[rancid] Rancid 3.10 and ASA 9.14 failing?

on at LEFerguson.com on at LEFerguson.com
Mon May 4 00:56:43 UTC 2020


My apologies, I think I missed this one.  Thank you for testing.

Why is "no aaa authentication login-history" needed?   I've tried it both ways and it still works.   While I think it's pretty moot from a practical standpoint, most security auditors will complain if it's off.



From: Ryan Gelobter [mailto:ryan.g at atwgpc.net]
Sent: Tuesday, April 28, 2020 12:03 AM
To: on at LEFerguson.com
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing?

I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no issues. I assume you know about making sure you run 'no aaa authentication login-history' as that's needed for 9.9 as well. I can't remember if cisco added that banner prompt in 9.2.

Regards,
Ryan

On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com<mailto:on at LEFerguson.com> <on at leferguson.com<mailto:on at leferguson.com>> wrote:
I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not pull from rancid giving this error:

HIT COMMAND:XXXXX-ASA1# show running-config
    In WriteTerm: XXXXX-ASA1# show running-config
HIT COMMAND:XXXXX-ASA1# write term
    In WriteTerm: XXXXX-ASA1# write term
xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show flash:, show running-config view full

Another otherwise identically configured ASA on 9.9(2) works fine.

All three of these commands work the same on 9.2 as on 9.14 (i.e. first and third do not exist, and show flash works). So it's something more subtle.

I've reviewed the release notes for 3.11 and didn't see anything that may apply; I am a bit reluctant to upgrade as I have a lot of changes to scripts to retrofit and upgrading is a pretty big job.

It's also remotely possible I broke this in one of my changes; again, a bit painful to back all changes out to tell.

So… please save me a bit of time… is anyone using ASA version 9.14 with Rancid?   Does it work, or fail the same way?  Knowing either one will save me a lot of time.

Thanks,
Linwood

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at www.shrubbery.net<mailto:Rancid-discuss at www.shrubbery.net>
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20200504/78363e47/attachment.htm>


More information about the Rancid-discuss mailing list