Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
The tutorial above was really good, so thank you!
I did get everything setup and working but I have a few minor issues. For some reason rancid is defaulting to my user directory for the .cloginrc file. I placed the file in /home/mydirectory/.cloginrc and it works fine any suggestions on how I can change this?
Also if I (su rancid) it seems like the account does not have permission to write to /var/lib/rancid/backups/ directory.
Thanks,
-lo
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
bump
I found out that I can control what password file is called by the command listed below. But for firewalls I keep getting the "term length 0" in the file:\ The command for an ASA is "term pager 0", so the question is how do I change this in rancid? And is the command below to large?
Code:
sudo /usr/lib/rancid/bin/clogin -f /home/user/.cloginrc-firewall -c 'ch context; terminal pager 0; sh run' 10.2.2.1 > /home/user/backups/firewall-test.cfg
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
ronni
I have followed the howto, and are able to login to an HP Switch using:
/usr/lib/rancid/bin/clogin IPADDESSOFDEVICE
Ronni,
There are several login scripts like the 'clogin' for Cisco routers.
'hlogin' is for HP gear.
From the clogin man page:
Quote:
DESCRIPTION
clogin is an expect(1) script to automate the process of logging into a Cisco router,
catalyst switch, Extreme switch, Juniper ERX/E-series, Procket Networks, or Redback
router. There are complementary scripts for Alteon, ADC-kentrox EZ-T3 mux, Bay
Networks (nortel), Cisco AGM, Foundry, HP Procurve Switches, Hitachi Routers, Juniper
Networks, Netscreen firewalls, Netscaler, Riverstone, and Lucent TNT, named alogin,
blogin, elogin, flogin, hlogin, htlogin, jlogin, nlogin, nslogin, rivlogin, and
tntlogin, respectively.
Hope this helps, chk9
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
don_777
Never mind I found the problem. The rancid user has to be in the root group and not under the rancid group.
My rancid user is NOT in the root group, but the rancid group should have appropriate access to the files/folders rancid user wants to write to/read from... Check your permissions!
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
-lodogg-
for firewalls I keep getting the "term length 0" in the file:\ The command for an ASA is "term pager 0"
I've put all ASA's on 'no pager' and you could put that in a separate script to run before the 'rancid-run' script in the crontab for rancid, if you have team-mates that like to put the pager statement back in.
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
This was originally posted in 2005. I'm curious, is it still applicable with recent rancid/ubuntu versions? Or is there a more up to date one to be found?
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
This post has been really helpfull to me. But I have a problem, I have not a route to an IP 10.200.1.10, I must telnet 10.30.2.10 and I already do that:
add user 10.30.2.10 user
add password 10.30.2.10 {password}
add autoenable 10.30.2.10 1
How can I configure the .cloginrc file in order to first telnet 10.30.2.10, and then telnet 10.200.1.10 automaticaly if I must be logged in the first one to reach the second one??
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
I have a question for rancid users who are using this for their Cisco switches. I noticed that my config has a lot of unnecessary info in the beginning, like listing everything in the bootflash and NVRAM directories as well as some other info not relevant to the actual config. Is there a way to NOT output this info and just get the relevant config info?
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
nuzzy
I have a question for rancid users who are using this for their Cisco switches. I noticed that my config has a lot of unnecessary info in the beginning, like listing everything in the bootflash and NVRAM directories as well as some other info not relevant to the actual config. Is there a way to NOT output this info and just get the relevant config info?
Yes, there is - look in your bin/rancid:
Code:
#Main
@commandtable = (
{'admin show version' => 'ShowVersion'},
{'show version' => 'ShowVersion'},
{'show redundancy secondary' => 'ShowRedundancy'},
{'show idprom backplane', => 'ShowIDprom'},
{'show install active' => 'ShowInstallActive'},
{'admin show env all' => 'ShowEnv'},
{'show env all' => 'ShowEnv'},
{'show rsp chassis-info', => 'ShowRSP'},
(...)
{'show running-config' => 'WriteTerm'},
{'write term' => 'WriteTerm'},
);
Just comment out unwanted commands.