From weylin at bu.edu Sun May 3 19:10:56 2020 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Sun, 3 May 2020 19:10:56 +0000 Subject: [rancid] Unable to pull configuration from Cisco WLC 8.5 In-Reply-To: References: Message-ID: <483BB477-3AD5-41AA-9076-E29BA340666D@bu.edu> Do you have the .raw file? I had this problem at one point too. It had something to do with not correctly parsing the logout sequence. I modified my version to check for the right sequence, but it was an old version of rancid, and my specific logout sequence was caught in a newer version. But, 8.5.161 might have changed the specific text that the logout sequence sends, so rancid?s parser might not catch it yet. Weylin From: Charles Allen Date: Wednesday, April 22, 2020 at 5:36 PM To: "rancid-discuss at www.shrubbery.net" Subject: [rancid] Unable to pull configuration from Cisco WLC 8.5 Rancid version: 3.12 Cisco WLC: 8.5.161.0 I cannot successfully pull the configuration from my Cisco WLC. In every case, it just gives the generic error ?End of run not found.? However, if I execute the command to pull configuration via rancid, the .new file looks complete and without issue. I have tried changing the various commands executed but with no success. Looking for a smarter person than I to perhaps give some direction or recommendations. [rancid at xxxx ~]$ NOPIPE=yes rancid -d -t cisco-wlc8 wlc loadtype: device type cisco-wlc8 loadtype: found device type cisco-wlc8 at /usr/local/rancid/etc/rancid.types.base:351 executing wlogin -t 120 -c"show udi;show sysinfo;show run-config commands" wlc PROMPT MATCH: $Cisco Controller$ > HIT COMMAND:(Cisco Controller) >show udi In ShowUdi: (Cisco Controller) >show udi HIT COMMAND:(Cisco Controller) >show sysinfo In ShowSysinfo: (Cisco Controller) >show sysinfo HIT COMMAND:(Cisco Controller) >show run-config commands In ShowConfig: (Cisco Controller) >show run-config commands wlc : End of run not found wlc : clean_run is false !--WLC End Config Data--! -------------- next part -------------- An HTML attachment was scrubbed... URL: From on at LEFerguson.com Mon May 4 00:56:43 2020 From: on at LEFerguson.com (on at LEFerguson.com) Date: Mon, 4 May 2020 00:56:43 +0000 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? In-Reply-To: References:

Message-ID: My apologies, I think I missed this one. Thank you for testing. Why is "no aaa authentication login-history" needed? I've tried it both ways and it still works. While I think it's pretty moot from a practical standpoint, most security auditors will complain if it's off. From: Ryan Gelobter [mailto:ryan.g at atwgpc.net] Sent: Tuesday, April 28, 2020 12:03 AM To: on at LEFerguson.com Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing? I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no issues. I assume you know about making sure you run 'no aaa authentication login-history' as that's needed for 9.9 as well. I can't remember if cisco added that banner prompt in 9.2. Regards, Ryan On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com > wrote: I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not pull from rancid giving this error: HIT COMMAND:XXXXX-ASA1# show running-config In WriteTerm: XXXXX-ASA1# show running-config HIT COMMAND:XXXXX-ASA1# write term In WriteTerm: XXXXX-ASA1# write term xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show flash:, show running-config view full Another otherwise identically configured ASA on 9.9(2) works fine. All three of these commands work the same on 9.2 as on 9.14 (i.e. first and third do not exist, and show flash works). So it's something more subtle. I've reviewed the release notes for 3.11 and didn't see anything that may apply; I am a bit reluctant to upgrade as I have a lot of changes to scripts to retrofit and upgrading is a pretty big job. It's also remotely possible I broke this in one of my changes; again, a bit painful to back all changes out to tell. So? please save me a bit of time? is anyone using ASA version 9.14 with Rancid? Does it work, or fail the same way? Knowing either one will save me a lot of time. Thanks, Linwood _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From charles.allen at zagg.com Mon May 4 15:21:16 2020 From: charles.allen at zagg.com (Charles Allen) Date: Mon, 4 May 2020 15:21:16 +0000 Subject: [rancid] Unable to pull configuration from Cisco WLC 8.5 In-Reply-To: <483BB477-3AD5-41AA-9076-E29BA340666D@bu.edu> References: <483BB477-3AD5-41AA-9076-E29BA340666D@bu.edu> Message-ID: Weylin, You are correct that a lot of my issue was surrounding the logout sequence. Thankfully I was able to get this resolved with the help of John from Rancid. There were two things that were impacting me: * First, I had an issue with TACACS where the 'config paging disable' could not be executed. To expand on this, there are seven groups to which a user could be assigned on the WLC. It just so happened that I was using the one group, MONITOR, that didn?t allow for the config level command to issues. * Second, in the process of my troubleshooting I had started to tweak the versions of EXPECT and TCL because of a separate email chain I had read on the discussion board. I had to recently rebuild my server because of a variety of issues. After reinstalling Rancid the WLC scripts now all work correctly. A couple of things to note that might help people who encounter this issue, some information on install: Centos 7, fully patched, I am running EXPECT version 5.45 and TCL version 8.5. Also I?m running Rancid 3.12. Thanks. Charlie Allen From: Piegorsch, Weylin William Sent: Sunday, May 3, 2020 1:11 PM To: Charles Allen ; rancid-discuss at www.shrubbery.net Subject: Re: [rancid] Unable to pull configuration from Cisco WLC 8.5 Do you have the .raw file? I had this problem at one point too. It had something to do with not correctly parsing the logout sequence. I modified my version to check for the right sequence, but it was an old version of rancid, and my specific logout sequence was caught in a newer version. But, 8.5.161 might have changed the specific text that the logout sequence sends, so rancid?s parser might not catch it yet. Weylin From: Charles Allen > Date: Wednesday, April 22, 2020 at 5:36 PM To: "rancid-discuss at www.shrubbery.net" > Subject: [rancid] Unable to pull configuration from Cisco WLC 8.5 Rancid version: 3.12 Cisco WLC: 8.5.161.0 I cannot successfully pull the configuration from my Cisco WLC. In every case, it just gives the generic error ?End of run not found.? However, if I execute the command to pull configuration via rancid, the .new file looks complete and without issue. I have tried changing the various commands executed but with no success. Looking for a smarter person than I to perhaps give some direction or recommendations. [rancid at xxxx ~]$ NOPIPE=yes rancid -d -t cisco-wlc8 wlc loadtype: device type cisco-wlc8 loadtype: found device type cisco-wlc8 at /usr/local/rancid/etc/rancid.types.base:351 executing wlogin -t 120 -c"show udi;show sysinfo;show run-config commands" wlc PROMPT MATCH: $Cisco Controller$ > HIT COMMAND:(Cisco Controller) >show udi In ShowUdi: (Cisco Controller) >show udi HIT COMMAND:(Cisco Controller) >show sysinfo In ShowSysinfo: (Cisco Controller) >show sysinfo HIT COMMAND:(Cisco Controller) >show run-config commands In ShowConfig: (Cisco Controller) >show run-config commands wlc : End of run not found wlc : clean_run is false !--WLC End Config Data--! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryan.g at atwgpc.net Mon May 4 23:23:32 2020 From: ryan.g at atwgpc.net (Ryan Gelobter) Date: Mon, 4 May 2020 18:23:32 -0500 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? In-Reply-To: References:

Message-ID: Maybe there's an option or a patch I'm missing but I've noticed if I have that on, rancid fails to backup because it messes with the first line it expects when it logs in. Regards, Rya On Sun, May 3, 2020 at 7:56 PM on at LEFerguson.com wrote: > My apologies, I think I missed this one. Thank you for testing. > > > > Why is "no aaa authentication login-history" needed? I've tried it both > ways and it still works. While I think it's pretty moot from a practical > standpoint, most security auditors will complain if it's off. > > > > > > > > *From:* Ryan Gelobter [mailto:ryan.g at atwgpc.net] > *Sent:* Tuesday, April 28, 2020 12:03 AM > *To:* on at LEFerguson.com > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Rancid 3.10 and ASA 9.14 failing? > > > > I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no > issues. I assume you know about making sure you run 'no aaa authentication > login-history' as that's needed for 9.9 as well. I can't remember if cisco > added that banner prompt in 9.2. > > > > Regards, > > Ryan > > > > On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com > wrote: > > I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not > pull from rancid giving this error: > > > > HIT COMMAND:XXXXX-ASA1# show running-config > > In WriteTerm: XXXXX-ASA1# show running-config > > HIT COMMAND:XXXXX-ASA1# write term > > In WriteTerm: XXXXX-ASA1# write term > > xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show > flash:, show running-config view full > > > > Another otherwise identically configured ASA on 9.9(2) works fine. > > > > All three of these commands work the same on 9.2 as on 9.14 (i.e. first > and third do not exist, and show flash works). So it's something more > subtle. > > > > I've reviewed the release notes for 3.11 and didn't see anything that may > apply; I am a bit reluctant to upgrade as I have a lot of changes to > scripts to retrofit and upgrading is a pretty big job. > > > > It's also remotely possible I broke this in one of my changes; again, a > bit painful to back all changes out to tell. > > > > So? please save me a bit of time? is anyone using ASA version 9.14 with > Rancid? Does it work, or fail the same way? Knowing either one will save > me a lot of time. > > > > Thanks, > > Linwood > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From on at LEFerguson.com Mon May 4 23:30:07 2020 From: on at LEFerguson.com (on at LEFerguson.com) Date: Mon, 4 May 2020 23:30:07 +0000 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? In-Reply-To: References:

Message-ID: That may be something I fixed, frankly I've lost track of all the little things like that I've patched. That's one reason that upgrades are so hard, I have to do a lot of differences each time. I need to investigate where it is with github, maybe I can do a more managed version; when I started I do not think it was possible. But thanks for the reminder; now when I see that piece of code next upgrade I may recognize it. ? From: Ryan Gelobter [mailto:ryan.g at atwgpc.net] Sent: Monday, May 4, 2020 7:24 PM To: on at LEFerguson.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing? Maybe there's an option or a patch I'm missing but I've noticed if I have that on, rancid fails to backup because it messes with the first line it expects when it logs in. Regards, Rya On Sun, May 3, 2020 at 7:56 PM on at LEFerguson.com > wrote: My apologies, I think I missed this one. Thank you for testing. Why is "no aaa authentication login-history" needed? I've tried it both ways and it still works. While I think it's pretty moot from a practical standpoint, most security auditors will complain if it's off. From: Ryan Gelobter [mailto:ryan.g at atwgpc.net] Sent: Tuesday, April 28, 2020 12:03 AM To: on at LEFerguson.com Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing? I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no issues. I assume you know about making sure you run 'no aaa authentication login-history' as that's needed for 9.9 as well. I can't remember if cisco added that banner prompt in 9.2. Regards, Ryan On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com > wrote: I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not pull from rancid giving this error: HIT COMMAND:XXXXX-ASA1# show running-config In WriteTerm: XXXXX-ASA1# show running-config HIT COMMAND:XXXXX-ASA1# write term In WriteTerm: XXXXX-ASA1# write term xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show flash:, show running-config view full Another otherwise identically configured ASA on 9.9(2) works fine. All three of these commands work the same on 9.2 as on 9.14 (i.e. first and third do not exist, and show flash works). So it's something more subtle. I've reviewed the release notes for 3.11 and didn't see anything that may apply; I am a bit reluctant to upgrade as I have a lot of changes to scripts to retrofit and upgrading is a pretty big job. It's also remotely possible I broke this in one of my changes; again, a bit painful to back all changes out to tell. So? please save me a bit of time? is anyone using ASA version 9.14 with Rancid? Does it work, or fail the same way? Knowing either one will save me a lot of time. Thanks, Linwood _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue May 5 01:28:47 2020 From: heas at shrubbery.net (john heasley) Date: Tue, 5 May 2020 01:28:47 +0000 Subject: [rancid] Rancid 3.10 and ASA 9.14 failing? In-Reply-To: References:

