[rancid] Rancid 3.10 and ASA 9.14 failing?

on at LEFerguson.com on at LEFerguson.com
Mon May 4 23:30:07 UTC 2020

That may be something I fixed, frankly I've lost track of all the little things like that I've patched.  That's one reason that upgrades are so hard, I have to do a lot of differences each time.  I need to investigate where it is with github, maybe I can do a more managed version; when I started I do not think it was possible.

But thanks for the reminder; now when I see that piece of code next upgrade I may recognize it.  ☺

From: Ryan Gelobter [mailto:ryan.g at atwgpc.net]
Sent: Monday, May 4, 2020 7:24 PM
To: on at LEFerguson.com; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing?

Maybe there's an option or a patch I'm missing but I've noticed if I have that on, rancid fails to backup because it messes with the first line it expects when it logs in.


On Sun, May 3, 2020 at 7:56 PM on at LEFerguson.com<mailto:on at LEFerguson.com> <on at leferguson.com<mailto:on at leferguson.com>> wrote:
My apologies, I think I missed this one.  Thank you for testing.

Why is "no aaa authentication login-history" needed?   I've tried it both ways and it still works.   While I think it's pretty moot from a practical standpoint, most security auditors will complain if it's off.

From: Ryan Gelobter [mailto:ryan.g at atwgpc.net<mailto:ryan.g at atwgpc.net>]
Sent: Tuesday, April 28, 2020 12:03 AM
To: on at LEFerguson.com<mailto:on at LEFerguson.com>
Cc: rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Rancid 3.10 and ASA 9.14 failing?

I spun up an ASAv 9.14.1 with a brand new rancid 3.10 install and had no issues. I assume you know about making sure you run 'no aaa authentication login-history' as that's needed for 9.9 as well. I can't remember if cisco added that banner prompt in 9.2.


On Mon, Apr 27, 2020 at 11:59 AM on at LEFerguson.com<mailto:on at LEFerguson.com> <on at leferguson.com<mailto:on at leferguson.com>> wrote:
I'm on 3.10 and just upgraded an cisco 5516 asa to 9.14, and it will not pull from rancid giving this error:

HIT COMMAND:XXXXX-ASA1# show running-config
    In WriteTerm: XXXXX-ASA1# show running-config
    In WriteTerm: XXXXX-ASA1# write term
xxxxx-asa1.etsbcad.local: missed cmd(s): show redundancy secondary, show flash:, show running-config view full

Another otherwise identically configured ASA on 9.9(2) works fine.

All three of these commands work the same on 9.2 as on 9.14 (i.e. first and third do not exist, and show flash works). So it's something more subtle.

I've reviewed the release notes for 3.11 and didn't see anything that may apply; I am a bit reluctant to upgrade as I have a lot of changes to scripts to retrofit and upgrading is a pretty big job.

It's also remotely possible I broke this in one of my changes; again, a bit painful to back all changes out to tell.

So… please save me a bit of time… is anyone using ASA version 9.14 with Rancid?   Does it work, or fail the same way?  Knowing either one will save me a lot of time.


Rancid-discuss mailing list
Rancid-discuss at www.shrubbery.net<mailto:Rancid-discuss at www.shrubbery.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20200504/42241a62/attachment.htm>

More information about the Rancid-discuss mailing list