From owner-rancid-discuss-outgoing@shrubbery.net Thu Jul 3 03:11:18 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h633BI520925 for ; Thu, 3 Jul 2003 03:11:18 GMT Received: by guelah.shrubbery.net (Postfix) id 7324317D048; Thu, 3 Jul 2003 03:11:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5DD2F17D04B; Thu, 3 Jul 2003 03:11:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from biola.edu (mail.biola.edu [64.208.12.25]) by guelah.shrubbery.net (Postfix) with ESMTP id 55E4E17D048 for ; Thu, 3 Jul 2003 03:11:16 +0000 (UTC) Received: from bubbs-gw.biola.edu ([10.7.1.9] verified) by biola.edu (CommuniGate Pro SMTP 4.0.3) with ESMTP id 19527588 for rancid-discuss@shrubbery.net; Wed, 02 Jul 2003 20:13:56 -0700 Message-id: Date: Wed, 02 Jul 2003 20:12:18 -0700 Subject: RANCID on OS X (Darwin) To: rancid-discuss@shrubbery.net From: "Mark Duling" MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello All, It turns out that RANCID runs on Mac OS X with no modifications. I did something wrong the first time and I'm not sure what but I didn't know what I was doing at first so who knows. The install and configuration went without a hitch the second time around. I have an unfinished howto that gives the pre-requisites for non-Unix savvy people like myself. Tcl/tk and expect are installed together as a binary. And I included "cheat" instructions for those who don't want to deal with sendmail. The rest is as described in the instructions or Chris Boyd's howto for BSD. In case it helps another Mac user I am pasting the first 4 steps of my howto for OS X in case it helps anyone else. Mark -------------------------------------------------------------------- 1) Install the Developer Tools – You can use the CD that came with OS X if you have it or download it from Apple's developer web site. This is required to compile and run open source software. 2) Configure OS X to send email from the command line – You may configure sendmail but it is challenging to configure. Most UNIX commercial email software supports sendmail emulation such as Communigate Pro from Stalker Software or Post.Office from Tenon systems. Both are simpler to get up and running than sendmail and they have free unlicensed demo versions that will support a few users or aliases which is all RANCID needs. The install program for each sets up sendmail emulation automatically. To check this, after the install type: ls –l /usr/sbin/sendmail and observe if sendmail has the correct symbolic link (output abbrev) lrwxr-xr-x /usr/sbin/sendmail -> /usr/sbin/CommuniGatePro/sendmail (for CGPro) lrwxr-xr-x /usr/sbin/sendmail -> /usr/local/post.office/bin/sendmail (for Post.Office) Test the email server by sending a test message from the command line: mail [ mailto:joe@exp.com ]joe@exp.com (enter a subject, some body text, terminate message with Control-D) 3) Install tcl/tk and expect - RANCID requires a program called expect which in turn requires the scripting language tcl/tk. The tcl/tkAqua "Batteries Included" OS X package includes both of these two items. Download and install the package. It can be found at Source.Forge.net or Apple's site. Here is the link on Apple’s site: http://www.apple.com/downloads/macosx/unix_open_source/tcltkaqua.html Install RANCID 4) Add /usr/local/bin to the path (so RANCID can find expect during install) Type the following command: PATH $PATH “:usr/local/bin” From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 03:01:02 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69312529532 for ; Wed, 9 Jul 2003 03:01:02 GMT Received: by guelah.shrubbery.net (Postfix) id 49AE517D041; Wed, 9 Jul 2003 03:01:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3461117D048; Wed, 9 Jul 2003 03:01:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from biola.edu (mail.biola.edu [64.208.12.25]) by guelah.shrubbery.net (Postfix) with ESMTP id 0581417D041 for ; Wed, 9 Jul 2003 03:01:00 +0000 (UTC) Received: from bubbs-gw.biola.edu ([10.7.1.9] verified) by biola.edu (CommuniGate Pro SMTP 4.0.3) with ESMTP id 20212252 for rancid-discuss@shrubbery.net; Tue, 08 Jul 2003 20:02:07 -0700 Message-id: Date: Tue, 08 Jul 2003 20:02:03 -0700 Subject: Cisco Catalyst 6000, 4000, 1900 To: rancid-discuss@shrubbery.net From: "Mark Duling" MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello All, I cannot get RANCID to get configs on some of our Cisco catalyst switches. 1) Is there anyway to get RANCID to get a config on a 1900? They have the menu driven interface and I can't find a way to turn it off. One can exit to the command line but I presume RANCID cannot do that. 2) Also, RANCID cannot get configs for our 6000 and 4000 series catalyst's either. It can login. The error message is at the bottom of this message. I read what the FAQ says about 6500's and I tried runnning the cat5rancid file script but it doesn't seem to be getting it still but maybe I'm not using it right. The same for the 4000's. They both have enable prompts like this: prompt> (enable) Any help is greatly appreciated. Mark -------------------------------------------------- I didn't think I was running CatOS but here is the version info for the 6000: WS-C6006 Software, Version NmpSW: 7.2(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Apr 25 2002, 12:37:52 And the RANCID log info: 10.10.10.4: missed cmd(s): show bootvar,dir /all sup-microcode:,show boot,show vlan,dir /all slot0:,show c7200,show module,dir /all slot1:,write term,dir /all sup-bootflash:,dir /all nvram:,dir /all slot2:,show diag,show version,show controllers cbus,show env all,dir /all disk0:,dir /all disk1:,show vtp status,dir /all disk2:,show gsr chassis,show variables boot,show controllers,dir /all bootflash:,show diagbus,show flash,show install active 10.10.10.4: End of run not found ! From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 07:26:33 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h697QX508709 for ; Wed, 9 Jul 2003 07:26:33 GMT Received: by guelah.shrubbery.net (Postfix) id AC7F717D038; Wed, 9 Jul 2003 07:26:32 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9134917D03C; Wed, 9 Jul 2003 07:26:32 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mta02ps.bigpond.com (mta02ps.bigpond.com [144.135.25.134]) by guelah.shrubbery.net (Postfix) with ESMTP id 9C30917D038 for ; Wed, 9 Jul 2003 07:26:30 +0000 (UTC) Received: from choqolat.org ([144.135.25.84]) by mta02ps.bigpond.com (Netscape Messaging Server 4.15 mta02ps Jul 16 2002 22:47:55) with SMTP id HHQXYV00.E1N; Wed, 9 Jul 2003 17:25:43 +1000 Received: from cpe-144-132-105-242.vic.bigpond.net.au ([144.132.105.242]) by psmam06bpa.bigpond.com(MailRouter V3.2g 116/2729799); 09 Jul 2003 17:25:41 Message-ID: <3F0BC2E6.6060003@choqolat.org> Date: Wed, 09 Jul 2003 17:23:18 +1000 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030625 Thunderbird/0.1a X-Accept-Language: en-us, en MIME-Version: 1.0 To: listuser@numbnuts.net Cc: rancid-discuss@shrubbery.net Subject: Re: Riverstone Router (and Enterasys 8600s, anyone?) References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk listuser@numbnuts.net wrote: >Their router OS's CLI would be quite familar to anyone familar with >Cisco's IOS. The verb and noun have been switched to stave off Cisco >lawsuit threats for using something similar to their CLI. Other than that >it's quite close to the feel of IOS. You won't get anything out of their >swtiches though. They are all menu driven. I never have been able to >work out and expect script to manipulate it. > > yeah.. we have a number of 8600s, and mostly 2200s and VHs that need collection. you could capture all the output of a script fumbling through the menus, then strip all the evil escape chars, and place the information into the repository.. not great, but better than nothing, perhaps. we have a script to gather the information, just not parse it into something suitable for the repository at this stage. Are folks out there using the rivlogin (from 2.3-eft) successfully with version 8 software on SSR8600s? -afort From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 09:40:39 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h699ec501708 for ; Wed, 9 Jul 2003 09:40:38 GMT Received: by guelah.shrubbery.net (Postfix) id 5099D17D03B; Wed, 9 Jul 2003 09:40:38 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2CC0117D03E; Wed, 9 Jul 2003 09:40:38 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from khq-ems.kgex.com.tw (mail.kgex.com.tw [211.78.1.18]) by guelah.shrubbery.net (Postfix) with ESMTP id BAF1617D03B for ; Wed, 9 Jul 2003 09:40:35 +0000 (UTC) Received: by KHQ-EMS with Internet Mail Service (5.5.2653.19) id ; Wed, 9 Jul 2003 17:23:18 +0800 Message-ID: From: KEVINC To: Andrew Fort , listuser@numbnuts.net Cc: rancid-discuss@shrubbery.net Subject: RE: Riverstone Router (and Enterasys 8600s, anyone?) Date: Wed, 9 Jul 2003 17:23:08 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I have some experience on Enterasys 8600 with Rancid 2.3 some tip I can share with you ! 1.use short router name 2.use "system set terminal rows 0 " command Yikuo Chan. -----Original Message----- From: Andrew Fort [mailto:afort@choqolat.org] Sent: Wednesday, July 09, 2003 3:23 PM To: listuser@numbnuts.net Cc: rancid-discuss@shrubbery.net Subject: Re: Riverstone Router (and Enterasys 8600s, anyone?) listuser@numbnuts.net wrote: >Their router OS's CLI would be quite familar to anyone familar with >Cisco's IOS. The verb and noun have been switched to stave off Cisco >lawsuit threats for using something similar to their CLI. Other than that >it's quite close to the feel of IOS. You won't get anything out of their >swtiches though. They are all menu driven. I never have been able to >work out and expect script to manipulate it. > > yeah.. we have a number of 8600s, and mostly 2200s and VHs that need collection. you could capture all the output of a script fumbling through the menus, then strip all the evil escape chars, and place the information into the repository.. not great, but better than nothing, perhaps. we have a script to gather the information, just not parse it into something suitable for the repository at this stage. Are folks out there using the rivlogin (from 2.3-eft) successfully with version 8 software on SSR8600s? -afort From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 09:56:22 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h699uM504801 for ; Wed, 9 Jul 2003 09:56:22 GMT Received: by guelah.shrubbery.net (Postfix) id 1824417D03F; Wed, 9 Jul 2003 09:56:22 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E9F5F17D042; Wed, 9 Jul 2003 09:56:21 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mta08ps.bigpond.com (mta08ps.bigpond.com [144.135.25.169]) by guelah.shrubbery.net (Postfix) with ESMTP id 9B69F17D03F for ; Wed, 9 Jul 2003 09:56:20 +0000 (UTC) Received: from choqolat.org ([144.135.25.75]) by mta08ps.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0HHR0098W4TB7X@mta08ps.email.bigpond.com> for rancid-discuss@shrubbery.net; Wed, 09 Jul 2003 19:53:35 +1000 (EST) Received: from cpe-144-132-105-242.vic.bigpond.net.au ([144.132.105.242]) by psmam03bpa.bigpond.com(MAM REL_3_3_2c 89/866056); Wed, 09 Jul 2003 19:53:37 +0000 Date: Wed, 09 Jul 2003 19:50:56 +1000 From: Andrew Fort Subject: Re: Riverstone Router (and Enterasys 8600s, anyone?) In-reply-to: To: KEVINC Cc: rancid-discuss@shrubbery.net Message-id: <3F0BE580.3030807@choqolat.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030625 Thunderbird/0.1a References: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk KEVINC wrote: > I have some experience on Enterasys 8600 with Rancid 2.3 > some tip I can share with you ! > > 1.use short router name > 2.use "system set terminal rows 0 " command > > Thanks for your notes Kevin, I've patched the provided rivlogin to perform "cli set terminal rows 0" initially. Is this the same as "system set terminal rows 0", or different? Either way, 'cli set term row 0' seems to work OK in that regard (it's per session, not a configuration setting, which is the same as clogin using "term length 0" on IOS). The problem we're having is due to the annoying escaping the OS does when completion occurs. Disabling completion doesn't appear to stop the box from spitting out control characters, though. The regexp's in the rivlogin code to take care of this situation (ignore the line, print the contents of the command back to the system so that rivrancid notices this rather than a munged set of escape characters) doesn't work for us, but I haven't quite worked out why yet. Why did you need to shorten the router name? -afort From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 14:38:51 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69Ecp517089 for ; Wed, 9 Jul 2003 14:38:51 GMT Received: by guelah.shrubbery.net (Postfix) id EF62717D042; Wed, 9 Jul 2003 14:38:51 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id DB22517D047; Wed, 9 Jul 2003 14:38:50 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from hcssun01.hcs.net (hcssun01.hcs.net [204.194.36.14]) by guelah.shrubbery.net (Postfix) with ESMTP id 515CF17D042 for ; Wed, 9 Jul 2003 14:38:49 +0000 (UTC) Received: from hcs.net (fred.hcs.net [204.194.36.240]) by hcssun01.hcs.net (8.12.9/8.12.9) with ESMTP id h69EcjDD029141 for ; Wed, 9 Jul 2003 10:38:45 -0400 (EDT) Message-ID: <3F0C287A.1070609@hcs.net> Date: Wed, 09 Jul 2003 10:36:42 -0400 From: Fred Jordan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Problems getting config when not enable mode Content-Type: multipart/alternative; boundary="------------030603060102060306020008" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --------------030603060102060306020008 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit We are collecting cisco router config files from some of our customers. Problems is we do not have enable mode access to the routers. What we have is the ability to do "show config" at the default privledge level that we log in with. I have tried multiple permutations of autoenable/noenable and still cannot get clogin to run the commands to collect the configs. Here are examples of telneting into the router as well as running clogin as user rancid with various .cloginrc permutations. Any help is greatly appreciated. Thanks Much, Fred ============================================================== = First try = .cloginrc parameters =add user 1.2.3.4 ranuser =add password 1.2.3.4 {ranpass} {ranpass} =add noenable 1.2.3.4 =add autoenable 1.2.3.4 0 = Note: this fails to run the commands passed to clogin = $ clogin -c 'show version; show diag' 1.2.3.4 1.2.3.4 spawn telnet 1.2.3.4 Trying 1.2.3.4... Connected to 1.2.3.4. Escape character is '^]'. User Access Verification Username: Kerberos: No default realm defined for Kerberos! ranuser Password: router>enable Password: % Access denied router> Error: Check your Enable passwd $ ============================================================== = Second try = .cloginrc parameters =add user 1.2.3.4 ranuser =add password 1.2.3.4 {ranpass} {ranpass} =add noenable 1.2.3.4 =add autoenable 1.2.3.4 1 = Note: this fails to run the commands and timesout = $ clogin -c 'show version; show diag' 1.2.3.4 1.2.3.4 spawn telnet 1.2.3.4 Trying 1.2.3.4... Connected to 1.2.3.4. Escape character is '^]'. User Access Verification Username: Kerberos: No default realm defined for Kerberos! ranuser Password: router> Error: TIMEOUT reached $ ============================================================== = Third try = .cloginrc parameters =add user 1.2.3.4 ranuser =add password 1.2.3.4 {ranpass} {ranpass} =add noenable 1.2.3.4 $ clogin -c 'show version; show diag' 1.2.3.4 1.2.3.4 spawn telnet 1.2.3.4 Trying 1.2.3.4... Connected to 1.2.3.4. Escape character is '^]'. User Access Verification Username: Kerberos: No default realm defined for Kerberos! ranuser Password: router>enable Password: % Access denied router> Error: Check your Enable passwd $ ============================================================== = Fourth try = .cloginrc parameters =add user 1.2.3.4 ranuser =add password 1.2.3.4 {ranpass} =add noenable 1.2.3.4 $ clogin -c 'show version; show diag' 1.2.3.4 1.2.3.4 Error: no enable password for 1.2.3.4 in /usr/local/rancid/.cloginrc. $ --------------030603060102060306020008 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit 
We are collecting cisco router config files from some of our customers.
Problems is we do not have enable mode access to the routers.
What we have is the ability to do "show config" at the default
privledge level that we log in with.

