2019 09:11:13 -0800 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes Message-ID: <3BA58C8B-2FD2-4B99-8078-8DF7A90FCCCF@i2bnetworks.com> Hello, We are seeing an issue on several WS-C3650-48PS (IOS-XE) switches whereby almost every rancid check shows changes that are solely the port showing active or inactive on a particular vlan. Is there some way to ignore that? This appears to happen when a port state changes. An example of what we see each time is below. - !VLAN: 10 VLAN0010 active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11 - !VLAN: Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20 - !VLAN: Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 - !VLAN: Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35, Gi1/0/36 - !VLAN: Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43, Gi1/0/44 - !VLAN: Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6 - !VLAN: Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14 + !VLAN: 10 VLAN0010 active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10 + !VLAN: Gi1/0/11, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19 + !VLAN: Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/0/25, Gi1/0/26, Gi1/0/27 + !VLAN: Gi1/0/28, Gi1/0/29, Gi1/0/30, Gi1/0/31, Gi1/0/32, Gi1/0/33, Gi1/0/34, Gi1/0/35 + !VLAN: Gi1/0/36, Gi1/0/37, Gi1/0/38, Gi1/0/39, Gi1/0/40, Gi1/0/41, Gi1/0/42, Gi1/0/43 + !VLAN: Gi1/0/44, Gi1/0/45, Gi1/0/46, Gi1/0/47, Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5 + !VLAN: Best, -Troy From heas at shrubbery.net Mon Nov 25 16:58:00 2019 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Nov 2019 16:58:00 +0000 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes In-Reply-To: References: Message-ID: <20191125165800.GD52783@shrubbery.net> Sat, Nov 23, 2019 at 09:50:06PM +0000, Piegorsch, Weylin William: > You can also develop a custom type that doesn't call "show vlan". please do this, rather than change ios.pm. This makes it easier for you to upgrade rancid, both of which i prefer because it is easier to support you. > Also, I've had this occur twice in the past. > - One time was happening campus-wide. I dug into it hard, and after a good amount of effort found out there was something actually happening based on a misunderstanding I had about native VLANs work in IOS. In other words: (a) I learned something, and (b) I found I had an actual misconfiguration. > - The other time it turned out that there was a hardware fault on the ASIC (we're actually still using that particular Catalyst 3508). I would like to understand why this occurs for some folks and change the code to automatically ignore show vlan output when the switch is configured in a manner that would lead to it. I know that VTP does this and sometimes 802.1x and the current code tries to recognize both of these. tia for any help here. From weylin at bu.edu Mon Nov 25 18:45:31 2019 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 25 Nov 2019 18:45:31 +0000 Subject: [rancid] Cisco 3650 IOS-XE active VLAN port state changes In-Reply-To: <20191125165800.GD52783@shrubbery.net> References: <20191125165800.GD52783@shrubbery.net> Message-ID: > I would like to understand why this occurs for some folks The hardware fault, I still can?t explain what's happening. The other issue that I encountered was with native VLAN tagging. Um... I'm not sure this is something that RANCiD is geared to tackle, but here goes anyway. Depending on where you look for guidance, if you tag the native VLAN: - global config on most switches: "vlan dot1q tag native" - interface config on Cat6k (and possibly N7k, untested): "switchport trunk native vlan tag" and also specify a native VLAN ("switchport trunk native vlan "), different guidance tells you sometimes to or not-to add the native VLAN to the trunk. What I found is that if I tagged the native VLAN, used a non-default native VLAN, and didn?t include it, I got spurious behavior, but largely if I either had different native VLANs across the various different trunk ports or connected to a remote device whose adjacent interface was configured differently than the local device. If I tag the native VLAN ewverywhere and use a non-default native VLAN everywhere (the same native VLAN on both ends of a link), and also always include the native VLAN on the trunk, then it all worked ok. What was the spurious behavior? In the past, I've done some extensive independent research on native VLAN tagging, and found that VLAN 1 is always on a trunk - for some specific protocols - whether it's explicitly allowed or not (see posting I wrote on Cisco's community support forum, reference 1 below). TAC confirmed that if you use a native VLAN besides VLAN 1, then you should allow the native VLAN on the trunk regardless of the tagged state. I found across a lot of regression testing that results varied by HW model/SW version, but if you allow the native VLAN and configure both ends the same way, then things are stable. Personally, I suspect STP Loopguard, but that's just a guess plus some interesting log messages. UDLD also had interesting log messages. I also saw some weird messages from CDP, LLDP, and (most-weirdly) even LACP on non-bundled interfaces, but I'm most suspect of STP and somewhat suspect of UDLD. Basically, I never got to the root issue of what protocol was causing RANCiD's issues, but I found that doing things "correctly" then RANCiD's problem went away. Also, caution - if you?re trying for logic to determine if a VLAN is on a trunk or not, consider this scenario. All 5 commands on a single interface, what's the "native vlan"? (hint: 22, and an egressed frame is either untagged or in some cases tagged with VLAN 0) switchport mode access switchport access vlan 22 switchport trunk native vlan tag switchport trunk native vlan 117 switchport trunk allowed vlan 102-128 I've had to redo VLAN definitions across entire datacenters, but I had a devil of a time finding the extent that VLANs were applied (shutdown ports; VLAN ranges; admin-up ports that had no SFP or were unpatched; etc). I had to write a script to help me out, see reference 2 below. As for support in RANCiD - RANCiD's not built to organically be a configuration compliance validation and/or enforcement tool (though, it's got fantastic baseline to be useful as a launching point). The problem I had was a problem of configuration compliance, and a problem of fabric inter-relationships. Compliance can