Message-ID: <20200505012847.GC17507@shrubbery.net> Mon, May 04, 2020 at 06:23:32PM -0500, Ryan Gelobter: > Maybe there's an option or a patch I'm missing but I've noticed if I have > that on, rancid fails to backup because it messes with the first line it > expects when it logs in. I think this is what you're looking for, also in rancid 3.8: https://github.com/haussli/rancid/commit/8c42b459807713226c5bc89a0038a77a778ebc69 From troy at i2bnetworks.com Thu May 7 20:53:16 2020 From: troy at i2bnetworks.com (Troy Beisigl) Date: Thu, 7 May 2020 13:53:16 -0700 Subject: [rancid] FS switches Message-ID: Hello Everyone, I was trying to do a google search for anyone using rancid with FS switches. It basically came up with nothing. So I thought I would post here. We are looking to add some FS S5500 switches to rancid. Has anyone written a plugin for these switches? Best, -Troy From troyb at spacelink.com Thu May 7 21:19:02 2020 From: troyb at spacelink.com (Troy Beisigl) Date: Thu, 7 May 2020 14:19:02 -0700 Subject: [rancid] FS switches Message-ID: Hello Everyone, I was trying to do a google search for anyone using rancid with FS switches. It basically came up with nothing. So I thought I would post here. We are looking to add some FS S5500 switches to rancid. Has anyone written a plugin for these switches? Best, -Troy From michael.kupec at blueovalcorral.com Thu May 7 22:52:20 2020 From: michael.kupec at blueovalcorral.com (Michael J Kupec) Date: Thu, 7 May 2020 18:52:20 -0400 Subject: [rancid] Temp disable a device in rancid Message-ID: We?ve moved our data center network to a new set of up addresses and I havdd Ed a couple devices sending out alerts they are unavailable. I thought I had bookmarked a site that talked about suspending the alerts but can?t find it. Anyone have a link to how to disable the warning messages? Sent via iPhone MJKupec mkupec at designdata.com From c.o.hopkins at gmail.com Fri May 8 16:13:24 2020 From: c.o.hopkins at gmail.com (Craig Hopkins) Date: Fri, 8 May 2020 17:13:24 +0100 Subject: [rancid] Temp disable a device in rancid In-Reply-To: References: Message-ID: In your router.db file mark them as down On Thu, 7 May 2020, 23:52 Michael J Kupec, wrote: > We?ve moved our data center network to a new set of up addresses and I > havdd Ed a couple devices sending out alerts they are unavailable. > I thought I had bookmarked a site that talked about suspending the alerts > but can?t find it. > Anyone have a link to how to disable the warning messages? > > Sent via iPhone > MJKupec > mkupec at designdata.com > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 8 16:18:29 2020 From: heas at shrubbery.net (john heasley) Date: Fri, 8 May 2020 16:18:29 +0000 Subject: [rancid] Temp disable a device in rancid In-Reply-To: References:

Message-ID: <20200508161829.GD20235@shrubbery.net> Fri, May 08, 2020 at 05:13:24PM +0100, Craig Hopkins: > In your router.db file mark them as down FWIW, anything other than 'up' is considered 'down'; meaning that you can mark these devies with some other tag, such as "temporarily_disabled". A trailing field may also exist, such as: hostname;type;down;disabled for maintenance PR# nnnn From ggiesen at giesen.me Mon May 11 19:39:19 2020 From: ggiesen at giesen.me (=?utf-8?q?Gary_T=2E_Giesen?=) Date: Mon, 11 May 2020 15:39:19 -0400 Subject: [rancid] =?utf-8?b?Pz09P3V0Zi04P3E/ICBwcm94eS1sb2dpbiByYW5jaWQg?= =?utf-8?q?collection?= In-Reply-To: <20150325161446.GF45425@shrubbery.net> Message-ID: <6b2d-5eb9aa00-3-7202978@143392629> Did this ever get implemented? I have looked through a bunch of release notes and mail list archives but I could not find any further mention of it. Thanks, GTG On Wednesday, March 25, 2015 12:14 EDT, heasley wrote: ?Many have asked for this and it will probably be the primary addition to rancid 3.3, but I do not have a use for it, so although I've digested most of the maillist discussion on the topic ('out of band access script change', 'download configs from on router through another', etc), I'm not sure that I'd include all the relevant features, therefore i want to solicit input. I am tempted to limit the utility to executing other login scripts, ie: the assumption that it through a device supported by one of rancid's login scripts, rather than an arbitrary unix command. Please feel free to reply to me directly or to the list. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From Wayne.Eisenberg at carolinasit.com Tue May 12 19:12:41 2020 From: Wayne.Eisenberg at carolinasit.com (Wayne Eisenberg) Date: Tue, 12 May 2020 19:12:41 +0000 Subject: [rancid] misc questions Message-ID: Hi, I'm sure it's there and I'm just not searching properly, but how does rancid stop the '--More--' prompt on Catalyst switches? I usually see/use 'terminal length 0' , but I don't find that in the rancid.pm or ios.pm modules. (I'm on v3.6.2 at the moment.) Also, in the line " cisco;command;ios::WriteTerm;more system:running-config;ASA/PIX" what does the last ';ASA/PIX' section for? Just a comment? Does the script do something with it or does the script simply ignore everything after the command section? Thanks, Wayne ________________________________ This E-mail and any of its attachments may contain Logically, Inc. proprietary information, which is privileged, confidential, or subject to copyright belonging to Logically, Inc.. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. From heas at shrubbery.net Tue May 12 22:58:21 2020 From: heas at shrubbery.net (john heasley) Date: Tue, 12 May 2020 22:58:21 +0000 Subject: [rancid] misc questions In-Reply-To: References: Message-ID: <20200512225821.GD68988@shrubbery.net> Tue, May 12, 2020 at 07:12:41PM +0000, Wayne Eisenberg: > Hi, > > I'm sure it's there and I'm just not searching properly, but how does rancid stop the '--More--' prompt on Catalyst switches? I usually see/use 'terminal length 0' , but I don't find that in the rancid.pm or ios.pm modules. (I'm on v3.6.2 at the moment.) the login script tries to disable the pager. where it can not, it tries to filter it from the output. > Also, in the line " cisco;command;ios::WriteTerm;more system:running-config;ASA/PIX" what does the last ';ASA/PIX' section for? Just a comment? Does the script do something with it or does the script simply ignore everything after the command section? In router.db or rancid.types.{conf,base}, additional trailing fields are ignored. From Mikko.Peltokangas at alavus.fi Wed May 13 07:15:14 2020 From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko) Date: Wed, 13 May 2020 07:15:14 +0000 Subject: [rancid] Extreme 200-series switches In-Reply-To: <1589311380826.68330@alavus.fi> References: <1589311380826.68330@alavus.fi> Message-ID: <1589354114188.27901@alavus.fi> ??Hello, is there any good guide to backup Extreme 200-series switches? -- Br, Mikko Peltokangas -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed May 13 19:21:50 2020 From: heas at shrubbery.net (heasley) Date: Wed, 13 May 2020 19:21:50 +0000 Subject: [rancid] proxy-login rancid collection In-Reply-To: <6b2d-5eb9aa00-3-7202978@143392629> References: <20150325161446.GF45425@shrubbery.net> <6b2d-5eb9aa00-3-7202978@143392629> Message-ID: <20200513192150.GJ66669@shrubbery.net> Mon, May 11, 2020 at 03:39:19PM -0400, Gary T. Giesen: > > Did this ever get implemented? I have looked through a bunch of release notes and mail list archives but I could not find any further mention of it. I have nothing usable yet. I will work on that next. There are two hack that were contributed on the ML that might suit you for the immediate. > Thanks, > > GTG > > On Wednesday, March 25, 2015 12:14 EDT, heasley wrote: > ?Many have asked for this and it will probably be the primary addition to > rancid 3.3, but I do not have a use for it, so although I've digested most > of the maillist discussion on the topic ('out of band access script change', > 'download configs from on router through another', etc), I'm not sure that > I'd include all the relevant features, therefore i want to solicit input. > > I am tempted to limit the utility to executing other login scripts, ie: > the assumption that it through a device supported by one of rancid's login > scripts, rather than an arbitrary unix command. > > Please feel free to reply to me directly or to the list. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > ? From timoid at timoid.org Thu May 14 06:12:10 2020 From: timoid at timoid.org (Tim Warnock) Date: Thu, 14 May 2020 06:12:10 +0000 Subject: [rancid] Sanity Check - A10login Message-ID: Hi Guys, As per https://github.com/haussli/rancid/blob/master/bin/a10login.in Would you expect line 320 to read: -re "Are you sure .*to quit" { Currently its missing the -re part and it doesn't seem to work without it. Thanks Tim.