I have tried multiple permutations of autoenable/noenable and still
cannot get clogin to run the commands to collect the configs.

Here are examples of telneting into the router as well as running
clogin as user rancid with various .cloginrc permutations.
Any help is greatly appreciated.
					Thanks Much,
						Fred
==============================================================
= First try
= .cloginrc parameters
=add user     1.2.3.4  ranuser
=add password 1.2.3.4   {ranpass} {ranpass}
=add noenable 1.2.3.4
=add autoenable 1.2.3.4 0
= Note: this fails to run the commands passed to clogin
=
$ clogin -c 'show version; show diag' 1.2.3.4
1.2.3.4
spawn telnet 1.2.3.4
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.

User Access Verification

Username: Kerberos:     No default realm defined for Kerberos!
ranuser
Password: 

router>enable
Password: 
% Access denied

router>
Error: Check your Enable passwd
$ 

==============================================================
= Second try
= .cloginrc parameters
=add user     1.2.3.4  ranuser
=add password 1.2.3.4   {ranpass} {ranpass}
=add noenable 1.2.3.4
=add autoenable 1.2.3.4 1
= Note: this fails to run the commands and timesout
=
$ clogin -c 'show version; show diag' 1.2.3.4
1.2.3.4
spawn telnet 1.2.3.4
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
User Access Verification

Username: Kerberos:     No default realm defined for Kerberos!
ranuser
Password: 

router>
Error: TIMEOUT reached
$

==============================================================
= Third try
= .cloginrc parameters
=add user     1.2.3.4  ranuser
=add password 1.2.3.4   {ranpass} {ranpass}
=add noenable 1.2.3.4
$ clogin -c 'show version; show diag' 1.2.3.4
1.2.3.4
spawn telnet 1.2.3.4
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.