be built around RANCiD, but I'm concerned that if you build that in, you're really taking a big bite, especially if you're trying to be multi-vendor about it. Doing that would lead to the world of SDN. PRIME INFRASTRUCTURE and DNA-C are better tools for this (at least for Cisco kit), and if those are too expensive for a given network shop then developing and maintaining compliance scripts might be a better approach than building it directly into RANCiD. Though, I would be thrilled if shrubbery.net had a compliance tool built around RANCiD. Reference 1: https://community.cisco.com/t5/switching/does-the-native-vlan-need-to-be-allowed-on-the-trunk-port/td-p/1648181/page/2 Reference 2: https://community.cisco.com/t5/switching/identify-if-vlan-is-applied-to-switchports/td-p/3693599 weylin ?On 11/25/19, 11:58 AM, "john heasley" wrote: Sat, Nov 23, 2019 at 09:50:06PM +0000, Piegorsch, Weylin William: > You can also develop a custom type that doesn't call "show vlan". please do this, rather than change ios.pm. This makes it easier for you to upgrade rancid, both of which i prefer because it is easier to support you. > Also, I've had this occur twice in the past. > - One time was happening campus-wide. I dug into it hard, and after a good amount of effort found out there was something actually happening based on a misunderstanding I had about native VLANs work in IOS. In other words: (a) I learned something, and (b) I found I had an actual misconfiguration. > - The other time it turned out that there was a hardware fault on the ASIC (we're actually still using that particular Catalyst 3508). I would like to understand why this occurs for some folks and change the code to automatically ignore show vlan output when the switch is configured in a manner that would lead to it. I know that VTP does this and sometimes 802.1x and the current code tries to recognize both of these. tia for any help here. From nineoften at hotmail.com Tue Nov 26 20:53:02 2019 From: nineoften at hotmail.com (Ni Ne) Date: Tue, 26 Nov 2019 20:53:02 +0000 Subject: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future? Message-ID: OpenGear has published rancid and login files that work with their console servers. The page describing it is here: https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support The direct link to their code is: https://opengear.zendesk.com/hc/en-us/article_attachments/209925523/opengear-rancid-v2.1.zip I just implemented their scripts, replacing very old custom hack-jobs I put together years ago, using some other existing login scripts as a base. Their scripts handle the prompts better than my legacy code. I have successfully tested their code on ~150 OpenGear console servers of various models (IM7200, IM4xxx, CMx) and on various software versions - 3.16 through 4.5 There are some tweaks I made, like running their show version code first. And that line is not commented out in the resulting output file. But beyond that, it works fine. Would it be possible for their code to be reviewed and merged with official rancid source for easier future use? Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Nov 27 03:01:58 2019 From: heas at shrubbery.net (john heasley) Date: Wed, 27 Nov 2019 03:01:58 +0000 Subject: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future? In-Reply-To: References: Message-ID: <20191127030158.GA79016@shrubbery.net> Tue, Nov 26, 2019 at 08:53:02PM +0000, Ni Ne: > OpenGear has published rancid and login files that work with their console servers. > > The page describing it is here: > > https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support > > The direct link to their code is: > > https://opengear.zendesk.com/hc/en-us/article_attachments/209925523/opengear-rancid-v2.1.zip > > I just implemented their scripts, replacing very old custom hack-jobs I put together years ago, using some other existing login scripts as a base. Their scripts handle the prompts better than my legacy code. > > I have successfully tested their code on ~150 OpenGear console servers of various models (IM7200, IM4xxx, CMx) and on various software versions - 3.16 through 4.5 > > There are some tweaks I made, like running their show version code first. And that line is not commented out in the resulting output file. But beyond that, it works fine. > > Would it be possible for their code to be reviewed and merged with official rancid source for easier future use? > sure. I've asked them for permission. It will have to be brought up to date with the current code and I will need your (and/or other's) help to test those changes. From nineoften at hotmail.com Wed Nov 27 05:19:29 2019 From: nineoften at hotmail.com (Ni Ne) Date: Wed, 27 Nov 2019 05:19:29 +0000 Subject: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future? In-Reply-To: <20191127030158.GA79016@shrubbery.net> References: , <20191127030158.GA79016@shrubbery.net> Message-ID: I'd be happy to test it. Thanks! Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android ________________________________ From: john heasley Sent: Tuesday, November 26, 2019 8:01:58 PM To: Ni Ne Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future? Tue, Nov 26, 2019 at 08:53:02PM +0000, Ni Ne: > OpenGear has published rancid and login files that work with their console servers. > > The page describing it is here: > > https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support > > The direct link to their code is: > > https://opengear.zendesk.com/hc/en-us/article_attachments/209925523/opengear-rancid-v2.1.zip > > I just implemented their scripts, replacing very old custom hack-jobs I put together years ago, using some other existing login scripts as a base. Their scripts handle the prompts better than my legacy code. > > I have successfully tested their code on ~150 OpenGear console servers of various models (IM7200, IM4xxx, CMx) and on various software versions - 3.16 through 4.5 > > There are some tweaks I made, like running their show version code first. And that line is not commented out in the resulting output file. But beyond that, it works fine. > > Would it be possible for their code to be reviewed and merged with official rancid source for easier future use? > sure. I've asked them for permission. It will have to be brought up to date with the current code and I will need your (and/or other's) help to test those changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: