Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
GrammatonCleric
As the user rancid test accessing your equipment.
Quote:
NOTE: When rancid is installed the default shell for the rancid user is csh. So for the script above to work the "#!/bin/bash' is needed.
Looks like RANCIDs user in 8.04 has it's shell set to /bin/false, so using 'su' will silently fail. You can use vipw to change it to /bin/bash.
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
GrammatonCleric
Open a terminal and type the following.
Code:
sudo gedit /var/lib/rancid/.cloginrc
Add entries for each router, switch, pix firewall you'd like to backup by using the following format.
Code:
add password IPADDRESS {telnetpassword} {enablepassword}
IPADDRESS = the actual ip address of the device you want to backup.
telnetpassword = the actual telnet password for the device you want to backup.
enablepassword = the actual enable password for the device you want to backup.
The "{}" are required. At the bottom of the .clogin add the following line if you require SSH access to your equipment.
Code:
add method * telnet ssh
With this clogin will first try to telnet then ssh to your equipment.
Very nice and useful howto! Just what I've been looking for!
But what if my routers use local authentication with username/password and not only password?
How exactly would the /var/lib/rancid/.cloginrc file look in this case?
TIA
Ziv
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Hi Ziv,
The .cloginrc format is.
Code:
add password <router name glob> <vty passwd> <enable passwd>
add user <router name glob> <username>
The default user is $USER (i.e.: the user running clogin).
add userprompt <router name glob> <username prompt>
What the router prints to prompt for the username.
Default: {"(Username|login|user name):"}
add userpassword <router name glob> <user password>
The password for user if different than the password set
using 'add password'.
add passprompt <router name glob> <password prompt>
What the router prints to prompt for the password.
Default: {"(\[Pp]assword|passwd):"}
add method <router name glob> {ssh} [...]
Defines, in order, which connection method(s) to use for a device
from the set {ssh,telnet,rsh}. e.g.: add method * {ssh} {telnet} {rsh}
will attempt ssh connection first. if ssh fails with connection
refused (i.e.: not due to authentication failure), then try telnet,
then rsh.
Default: {telnet} {ssh}
add noenable <router name glob>
equivalent of -noenable on the cmd line to not enable at login.
add enableprompt <router name glob> <enable prompt>
What the router prints to prompt for the enable password.
Default: {"\[Pp]assword:"}
add enauser <router name glob> <username>
This is only needed if enable asks for a username and this
username is different from what user is set to.
add autoenable <router name glob> <1/0>
This is used if you are automatically enabled by the login process.
add cyphertype <router name glob> <ssh encryption type>
Default is 3des.
add identity <router name glob> <path to ssh identity file>
Default is your default ssh identity.
Hope this helps.
- GC
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Another little question, let's say I set the default user "rancid" on every router with priv 15
is there a way I can set a global variable of the user to be used on every device? or I still need to add an entry for every single device even the same user/pass is set on all of them?
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Quote:
Originally Posted by
zivley
Is there a way I can set a global variable of the user to be used on every device?
Code:
add user * $env(USER)
will set the default user for all devices...
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Hi,
I have followed the howto, and are able to login to an HP Switch using:
/usr/lib/rancid/bin/clogin IPADDESSOFDEVICE
But when I try to use:
/usr/lib/rancid/bin/clogin -c 'write term' IPADDESSOFDEVICE > /var/lib/rancid/backups/test.cfg
I get the following error:
couldn't compile regular expression pattern: parentheses () not balanced
while executing
"expect -nobrace -re { [24;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[
]+} { exp_continue }"
invoked from within
"expect {
-re $reprompt {}
-re "\[\n\r]+" { exp_continue }
}"
(procedure "run_commands" line 25)
invoked from within
"run_commands $prompt $command"
("foreach" body line 169)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/usr/lib/rancid/bin/clogin" line 749)
I have found that if I comment out line 625 that looks like this:
regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt
or if I put a ] after \1 the error disappear, but the output in test.cfg is just some weird mess.
Any suggestions?
-Ronni
Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups
Never mind I found the problem. The rancid user has to be in the root group and not under the rancid group.