User Access Verification
Username: Kerberos:     No default realm defined for Kerberos!
ranuser
Password: 

router>enable
Password: 
% Access denied

router>
Error: Check your Enable passwd
$ 
==============================================================
= Fourth try
= .cloginrc parameters
=add user     1.2.3.4  ranuser
=add password 1.2.3.4   {ranpass} 
=add noenable 1.2.3.4
$ clogin -c 'show version; show diag' 1.2.3.4
1.2.3.4
Error: no enable password for 1.2.3.4 in /usr/local/rancid/.cloginrc.
$
--------------030603060102060306020008-- From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 16:46:42 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69Gkg507435 for ; Wed, 9 Jul 2003 16:46:42 GMT Received: by guelah.shrubbery.net (Postfix) id 8E23E17D015; Wed, 9 Jul 2003 16:46:41 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7AB0D17D048; Wed, 9 Jul 2003 16:46:41 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 1A91217D035; Wed, 9 Jul 2003 16:46:40 +0000 (UTC) Date: Wed, 9 Jul 2003 09:46:39 -0700 From: john heasley To: Fred Jordan Cc: rancid-discuss@shrubbery.net Subject: Re: Problems getting config when not enable mode Message-ID: <20030709164639.GZ10819@shrubbery.net> References: <3F0C287A.1070609@hcs.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F0C287A.1070609@hcs.net> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jul 09, 2003 at 10:36:42AM -0400, Fred Jordan: > We are collecting cisco router config files from some of our customers. > Problems is we do not have enable mode access to the routers. > What we have is the ability to do "show config" at the default > privledge level that we log in with. > > I have tried multiple permutations of autoenable/noenable and still > cannot get clogin to run the commands to collect the configs. > > Here are examples of telneting into the router as well as running > clogin as user rancid with various .cloginrc permutations. > Any help is greatly appreciated. w/o creative AAA, you have to have enable to get the config, so rancid expects that, ie: a prompt ending in #. That will be one problem, that will need to be (for the moment) hacked in rancid. there may other cmds run by rancid that also require privs. > ============================================================== > = First try > = .cloginrc parameters > =add user 1.2.3.4 ranuser > =add password 1.2.3.4 {ranpass} {ranpass} > =add noenable 1.2.3.4 ^ you need a value here for the config parser, 1. sorry, the manpage is wrong and the code doesnt handle this well --- added to the todo list. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 17:15:31 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69HFV511763 for ; Wed, 9 Jul 2003 17:15:31 GMT Received: by guelah.shrubbery.net (Postfix) id 3645817D04C; Wed, 9 Jul 2003 17:15:31 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id EA31F17D051; Wed, 9 Jul 2003 17:15:30 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from hcssun01.hcs.net (hcssun01.hcs.net [204.194.36.14]) by guelah.shrubbery.net (Postfix) with ESMTP id D0C6E17D04C; Wed, 9 Jul 2003 17:15:28 +0000 (UTC) Received: from hcs.net (fred.hcs.net [204.194.36.240]) by hcssun01.hcs.net (8.12.9/8.12.9) with ESMTP id h69HFRDD033531; Wed, 9 Jul 2003 13:15:27 -0400 (EDT) Message-ID: <3F0C4D2F.6060601@hcs.net> Date: Wed, 09 Jul 2003 13:13:19 -0400 From: Fred Jordan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: Problems getting config when not enable mode References: <3F0C287A.1070609@hcs.net> <20030709164639.GZ10819@shrubbery.net> Content-Type: multipart/alternative; boundary="------------050809060406070804020407" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --------------050809060406070804020407 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit John, Thanks for the reply. We do have creative AAA statements that do allow us to type "show config" and we can see the startup-config file. Really this is where I am headed. At the privilege level we log in , which is less than 15; we can do almost all of the show commands. With that, I was hoping we would be able to either get the default clogin to work by creating the proper entry in the .cloginrc file for these hosts; OR would I need to hack a xlogin and/or xrancid to get this to work. From your email, sounds like I will have to have a modified xlogin and/or xrancid and I don't know if I need the first, the second or both. Again, any help is greatly appreciated. Thanks Much, Fred john heasley wrote: >Wed, Jul 09, 2003 at 10:36:42AM -0400, Fred Jordan: > > >>We are collecting cisco router config files from some of our customers. >>Problems is we do not have enable mode access to the routers. >>What we have is the ability to do "show config" at the default >>privledge level that we log in with. >> >>I have tried multiple permutations of autoenable/noenable and still >>cannot get clogin to run the commands to collect the configs. >> >>Here are examples of telneting into the router as well as running >>clogin as user rancid with various .cloginrc permutations. >>Any help is greatly appreciated. >> >> > >w/o creative AAA, you have to have enable to get the config, so >rancid expects that, ie: a prompt ending in #. That will be one >problem, that will need to be (for the moment) hacked in rancid. > >there may other cmds run by rancid that also require privs. > > > >>============================================================== >>= First try >>= .cloginrc parameters >>=add user 1.2.3.4 ranuser >>=add password 1.2.3.4 {ranpass} {ranpass} >>=add noenable 1.2.3.4 >> >> > ^ you need a value here for the config parser, 1. > sorry, the manpage is wrong and the code doesnt > handle this well --- added to the todo list. > > --------------050809060406070804020407 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit John,
    Thanks for the reply. We do have creative AAA statements that
do allow us to type "show config" and we can see the
startup-config file. Really this is where I am headed. At the
privilege level we log in , which is less than 15; we can do almost
all of the show commands. With that, I was hoping we would be able to
either get the default clogin to work by creating the proper entry in the
.cloginrc file for these hosts; OR would I need to hack a xlogin
and/or xrancid to get this to work. From your email, sounds like
I will have to have a modified xlogin and/or xrancid and I don't know
if I need the first, the second or both.

Again, any help is greatly appreciated.

                                                                                    Thanks Much,
                                                                                                Fred

john heasley wrote:
Wed, Jul 09, 2003 at 10:36:42AM -0400, Fred Jordan:
  
We are collecting cisco router config files from some of our customers.
Problems is we do not have enable mode access to the routers.
What we have is the ability to do "show config" at the default
privledge level that we log in with.

I have tried multiple permutations of autoenable/noenable and still
cannot get clogin to run the commands to collect the configs.

Here are examples of telneting into the router as well as running
clogin as user rancid with various .cloginrc permutations.
Any help is greatly appreciated.
    

w/o creative AAA, you have to have enable to get the config, so
rancid expects that, ie: a prompt ending in #.  That will be one
problem, that will need to be (for the moment) hacked in rancid.

there may other cmds run by rancid that also require privs.

  
==============================================================
= First try
= .cloginrc parameters
=add user     1.2.3.4  ranuser
=add password 1.2.3.4   {ranpass} {ranpass}
=add noenable 1.2.3.4
    
			 ^ you need a value here for the config parser, 1.
			   sorry, the manpage is wrong and the code doesnt
			   handle this well --- added to the todo list.

--------------050809060406070804020407-- From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 17:24:13 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69HOD512568 for ; Wed, 9 Jul 2003 17:24:13 GMT Received: by guelah.shrubbery.net (Postfix) id 0DE6917D015; Wed, 9 Jul 2003 17:24:12 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CDAC817D045; Wed, 9 Jul 2003 17:24:11 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 9A7F717D031; Wed, 9 Jul 2003 17:24:09 +0000 (UTC) Date: Wed, 9 Jul 2003 10:24:06 -0700 From: john heasley To: Fred Jordan Cc: john heasley , rancid-discuss@shrubbery.net Subject: Re: Problems getting config when not enable mode Message-ID: <20030709172406.GA20112@shrubbery.net> References: <3F0C287A.1070609@hcs.net> <20030709164639.GZ10819@shrubbery.net> <3F0C4D2F.6060601@hcs.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F0C4D2F.6060601@hcs.net> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jul 09, 2003 at 01:13:19PM -0400, Fred Jordan: > John, > Thanks for the reply. We do have creative AAA statements that > do allow us to type "show config" and we can see the > startup-config file. Really this is where I am headed. At the > privilege level we log in , which is less than 15; we can do almost > all of the show commands. With that, I was hoping we would be able to > either get the default clogin to work by creating the proper entry in the > .cloginrc file for these hosts; This is something we're aiming to do (more configurable), but it will be after 2.3 which I hope to push out next week sometime. > OR would I need to hack a xlogin > and/or xrancid to get this to work. From your email, sounds like > I will have to have a modified xlogin and/or xrancid and I don't know > if I need the first, the second or both. xlogin/xrancid are not for the cisco. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 9 19:46:16 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h69JkGr09668 for ; Wed, 9 Jul 2003 19:46:16 GMT Received: by guelah.shrubbery.net (Postfix) id A867B17D015; Wed, 9 Jul 2003 19:46:15 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 929DD17D036; Wed, 9 Jul 2003 19:46:15 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from biola.edu (mail.biola.edu [64.208.12.25]) by guelah.shrubbery.net (Postfix) with ESMTP id E24B017D015 for ; Wed, 9 Jul 2003 19:46:13 +0000 (UTC) Received: from bubbs-gw.biola.edu ([10.7.1.9] verified) by biola.edu (CommuniGate Pro SMTP 4.0.3) with ESMTP id 20278480 for rancid-discuss@shrubbery.net; Wed, 09 Jul 2003 12:47:37 -0700 Message-id: Date: Wed, 09 Jul 2003 12:47:31 -0700 Subject: Catalyst 1900 To: rancid-discuss@shrubbery.net From: "Mark Duling" MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I resolved the problem with the 6000's and 4000's. Cat5 instead of Cisco was the correct type to use in the router.db. Is there any way to get RANCID working with a Catalyst 1900? Is it possible to hack a "recorded" expect session with a 1900 that gets me to the command line into a RANCID script so that it can work? Mark From owner-rancid-discuss-outgoing@shrubbery.net Thu Jul 10 10:46:31 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6AAkVr15696 for ; Thu, 10 Jul 2003 10:46:31 GMT Received: by guelah.shrubbery.net (Postfix) id EFD8D17D048; Thu, 10 Jul 2003 10:46:30 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D74F917D050; Thu, 10 Jul 2003 10:46:30 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from thanatos.is.co.za (thanatos.is.co.za [196.4.160.229]) by guelah.shrubbery.net (Postfix) with ESMTP id 5CC5517D048 for ; Thu, 10 Jul 2003 10:46:28 +0000 (UTC) Received: from hermwas.is.co.za (hermwas.is.co.za [196.23.0.8]) by thanatos.is.co.za (Postfix) with ESMTP id 851E29BED5; Thu, 10 Jul 2003 12:46:20 +0200 (SAST) Received: by hermwas.is.co.za (Postfix, from userid 1071) id 58ED630AFB; Thu, 10 Jul 2003 12:46:20 +0200 (SAT) Date: Thu, 10 Jul 2003 12:46:20 +0200 From: Andre van der Merwe To: Mark Duling Cc: rancid-discuss@shrubbery.net Subject: Re: Catalyst 1900 Message-ID: <20030710124620.B2507@is.co.za> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Fba/0zbH8Xs+Fj9o" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Mark.Duling@biola.edu on Wed, Jul 09, 2003 at 12:47:31PM -0700 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Running TACACS+ makes things easier...=20 All you then have to do is insert the 'K' before username and password at the "Enter Selection:" prompt. Hacking the clogin to do this is quite straight forward.. admin 16% /usr/local/rancid/bin/clogin grumpy =2E.. Catalyst 1900 Management Console Copyright (c) Cisco Systems, Inc. 1993-1998 All rights reserved. Enterprise Edition Software =2E.. ------------------------------------------------- 2 user(s) now active on Management Console. User Interface Menu [M] Menus [K] Command Line Enter Selection: K Authentication using TACACS+ is in progress. User Access Verification Username: rancid Password: ********** CLI session with the switch is open. To end the CLI session, enter [Exit]. grumpy>enable Enter password: ******** grumpy# =20 Hope this helps. -Andr=E9 On Wed, Jul 09, 2003 at 12:47:31PM -0700, Mark Duling wrote: > I resolved the problem with the 6000's and 4000's. Cat5 instead of Cisco > was the correct type to use in the router.db. >=20 > Is there any way to get RANCID working with a Catalyst 1900? Is it > possible to hack a "recorded" expect session with a 1900 that gets me to > the command line into a RANCID script so that it can work? >=20 > Mark --Fba/0zbH8Xs+Fj9o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (SunOS) iD8DBQE/DUP6FgX7ot4NQaMRAladAJ9tn5Z9TQoANKB7WPRijPuTmYMExgCfUp64 Rcv6fZzO6gYs1Y7B61VQVFs= =WNGq -----END PGP SIGNATURE----- --Fba/0zbH8Xs+Fj9o-- From owner-rancid-discuss-outgoing@shrubbery.net Fri Jul 11 05:09:55 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6B59tr26776 for ; Fri, 11 Jul 2003 05:09:55 GMT Received: by guelah.shrubbery.net (Postfix) id A9BFF17D089; Fri, 11 Jul 2003 05:09:54 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9495717D08C; Fri, 11 Jul 2003 05:09:54 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from khq-ems.kgex.com.tw (mail.kgex.com.tw [211.78.1.18]) by guelah.shrubbery.net (Postfix) with ESMTP id 106F917D089 for ; Fri, 11 Jul 2003 05:09:53 +0000 (UTC) Received: by KHQ-EMS with Internet Mail Service (5.5.2653.19) id ; Fri, 11 Jul 2003 12:52:33 +0800 Message-ID: From: KEVINC To: Andrew Fort Cc: rancid-discuss@shrubbery.net Subject: RE: Riverstone Router (and Enterasys 8600s, anyone?) Date: Fri, 11 Jul 2003 12:52:33 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ni.shrubbery.net id h6B59tr26776 hi afort : yes it's very strange , why I need shorten router name ! this is a result when we use longer router name , but shorten name is ok .... retrieving revision 1.1 diff -u -4 -r1.1 10.1.1.7 @@ -0,0 +1,5 @@ + !RANCID-CONTENT-TYPE: riverstone + ! + ! + ! + ! by the way , "system set terminal rows 0 " command can let router don't display "--- More: m, --- Quit: q --- One line: ---" at end of each page.. before I use this command ,the configure that rancid fatch is very strange link this "+ 19 : acl rfc1918 deny ip 192.168.0.0/16 any any any " Kevin Chan -----Original Message----- From: Andrew Fort [mailto:afort@choqolat.org] Sent: Wednesday, July 09, 2003 5:51 PM To: PDS-Kevin Chan-¸â¯q°ê Cc: rancid-discuss@shrubbery.net Subject: Re: Riverstone Router (and Enterasys 8600s, anyone?) KEVINC wrote: > I have some experience on Enterasys 8600 with Rancid 2.3 > some tip I can share with you ! > > 1.use short router name > 2.use "system set terminal rows 0 " command > > Thanks for your notes Kevin, I've patched the provided rivlogin to perform "cli set terminal rows 0" initially. Is this the same as "system set terminal rows 0", or different? Either way, 'cli set term row 0' seems to work OK in that regard (it's per session, not a configuration setting, which is the same as clogin using "term length 0" on IOS). The problem we're having is due to the annoying escaping the OS does when completion occurs. Disabling completion doesn't appear to stop the box from spitting out control characters, though. The regexp's in the rivlogin code to take care of this situation (ignore the line, print the contents of the command back to the system so that rivrancid notices this rather than a munged set of escape characters) doesn't work for us, but I haven't quite worked out why yet. Why did you need to shorten the router name? -afort From owner-rancid-discuss-outgoing@shrubbery.net Fri Jul 11 11:21:04 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6BBL4r12729 for ; Fri, 11 Jul 2003 11:21:04 GMT Received: by guelah.shrubbery.net (Postfix) id 3B77A17D095; Fri, 11 Jul 2003 11:21:04 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2449C17D09C; Fri, 11 Jul 2003 11:21:04 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from is2000.rz.marl.infracor.de (mail1.itson.de [80.241.203.17]) by guelah.shrubbery.net (Postfix) with ESMTP id 47EBB17D095 for ; Fri, 11 Jul 2003 11:21:02 +0000 (UTC) Received: from dsl10p.ffm-inf.Degussa.DE (dsl10p.ffm-inf.degussa.de [149.216.70.71]) by is2000.rz.marl.infracor.de (Switch-2.2.6/Switch-2.2.6) with ESMTP id h6BBKtw18361 for ; Fri, 11 Jul 2003 13:20:55 +0200 Subject: Rancid 2.2.2 Problem with CatOS Switches To: rancid-discuss@shrubbery.net Message-ID: From: klaus.hoedl@degussa.com Date: Fri, 11 Jul 2003 13:20:51 +0200 X-MIMETrack: Serialize by Router on ExtHubMail01/DHexternal/DE(Release 5.0.11 |July 24, 2002) at 11/07/2003 13:20:55 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi all, that's the first time i write to a mailing-list, i hope that will work and everything is correct... With rancid on native IOS routers and switches, everything works perfect! I have problems running rancid 2.2.2 with Cisco CatOS Switches. Rancid does not recognize the prompt correctly, even there are some lines in the perl code which try to handle the native IOS and CatOS differences. The script seems to send a "set term length 0" command, even this is a nativeIOS command which does not work on CatOS. Autoenable is set, because i have a priv 15 user. With the inf0201> (enable) prompt, nothing happens. No command is send from the rancid clogin script. When i change the prompt to inf0201# (enable) , the clogin script tries to send native IOS commands like "set term length 0". That command is not supported, and the script times out ? Since my knowledge with the rancid scripts is not very good, it would be great if there is a workaround.. Thanks for your support Klaus The original Switch-Prompt looks like this: Cisco Systems, Inc. Console ****************************************************** * inf0201 * * c a t a l y s t 4 0 0 6 * * F r a n k f u r t D C R a u m 3 2 * ****************************************************** Username: hoedl Password: inf0201> (enable) From owner-rancid-discuss-outgoing@shrubbery.net Fri Jul 11 12:12:48 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6BCCmr14791 for ; Fri, 11 Jul 2003 12:12:48 GMT Received: by guelah.shrubbery.net (Postfix) id 782CD17D091; Fri, 11 Jul 2003 12:12:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 61E5517D094; Fri, 11 Jul 2003 12:12:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (p50842A72.dip0.t-ipconnect.de [80.132.42.114]) by guelah.shrubbery.net (Postfix) with ESMTP id 8112317D091 for ; Fri, 11 Jul 2003 12:12:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 59E391CC9D; Fri, 11 Jul 2003 14:12:35 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19491-06; Fri, 11 Jul 2003 14:12:34 +0200 (CEST) Received: from Q10 (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id AB9EC1CBF3; Fri, 11 Jul 2003 14:12:34 +0200 (CEST) Message-ID: <028401c347a5$b61d5f20$6790a8c0@nipper.de> From: "Nipper, Arnold" To: , Subject: Fw: Rancid 2.2.2 Problem with CatOS Switches Date: Fri, 11 Jul 2003 14:12:34 +0200 Organization: nIPper consulting MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk How does your entry in router.db look like? Should be someting like your_catos_switch:cat5:up That does at least work fine for me on cat 6509. The only problem I have that I can't get the config always. But I couldn't yet figure out where the problem is. Maybe it's related to ssh which takes a catos switch a long time to reply to, Arnold On Friday, July 11, 2003 1:20 PM, klaus.hoedl@degussa.com wrote: > Hi all, > that's the first time i write to a mailing-list, i hope that will work and > everything is correct... > > With rancid on native IOS routers and switches, everything works perfect! > > I have problems running rancid 2.2.2 with Cisco CatOS Switches. > > Rancid does not recognize the prompt correctly, even there are some lines > in the perl code which try to handle the native IOS and CatOS differences. > The script seems to send a "set term length 0" command, even this is a > nativeIOS command which does not work on CatOS. > Autoenable is set, because i have a priv 15 user. > > With the inf0201> (enable) prompt, nothing happens. No command is send from > the rancid clogin script. > When i change the prompt to inf0201# (enable) , the clogin script tries to > send native IOS commands like "set term length 0". > That command is not supported, and the script times out ? > > Since my knowledge with the rancid scripts is not very good, it would be > great if there is a workaround.. > > Thanks for your support > Klaus > > > > > > The original Switch-Prompt looks like this: > > Cisco Systems, Inc. Console > > > > ****************************************************** > * inf0201 * > * c a t a l y s t 4 0 0 6 * > * F r a n k f u r t D C R a u m 3 2 * > ****************************************************** > > > > Username: hoedl > > Password: > inf0201> (enable) From owner-rancid-discuss-outgoing@shrubbery.net Mon Jul 14 22:47:11 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6EMlBr18756 for ; Mon, 14 Jul 2003 22:47:11 GMT Received: by guelah.shrubbery.net (Postfix) id 4954F17D0AD; Mon, 14 Jul 2003 22:47:11 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3432817D0B8; Mon, 14 Jul 2003 22:47:11 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 8FAA117D0AF; Mon, 14 Jul 2003 22:47:09 +0000 (UTC) Date: Mon, 14 Jul 2003 22:47:09 +0000 From: john heasley To: Andre van der Merwe Cc: Mark Duling , rancid-discuss@shrubbery.net Subject: Re: Catalyst 1900 Message-ID: <20030714224709.GI25282@shrubbery.net> References: <20030710124620.B2507@is.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030710124620.B2507@is.co.za> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Jul 10, 2003 at 12:46:20PM +0200, Andre van der Merwe: > > Hi > > Running TACACS+ makes things easier... > All you then have to do is insert the 'K' before > username and password at the "Enter Selection:" prompt. > Hacking the clogin to do this is quite straight forward.. > I do not have a 1900, but someone mentioned to me that with an enterprise s/w release, you could get the cli w/o any goofy menu system. that would be the optimal solution. From owner-rancid-discuss-outgoing@shrubbery.net Tue Jul 15 14:16:50 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6FEGor22844 for ; Tue, 15 Jul 2003 14:16:50 GMT Received: by guelah.shrubbery.net (Postfix) id 82A4017D0A7; Tue, 15 Jul 2003 14:16:49 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 636E817D0B6; Tue, 15 Jul 2003 14:16:49 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from is2000.rz.marl.infracor.de (mail1.itson.de [80.241.203.17]) by guelah.shrubbery.net (Postfix) with ESMTP id 8B23217D0A7 for ; Tue, 15 Jul 2003 14:16:47 +0000 (UTC) Received: from dsl10p.ffm-inf.Degussa.DE (dsl10p.ffm-inf.degussa.de [149.216.70.71]) by is2000.rz.marl.infracor.de (Switch-2.2.6/Switch-2.2.6) with ESMTP id h6FEGkk07669 for ; Tue, 15 Jul 2003 16:16:46 +0200 Subject: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches To: rancid-discuss@shrubbery.net Message-ID: From: klaus.hoedl@degussa.com Date: Tue, 15 Jul 2003 16:16:41 +0200 X-MIMETrack: Serialize by Router on ExtHubMail01/DHexternal/DE(Release 5.0.11 |July 24, 2002) at 15/07/2003 16:16:46 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk ----- Weitergeleitet von Klaus Hoedl/Degussa AG/DE am 15.07.2003 16:16 ----- |---------+---------------------------> | | Klaus Hoedl | | | | | | 15.07.2003 16:10| | | | |---------+---------------------------> >-------------------------------------------------------------------------------------------------------------------------------| | | | An: rancid@shrubbery.net | | Kopie: majordomo@shrubbery.net | | Thema: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches | >-------------------------------------------------------------------------------------------------------------------------------| Hello together, after several days of troubleshooting and reading the code, let me explain why rancid 2.2.2 simply CANNOT successfully login into a Cisco cat-os Switch in a specific environment: Here is my environment: Catalyst 4000, Cat-OS Users are authenticated via TACACS, the user "test" has priviledge 15 rights and enters the enable mode automatically autoenable in rancid is set to 1 (YES) The enable prompt on the Cisco Cat4k is : switchname> (enable) "Screenshot": Trying 10.1.1.1... Connected to switchname. Escape character is '^]'. Cisco Systems, Inc. Console ****************************************************** * switchname * * c a t a l y s t 4 0 0 6 * * * ****************************************************** Username: test Password: switchname> (enable) SIMPLE ERROR DESCRIPTION: When autoenabled = 1 on a CatOS Switch, rancid automatically internally sets the prompt to "#". It now expects an "#" on the commandline which is not the default enable prompt on a catalyst switch. Even when you manually set the prompt to "switchname# (enable)" on the switch, rancid is not able to determine the correct OS type, is not able to see the "(enable)" string an identification to be a catOS switch. Rancid then send the wrong "term length" command (native IOS) and times out. DETAIL: rancid 2.2.2, clogin line 567: # in the Main-Loop: # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $autoenable { set prompt "#" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "#" } else { set autoenable 0 set prompt ">" >>>> Rancid sets the enable prompt to "#" each time autoenable is 1. It cannot handle the ">" enable prompt on CatOS Switch. No option for catOS here !! clogin, line 673: # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk set prompt ".? ?$junk\[0-9]+ $prompt"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } >>>> There is definetely a bug in the matter, the prompt is checked: >>>> Rancid is now not able to determine the correct enable prompt, because the third expression ALWAYS matches in my environment !! >> -re "^. +$prompt" <<< >>>> The 4th expression >> -re "^.+> \\\(enable\\\)" <<< which may be able to find out the correct prompt is never executed in my CatOS environment !!!!! I think this is the same situation in the procedure "proc run_commands". So the cisco login is successful, but rancid waits for the correct prompt to appear, hangs and times out. I tried to manually change the prompt on my catalyst switch to "inf0201# (enable)". This has the following effect: The login procedure works now (because $prompt is now "#"), but again rancid is not able to find out the correct OS type, because the ">" sign is hardcoeded in the regular expression : # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" send "set logging session disable\r" } else { send "term length 0\r" } expect -re $prompt {} source $sfile So the nativeIOS command "set term length 0" is executed on a catOS switch, and that fails. So the combination: autoenabled=yes, OS is catOS, and the enable prompt is "switchname> (enable)" CANNOT work here. What runs without trouble is the following combination: The user does not get priviledge 15 rights during logon autoenable is set to 0 (off) rancid logs into the Switch and enables with the enable password given in .cloginrc (Good to have tacacs+ with a single, central enable password for all switches, otherwise that would create a very very large .cloginrc..... ) Would be great if that could be fixed and the catOS support could be enhanced.. For further questions and support you with some tests, you can contact me via mail. Best regards, Klaus From owner-rancid-discuss-outgoing@shrubbery.net Tue Jul 15 14:47:49 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6FElnr24457 for ; Tue, 15 Jul 2003 14:47:49 GMT Received: by guelah.shrubbery.net (Postfix) id D964617D0A7; Tue, 15 Jul 2003 14:47:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C725617D0B6; Tue, 15 Jul 2003 14:47:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from atlantech.net (staq1.atlantech.net [209.190.212.6]) by guelah.shrubbery.net (Postfix) with ESMTP id 90DB417D0A7 for ; Tue, 15 Jul 2003 14:47:47 +0000 (UTC) Received: from [207.188.223.197] (HELO staq7.hq.atlantech.net) by atlantech.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 47097518 for rancid-discuss@shrubbery.net; Tue, 15 Jul 2003 10:47:45 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: CatOS Problem Date: Tue, 15 Jul 2003 10:47:45 -0400 Message-ID: <4CBD2D346320D541AB8BF4C0140EF7CD40D830@staq7.hq.atlantech.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CatOS Problem Thread-Index: AcNK4A13iR65mRXdQYCNX4EYa6HwaA== From: "Eric Van Tol" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ni.shrubbery.net id h6FElnr24457 Hi all, I recently installed Rancid 2.2 on a FreeBSD 4.8 server and am having troubles getting it to work with CatOS. I have two 6509 switches running CatOS that Rancid will not work with. I have the following specified in my router.db: catswitch01:cat5:up catswitch02:cat5:up When I run the 'do-diffs', the following is what I receive: starting: Mon Jul 14 21:45:07 EDT 2003 Trying to get all of the configs. ! catswitch01 clogin error: Error: TIMEOUT reached catswitch01: missed cmd(s): dir sup-bootflash:,write term,dir sup-microcode:, dir slot0:,dir bootflash:,dir slot1:,show port ifindex,show boot,show module,show flash,show version catswitch01: End of run not found ! catswitch02 clogin error: Error: TIMEOUT reached catswitch02: missed cmd(s): dir sup-bootflash:,write term,dir sup-microcode:, dir slot0:,dir bootflash:,dir slot1:,show port ifindex,show boot,show module,show flash,show version catswitch02: End of run not found I have tried using both the 'clogin' and 'cat5rancid' scripts to run commands in the switches, but nothing happens when it logs in. It gets to the 'catswitch01> (enable)' prompt and just times out. I am running CatOS 6.3.1 on both switches and using telnet to access them. I tried searching through the archives and found several users with somewhat similar problems, but most of their issues were resolved by using 'cat5' in the router.db file. Any ideas? thanks, eric From owner-rancid-discuss-outgoing@shrubbery.net Tue Jul 15 19:22:12 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6FJMCr04275 for ; Tue, 15 Jul 2003 19:22:12 GMT Received: by guelah.shrubbery.net (Postfix) id C397517D0BA; Tue, 15 Jul 2003 19:22:11 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id AE6A717D0BC; Tue, 15 Jul 2003 19:22:11 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id C68EC17D0BB; Tue, 15 Jul 2003 19:22:10 +0000 (UTC) Date: Tue, 15 Jul 2003 12:22:10 -0700 From: john heasley To: klaus.hoedl@degussa.com Cc: rancid-discuss@shrubbery.net Subject: Re: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches Message-ID: <20030715192210.GO28080@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk this is a known issue and is one of two issues to resolve before 2.3, but I have only a partial fix for it at the moment. Tue, Jul 15, 2003 at 04:16:41PM +0200, klaus.hoedl@degussa.com: > Hello together, > after several days of troubleshooting and reading the code, let me explain > why rancid 2.2.2 simply CANNOT successfully login into a Cisco cat-os > Switch in a specific environment: > > Here is my environment: > > Catalyst 4000, Cat-OS > Users are authenticated via TACACS, > the user "test" has priviledge 15 rights and enters the enable mode > automatically > autoenable in rancid is set to 1 (YES) > The enable prompt on the Cisco Cat4k is : switchname> (enable) > > "Screenshot": > > Trying 10.1.1.1... > Connected to switchname. > Escape character is '^]'. > > > Cisco Systems, Inc. Console > > > > ****************************************************** > * switchname * > * c a t a l y s t 4 0 0 6 * > * * > ****************************************************** > > > > Username: test > > Password: > switchname> (enable) > > > SIMPLE ERROR DESCRIPTION: When autoenabled = 1 on a CatOS Switch, rancid > automatically internally sets the prompt to "#". It now expects an "#" on > the commandline which is not the default enable prompt on a catalyst > switch. > Even when you manually set the prompt to "switchname# (enable)" on the > switch, rancid is not able to determine the correct OS type, is not able > to see the "(enable)" string an identification to be a catOS switch. Rancid > then send the wrong "term length" command (native IOS) and times out. > > DETAIL: > > rancid 2.2.2, clogin line 567: > > # in the Main-Loop: > > # Figure out prompt. > # Since autoenable is off by default, if we have it defined, it > # was done on the command line. If it is not specifically set on the > # command line, check the password file. > if $autoenable { > set prompt "#" > } else { > set ae [find autoenable $router] > if { "$ae" == "1" } { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set autoenable 0 > set prompt ">" > > >>>> Rancid sets the enable prompt to "#" each time autoenable is 1. It > cannot handle the ">" enable prompt on CatOS Switch. No option for catOS > here !! > > > clogin, line 673: > > # we are logged in, now figure out the full prompt > send "\r" > expect { > -re "\[\r\n]+" { exp_continue; } > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > # prompt based on state of config changes > set junk $expect_out(1,string) > regsub -all "^\\\* " > $expect_out(1,string) {} junk > set prompt ".? ?$junk\[0-9]+ $prompt"; > set platform "extreme" > } > -re "^.+$prompt" { set junk $expect_out(0,string); > regsub -all "\[\]\[]" $junk {\\&} prompt; > } > -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); > regsub -all "\[\]\[]" $junk {\\&} > prompt; } > > >>>> There is definetely a bug in the matter, the prompt is checked: > >>>> Rancid is now not able to determine the correct enable prompt, because > the third expression ALWAYS matches in my environment !! >> -re "^. > +$prompt" <<< > >>>> The 4th expression >> -re "^.+> \\\(enable\\\)" <<< which may be > able to find out the correct prompt is never executed in my CatOS > environment !!!!! > > I think this is the same situation in the procedure "proc run_commands". > > So the cisco login is successful, but rancid waits for the correct prompt > to appear, hangs and times out. > > I tried to manually change the prompt on my catalyst switch to "inf0201# > (enable)". This has the following effect: The login procedure works now > (because $prompt is now "#"), but again rancid is not able to find out the > correct OS type, because the ">" sign is hardcoeded in the regular > expression : > > # If the prompt is (enable), then we are on a switch and the > # command is "set length 0"; otherwise its "term length 0". > if [ regexp -- ".*> .*enable" "$prompt" ] { > send "set length 0\r" > send "set logging session disable\r" > } else { > send "term length 0\r" > } > expect -re $prompt {} > source $sfile > > > So the nativeIOS command "set term length 0" is executed on a catOS switch, > and that fails. > > So the combination: autoenabled=yes, OS is catOS, and the enable prompt is > "switchname> (enable)" CANNOT work here. > > What runs without trouble is the following combination: > > The user does not get priviledge 15 rights during logon > autoenable is set to 0 (off) > rancid logs into the Switch and enables with the enable password given in > .cloginrc > (Good to have tacacs+ with a single, central enable password for all > switches, otherwise that would create a very very large .cloginrc..... ) > > > > Would be great if that could be fixed and the catOS support could be > enhanced.. > For further questions and support you with some tests, you can contact me > via mail. > > Best regards, > Klaus > > > > > From owner-rancid-discuss-outgoing@shrubbery.net Tue Jul 15 19:29:43 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6FJThr04381 for ; Tue, 15 Jul 2003 19:29:43 GMT Received: by guelah.shrubbery.net (Postfix) id A714917D0BA; Tue, 15 Jul 2003 19:29:38 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 89EA317D0BC; Tue, 15 Jul 2003 19:29:38 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from atlantech.net (staq1.atlantech.net [209.190.212.6]) by guelah.shrubbery.net (Postfix) with ESMTP id C14EB17D0BA for ; Tue, 15 Jul 2003 19:29:36 +0000 (UTC) Received: from [207.188.223.197] (HELO staq7.hq.atlantech.net) by atlantech.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 47130644 for rancid-discuss@shrubbery.net; Tue, 15 Jul 2003 15:29:35 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches Date: Tue, 15 Jul 2003 15:29:35 -0400 Message-ID: <4CBD2D346320D541AB8BF4C0140EF7CD4C06BD@staq7.hq.atlantech.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches Thread-Index: AcNLBm5z3RjAqxsqTn+ugkzr7w2fKAAANeMw From: "Eric Van Tol" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ni.shrubbery.net id h6FJThr04381 Yes, another user pointed it out to me. His explanation was a bit clearer than the one on the archives. By removing 'autoenable' from these switches and making a small modification to 'cat5rancid', I was able to get it working. Thanks, eric -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Tuesday, July 15, 2003 3:22 PM To: klaus.hoedl@degussa.com Cc: rancid-discuss@shrubbery.net Subject: Re: Major faults in Rancid 2.2.2 during login to cisco CatOS Switches this is a known issue and is one of two issues to resolve before 2.3, but I have only a partial fix for it at the moment. Tue, Jul 15, 2003 at 04:16:41PM +0200, klaus.hoedl@degussa.com: > Hello together, > after several days of troubleshooting and reading the code, let me explain > why rancid 2.2.2 simply CANNOT successfully login into a Cisco cat-os > Switch in a specific environment: > > Here is my environment: > > Catalyst 4000, Cat-OS > Users are authenticated via TACACS, > the user "test" has priviledge 15 rights and enters the enable mode > automatically > autoenable in rancid is set to 1 (YES) > The enable prompt on the Cisco Cat4k is : switchname> (enable) > > "Screenshot": > > Trying 10.1.1.1... > Connected to switchname. > Escape character is '^]'. > > > Cisco Systems, Inc. Console > > > > ****************************************************** > * switchname * > * c a t a l y s t 4 0 0 6 * > * * > ****************************************************** > > > > Username: test > > Password: > switchname> (enable) > > > SIMPLE ERROR DESCRIPTION: When autoenabled = 1 on a CatOS Switch, rancid > automatically internally sets the prompt to "#". It now expects an "#" on > the commandline which is not the default enable prompt on a catalyst > switch. > Even when you manually set the prompt to "switchname# (enable)" on the > switch, rancid is not able to determine the correct OS type, is not able > to see the "(enable)" string an identification to be a catOS switch. Rancid > then send the wrong "term length" command (native IOS) and times out. > > DETAIL: > > rancid 2.2.2, clogin line 567: > > # in the Main-Loop: > > # Figure out prompt. > # Since autoenable is off by default, if we have it defined, it > # was done on the command line. If it is not specifically set on the > # command line, check the password file. > if $autoenable { > set prompt "#" > } else { > set ae [find autoenable $router] > if { "$ae" == "1" } { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set autoenable 0 > set prompt ">" > > >>>> Rancid sets the enable prompt to "#" each time autoenable is 1. It > cannot handle the ">" enable prompt on CatOS Switch. No option for catOS > here !! > > > clogin, line 673: > > # we are logged in, now figure out the full prompt > send "\r" > expect { > -re "\[\r\n]+" { exp_continue; } > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > # prompt based on state of config changes > set junk $expect_out(1,string) > regsub -all "^\\\* " > $expect_out(1,string) {} junk > set prompt ".? ?$junk\[0-9]+ $prompt"; > set platform "extreme" > } > -re "^.+$prompt" { set junk $expect_out(0,string); > regsub -all "\[\]\[]" $junk {\\&} prompt; > } > -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); > regsub -all "\[\]\[]" $junk {\\&} > prompt; } > > >>>> There is definetely a bug in the matter, the prompt is checked: > >>>> Rancid is now not able to determine the correct enable prompt, because > the third expression ALWAYS matches in my environment !! >> -re "^. > +$prompt" <<< > >>>> The 4th expression >> -re "^.+> \\\(enable\\\)" <<< which may be > able to find out the correct prompt is never executed in my CatOS > environment !!!!! > > I think this is the same situation in the procedure "proc run_commands". > > So the cisco login is successful, but rancid waits for the correct prompt > to appear, hangs and times out. > > I tried to manually change the prompt on my catalyst switch to "inf0201# > (enable)". This has the following effect: The login procedure works now > (because $prompt is now "#"), but again rancid is not able to find out the > correct OS type, because the ">" sign is hardcoeded in the regular > expression : > > # If the prompt is (enable), then we are on a switch and the > # command is "set length 0"; otherwise its "term length 0". > if [ regexp -- ".*> .*enable" "$prompt" ] { > send "set length 0\r" > send "set logging session disable\r" > } else { > send "term length 0\r" > } > expect -re $prompt {} > source $sfile > > > So the nativeIOS command "set term length 0" is executed on a catOS switch, > and that fails. > > So the combination: autoenabled=yes, OS is catOS, and the enable prompt is > "switchname> (enable)" CANNOT work here. > > What runs without trouble is the following combination: > > The user does not get priviledge 15 rights during logon > autoenable is set to 0 (off) > rancid logs into the Switch and enables with the enable password given in > .cloginrc > (Good to have tacacs+ with a single, central enable password for all > switches, otherwise that would create a very very large .cloginrc..... ) > > > > Would be great if that could be fixed and the catOS support could be > enhanced.. > For further questions and support you with some tests, you can contact me > via mail. > > Best regards, > Klaus > > > > > From owner-rancid-discuss-outgoing@shrubbery.net Thu Jul 17 16:41:40 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6HGfea23240 for ; Thu, 17 Jul 2003 16:41:40 GMT Received: by guelah.shrubbery.net (Postfix) id 191CD17D211; Thu, 17 Jul 2003 16:41:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 03F7617D212; Thu, 17 Jul 2003 16:41:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id F18E917D213; Thu, 17 Jul 2003 16:41:38 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from IBM-MAIN (CPE0080c6ecbcdf-CM000a735fa8dc.cpe.net.cable.rogers.com [63.138.171.237]) by guelah.shrubbery.net (Postfix) with ESMTP id 1C8D817D211 for ; Thu, 17 Jul 2003 01:45:54 +0000 (UTC) Received: from localhost ([127.0.0.1]) by IBM-MAIN with esmtp (Exim 3.36 #1 (Debian)) id 19cxqB-0000Qj-00 for ; Wed, 16 Jul 2003 21:45:51 -0400 Subject: AS5300's and VoIP Dial Peers From: "Ian B. MacDonald" To: rancid-discuss@shrubbery.net Content-Type: text/plain Message-Id: <1058406351.1628.117.camel@IBM-MAIN> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.3 Date: 16 Jul 2003 21:45:51 -0400 Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hey guys, I have just joined the list, having reviewed some of the rancid-discuss archives and read thru the FAQ.gz and README. I am looking at using this tool to do-diffs and do-globalconfigchanges on a group of Cisco devices. Within that group are about 30 Cisco AS5300 routers performing VoIP operations. A normal 'sh run' will give you the config, however there are several hundred/thousand dial peers. These are big configs, as I recall some will only 'wr mem' with compression on. Does anyone know what I can expect with RANCID and these huge configs? I am assuming one of a few things might happen, 1) Rancid works with 5300s, time-to-diff is related to the number of peers. 2) Rancid only reads what it understands, skips the Voip Peers and sticks to the core Cisco goods. 3) Rancid would work, however the router timesout the sh run command, sort of like what I encountered with SNMP+OpenNMS before applying proper snmp-views to the giant interface table. 4) Some modification to the script would allow Rancid to skip the Voip stuff.. break out of the sh run after main config and operate like 1) cheers, imac. From owner-rancid-discuss-outgoing@shrubbery.net Thu Jul 17 16:47:02 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6HGl1a23527 for ; Thu, 17 Jul 2003 16:47:01 GMT Received: by guelah.shrubbery.net (Postfix) id 4E5AC17D211; Thu, 17 Jul 2003 16:47:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 39DBA17D215; Thu, 17 Jul 2003 16:47:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 3368A17D214; Thu, 17 Jul 2003 16:47:00 +0000 (UTC) Date: Thu, 17 Jul 2003 09:47:00 -0700 From: john heasley To: "Ian B. MacDonald" Cc: rancid-discuss@shrubbery.net Subject: Re: AS5300's and VoIP Dial Peers Message-ID: <20030717164700.GJ13521@shrubbery.net> References: <1058406351.1628.117.camel@IBM-MAIN> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1058406351.1628.117.camel@IBM-MAIN> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jul 16, 2003 at 09:45:51PM -0400, Ian B. MacDonald: > Hey guys, > > I have just joined the list, having reviewed some of the rancid-discuss > archives and read thru the FAQ.gz and README. > > I am looking at using this tool to do-diffs and do-globalconfigchanges > on a group of Cisco devices. Within that group are about 30 Cisco AS5300 > routers performing VoIP operations. A normal 'sh run' will give you the > config, however there are several hundred/thousand dial peers. > > These are big configs, as I recall some will only 'wr mem' with > compression on. this issue is likely that the (saved) config will not fit in nvram w/o compression, not that it will not be displayed (which is always uncompressed). > Does anyone know what I can expect with RANCID and these huge configs? I > am assuming one of a few things might happen, assuming there are no special commands to display voip stuffs, it should work. i expect there are likely things that ought to be filtered for security or reduce diffs from config goop that changes automatically (such as ntp drift or uptime). Those would be welcome patches. > 1) Rancid works with 5300s, time-to-diff is related to the number of > peers. > 2) Rancid only reads what it understands, skips the Voip Peers and > sticks to the core Cisco goods. > 3) Rancid would work, however the router timesout the sh run command, > sort of like what I encountered with SNMP+OpenNMS before applying proper > snmp-views to the giant interface table. > 4) Some modification to the script would allow Rancid to skip the Voip > stuff.. break out of the sh run after main config and operate like 1) > > cheers, > imac. > > From owner-rancid-discuss-outgoing@shrubbery.net Thu Jul 17 18:04:01 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6HI41a28547 for ; Thu, 17 Jul 2003 18:04:01 GMT Received: by guelah.shrubbery.net (Postfix) id 8321917D211; Thu, 17 Jul 2003 18:04:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 63A8C17D213; Thu, 17 Jul 2003 18:04:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 06DB917D211; Thu, 17 Jul 2003 18:04:00 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.6p2/8.12.6) with ESMTP id h6HI3ST1040796; Thu, 17 Jul 2003 14:03:28 -0400 (EDT) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.6p2/8.12.6/Submit) id h6HI3Ss6040793; Thu, 17 Jul 2003 14:03:28 -0400 (EDT) (envelope-from asp) Date: Thu, 17 Jul 2003 14:03:28 -0400 From: Andrew Partan To: john heasley Cc: "Ian B. MacDonald" , rancid-discuss@shrubbery.net Subject: Re: AS5300's and VoIP Dial Peers Message-ID: <20030717180327.GC40674@partan.com> References: <1058406351.1628.117.camel@IBM-MAIN> <20030717164700.GJ13521@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030717164700.GJ13521@shrubbery.net> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Jul 17, 2003 at 09:47:00AM -0700, john heasley wrote: > > 3) Rancid would work, however the router timesout the sh run command, You might hit this; default timeout is 90 seconds, but give it a shot & let us know. --asp From owner-rancid-discuss-outgoing@shrubbery.net Tue Jul 22 06:31:23 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6M6VNx23443 for ; Tue, 22 Jul 2003 06:31:23 GMT Received: by guelah.shrubbery.net (Postfix) id 3853C17D24B; Tue, 22 Jul 2003 06:31:23 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 21E8C17D250; Tue, 22 Jul 2003 06:31:23 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tick.Telcom.Arizona.EDU (tick.Telcom.Arizona.EDU [128.196.128.4]) by guelah.shrubbery.net (Postfix) with ESMTP id 1CE1C17D24B for ; Tue, 22 Jul 2003 06:31:22 +0000 (UTC) Received: from rotimusprime (tc128-170.telcom.arizona.edu [128.196.128.170]) (authenticated bits=0) by tick.Telcom.Arizona.EDU (8.12.9/8.12.9) with ESMTP id h6M6VKIL022128 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Mon, 21 Jul 2003 23:31:20 -0700 (MST) From: "Saro Hayan" To: Subject: Problem with CatOS 7.6.2 Date: Mon, 21 Jul 2003 23:31:20 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello, Ever since a recent upgrade to CatOS 7.6.2 on some of our Cat switches, it seems I can no longer get clogin to log into these switches. Clogin attemps to enable as opposed to sending the user/pass identified in the .cloginrc file. This seems to work fine for any switch running 7.2.2 and below. Anyone else run into this? Saro From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 23 11:32:59 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6NBWxx03883 for ; Wed, 23 Jul 2003 11:32:59 GMT Received: by guelah.shrubbery.net (Postfix) id 3F2B617D258; Wed, 23 Jul 2003 11:32:59 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 21F5617D2A9; Wed, 23 Jul 2003 11:32:59 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mta07ps.bigpond.com (mta07ps.bigpond.com [144.135.25.132]) by guelah.shrubbery.net (Postfix) with ESMTP id 4FEC717D258 for ; Wed, 23 Jul 2003 11:32:57 +0000 (UTC) Received: from choqolat.org ([144.135.25.84]) by mta07ps.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0HIH007SY6QJZO@mta07ps.email.bigpond.com> for rancid-discuss@shrubbery.net; Wed, 23 Jul 2003 21:32:43 +1000 (EST) Received: from cpe-144-132-106-65.vic.bigpond.net.au ([144.132.106.65]) by psmam06bpa.bigpond.com(MailRouter V3.2g 116/33695403); Wed, 23 Jul 2003 21:32:43 +0000 Date: Wed, 23 Jul 2003 21:32:32 +1000 From: Andrew Fort Subject: expect question To: rancid-discuss@shrubbery.net Message-id: <3F1E7250.8020302@choqolat.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030625 Thunderbird/0.1a Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk A question for the expect clueful lurking.. Can one perform a regsub on the data returning from the telnet/ssh/etc session? I'd like to escape out an RE of terminal control characters that are intermingled in the stream before being passed to the expect clause. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 23 18:51:48 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6NIpmx20401 for ; Wed, 23 Jul 2003 18:51:48 GMT Received: by guelah.shrubbery.net (Postfix) id B429B17D2AD; Wed, 23 Jul 2003 18:51:47 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A37E117D2AC; Wed, 23 Jul 2003 18:51:47 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id B590717D2AB; Wed, 23 Jul 2003 18:51:46 +0000 (UTC) Date: Wed, 23 Jul 2003 11:51:46 -0700 From: john heasley To: Andrew Fort Cc: rancid-discuss@shrubbery.net Subject: Re: expect question Message-ID: <20030723185146.GN1334@shrubbery.net> References: <3F1E7250.8020302@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F1E7250.8020302@choqolat.org> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jul 23, 2003 at 09:32:32PM +1000, Andrew Fort: > A question for the expect clueful lurking.. > > Can one perform a regsub on the data returning from the telnet/ssh/etc > session? > I'd like to escape out an RE of terminal control characters that are > intermingled in the stream before being passed to the expect clause. > i do not know of any way to do this. ultimately, expect_before { "esc-match" { rewrite_w/o push back exp_continue } } afaik, your only option is to match the curses junk, strip it, and continue. when working on hrancid, i could not get this to work properly. i bagged it and hence hpfilter. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 23 19:04:41 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6NJ4fx20601 for ; Wed, 23 Jul 2003 19:04:41 GMT Received: by guelah.shrubbery.net (Postfix) id 3B09517D2AB; Wed, 23 Jul 2003 19:04:41 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1EB4C17D2AE; Wed, 23 Jul 2003 19:04:41 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 8026F17D2AC; Wed, 23 Jul 2003 19:04:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from wonderlan.midgard.net (wonderlan.midgard.net [66.92.250.106]) by guelah.shrubbery.net (Postfix) with ESMTP id 4D72317D2AB; Wed, 23 Jul 2003 18:59:46 +0000 (UTC) Received: from wonderlan.midgard.net (localhost [127.0.0.1]) by wonderlan.midgard.net (Postfix) with ESMTP id AEA2810CDE; Wed, 23 Jul 2003 11:59:24 -0700 (PDT) From: Richard Threadgill Subject: Re: expect question In-reply-to: <20030723185146.GN1334@shrubbery.net> References: <3F1E7250.8020302@choqolat.org> To: john heasley , Andrew Fort Cc: rancid-discuss@shrubbery.net X-Return-Path: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <21540.1058986764.1@wonderlan.midgard.net> Date: Wed, 23 Jul 2003 11:59:24 -0700 Message-ID: <21542.1058986764@wonderlan.midgard.net> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk In message <20030723185146.GN1334@shrubbery.net>john heasley writes >Wed, Jul 23, 2003 at 09:32:32PM +1000, Andrew Fort: >> A question for the expect clueful lurking.. >> >> Can one perform a regsub on the data returning from the telnet/ssh/etc >> session? >> I'd like to escape out an RE of terminal control characters that are >> intermingled in the stream before being passed to the expect clause. >> > >i do not know of any way to do this. ultimately, > > expect_before { > "esc-match" { rewrite_w/o > push back > exp_continue > } > } > >afaik, your only option is to match the curses junk, strip it, and continue. > >when working on hrancid, i could not get this to work properly. i bagged >it and hence hpfilter. Yeah, that's what's supposed to work. I've used it once or twice in some extreme cases with some other tcl apps, but its tricky. The O'Reilly tcl book actually gives an example of doing basically this, but I haven't had a chance to look at the rancid code at where it would need to be shoe-horned in. John - was there any chance that the reason things weren't working were that you weren't in the line mode you thought you were in? Or that you were trying to trap control chars when you needed to be trying to trap telnet glyphs? One of the nasty things we encountered while working with delivery drivers for Ponte was that we needed more of telnet in the driver than we expected, to deal with session backup, and disconnect, etc - basically, we (programmers) always were thinking about the session as being in line mode when in fact its in character mode. This normally doesn't matter, but when you're trying to strip out terminal control noise it becomes really important. Also, keep in mind that in many circumstances the human is thinking 'and now the terminal is sending a when what's actually happening is that the far end is sending a telnet protocol-glyph for and the expect session is recieving that glyph instead of . RichardT From owner-rancid-discuss-outgoing@shrubbery.net Wed Jul 23 19:15:44 2003 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.6) with ESMTP id h6NJFix20890 for ; Wed, 23 Jul 2003 19:15:44 GMT Received: by guelah.shrubbery.net (Postfix) id D210E17D2B2; Wed, 23 Jul 2003 19:15:43 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BD64817D2B1; Wed, 23 Jul 2003 19:15:43 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 925C117D2AF; Wed, 23 Jul 2003 19:15:42 +0000 (UTC) Date: Wed, 23 Jul 2003 12:15:42 -0700 From: john heasley To: Richard Threadgill Cc: john heasley , Andrew Fort , rancid-discuss@shrubbery.net Subject: Re: expect question Message-ID: <20030723191542.GR1334@shrubbery.net> References: <3F1E7250.8020302@choqolat.org> <21542.1058986764@wonderlan.midgard.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <21542.1058986764@wonderlan.midgard.net> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jul 23, 2003 at 11:59:24AM -0700, Richard Threadgill: > In message <20030723185146.GN1334@shrubbery.net>john heasley writes > >Wed, Jul 23, 2003 at 09:32:32PM +1000, Andrew Fort: > >> A question for the expect clueful lurking.. > >> > >> Can one perform a regsub on the data returning from the telnet/ssh/etc > >> session? > >> I'd like to escape out an RE of terminal control characters that are > >> intermingled in the stream before being passed to the expect clause. > >> > > > >i do not know of any way to do this. ultimately, > > > > expect_before { > > "esc-match" { rewrite_w/o > > push back > > exp_continue > > } > > } > > > >afaik, your only option is to match the curses junk, strip it, and continue. > > > >when working on hrancid, i could not get this to work properly. i bagged > >it and hence hpfilter. > > Yeah, that's what's supposed to work. I've used it once or twice in > some extreme cases with some other tcl apps, but its tricky. The > O'Reilly tcl book actually gives an example of doing basically > this, but I haven't had a chance to look at the rancid code at > where it would need to be shoe-horned in. page? what's the variable you modify to get it to consider it as part of the next expect (i forget)? > John - was there any chance that the reason things weren't > working were that you weren't in the line mode you thought you > were in? Or that you were trying to trap control chars when you > needed to be trying to trap telnet glyphs? shouldnt matter. i was just looking for escape and/or escap sequences (curses crap). expect should read in chars and try to match, or repeat until match. \e would never match. while hpfilter basically does the same thing, but works. > One of the nasty things we encountered while working > with delivery drivers for Ponte was that we needed more of telnet > in the driver than we expected, to deal with session backup, and > disconnect, etc - basically, we (programmers) always were > thinking about the session as being in line mode when in fact its > in character mode. This normally doesn't matter, but when you're > trying to strip out terminal control noise it becomes really > important. Also, keep in mind that in many circumstances the > human is thinking 'and now the terminal is sending a > when what's actually happening is that the far end is sending a > telnet protocol-glyph for and the expect session > is recieving that glyph instead of . well, rusty on telnet protocol, but is that not dependant upon 7/8 bit and/or options? of course, hpfilter only tries to deal with curses stuff.