Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: HOW TO: Automating Cisco Router, Switch, and Firewall backups

  1. #21
    Join Date
    Aug 2009
    Location
    Lake Tahoe Area
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Angry Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by GrammatonCleric View Post
    Hi Ziv,

    The .cloginrc format is.

    Code:
     add password <router name glob> <vty passwd> <enable passwd>
    
     add user <router name glob> <username>
           The default user is $USER (i.e.: the user running clogin).
    
     add userprompt <router name glob> <username prompt>
           What the router prints to prompt for the username.
           Default: {"(Username|login|user name):"}
    
     add userpassword <router name glob> <user password>
           The password for user if different than the password set
           using 'add password'.
    
     add passprompt <router name glob> <password prompt>
           What the router prints to prompt for the password.
           Default: {"(\[Pp]assword|passwd):"}
    
     add method <router name glob> {ssh} [...]
           Defines, in order, which connection method(s) to use for a device
           from the set {ssh,telnet,rsh}.  e.g.: add method * {ssh} {telnet} {rsh}
           will attempt ssh connection first.  if ssh fails with connection
           refused (i.e.: not due to authentication failure), then try telnet,
           then rsh.
           Default: {telnet} {ssh}
    
     add noenable <router name glob>
           equivalent of -noenable on the cmd line to not enable at login.
    
     add enableprompt <router name glob> <enable prompt>
           What the router prints to prompt for the enable password.
           Default: {"\[Pp]assword:"}
    
     add enauser <router name glob> <username>
           This is only needed if enable asks for a username and this
           username is different from what user is set to.
    
     add autoenable <router name glob> <1/0>
           This is used if you are automatically enabled by the login process.
    
     add cyphertype <router name glob> <ssh encryption type>
           Default is 3des.
    
     add identity <router name glob> <path to ssh identity file>
           Default is your default ssh identity.
    Hope this helps.

    - GC
    Hello!
    Thank you for your great post, but cent get trough step 8.
    i dont understund content of file .cloginrc, seems to complex for this:
    Router Name: Lab_router
    ip address: 192.168.1.1
    telnet(vty) password cisco
    enable secret class
    my .cloginrc:
    add password 192.168.1.1 {cisco} {class}
    when i type
    /usr/lib/rancid/bin/clogin 192.168.1.1
    i get this:
    Error: password file (/home/eric/.cloginrc) does not exist

    Ill be very appreciated of any help,
    thanks,

    Eric

  2. #22
    Join Date
    Apr 2007
    Location
    Singapore, Asia
    Beans
    Hidden!
    Distro
    Hardy Heron (Ubuntu Development)

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by hovrashko View Post
    Hello!
    Thank you for your great post, but cent get trough step 8.
    i dont understund content of file .cloginrc, seems to complex for this:
    Router Name: Lab_router
    ip address: 192.168.1.1
    telnet(vty) password cisco
    enable secret class
    my .cloginrc:
    add password 192.168.1.1 {cisco} {class}
    when i type
    /usr/lib/rancid/bin/clogin 192.168.1.1
    i get this:
    Error: password file (/home/eric/.cloginrc) does not exist

    Ill be very appreciated of any help,
    thanks,

    Eric
    I have the same issue, anyone can help???

    thomas@nms-01:/$ /usr/lib/rancid/bin/clogin 10.1.1.1

    Error: password file (/home/thomas/.cloginrc) does not exist
    thomas@nms-01:/$

    i have follow the guide to the dot!

  3. #23
    Join Date
    Mar 2010
    Beans
    1

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    You MUST run the command as the rancid user "su - rancid" or you will get this exact error. here is another (slightly different) install linked from the rancid web site. Note that this install is for fedora not ubuntu and the setup is slightly different.http://www.linuxhomenetworking.com/w...ps_With_Rancid

    Basically your rancid user has the wrong home folder set.

    To change the user's home directory, just use the 'usermod' command, which exists on all unices. It works like this:

    usermod -d /path/to/new/homedir/ username

    Best to do this from the root user logon or another admin user that is NOT the rancid user.
    Last edited by kcmjr; March 30th, 2010 at 10:10 PM.

  4. #24
    Join Date
    Sep 2008
    Beans
    29
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by pininy View Post
    I have the same issue, anyone can help???

    thomas@nms-01:/$ /usr/lib/rancid/bin/clogin 10.1.1.1

    Error: password file (/home/thomas/.cloginrc) does not exist
    thomas@nms-01:/$
    [...]
    You could theoretically have a different .cloginrc for every user on your system.
    You don't have to log in from the rancid account or with the rancid user.
    If you are trying to use clogin from your account (as opposed to running rancid-run to collect configs,
    which can be done from the rancid user crontab), just make sure you have a
    /home/whoever/.cloginrc and make sure that you have /usr/local/rancid/bin in your path.

    I have this in my ~/.profile to prepend the rancid path to my existing PATH:
    PATH="/usr/lib/rancid/bin:$PATH"

  5. #25
    Join Date
    Jun 2010
    Beans
    3

    Post Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    I have a trouble with Step #9. clogin didn't send the 'show ver' command to the switch.
    I really don't know what I did wrong, can you help me please?

    Code:
    rancid@lab-server01:/home/lab$ /usr/lib/rancid/bin/clogin -u 'rancid' -p 'rancid' -c 'show ver' 172.24.99.10
    172.24.99.10
    spawn telnet 172.24.99.10
    Trying 172.24.99.10...
    Connected to 172.24.99.10.
    Escape character is '^]'.
     
    User Access Verification
    Username: rancid
    Password:
    LAB-SW03#

  6. #26
    Join Date
    Jun 2010
    Beans
    3

    Lightbulb Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    I found the solution, I added the "-autoenable" option to my command.
    Here is the result.

    Thanks!

    Code:
    rancid@lab-server01:/home/lab$ /usr/lib/rancid/bin/clogin -u 'rancid' -p 'rancid' -autoenable -c 'show ver' 172.24.99.10
     
    spawn telnet 172.24.99.10
    Trying 172.24.99.10...
    Connected to 172.24.99.10.
    Escape character is '^]'.
     
    User Access Verification
    Username: rancid
    Password:
    LAB-SW03#
    LAB-SW03#terminal length 0
    LAB-SW03#show ver
    Cisco Internetwork Operating System Software
    IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA13, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by cisco Systems, Inc.
    Compiled Fri 27-Feb-09 22:20 by amvarma
    Image text-base: 0x80010000, data-base: 0x80680000
    ROM: Bootstrap program is C2950 boot loader
    LABD3-SW03 uptime is 2 weeks, 4 days, 22 hours, 11 minutes
    System returned to ROM by power-on
    System image file is "flash:/c2950-i6k2l2q4-mz.121-22.EA13.bin"
     
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    export@cisco.com.
    cisco WS-C2950-12 (RC32300) processor (revision N0) with 19912K bytes of memory.
    Processor board ID
    Last reset from system-reset
    Running Standard Image
    12 FastEthernet/IEEE 802.3 interface(s)
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 
    Motherboard assembly number: 
    Power supply part number: 34-0965-01
    Motherboard serial number: 
    Power supply serial number: 
    Model revision number: N0
    Motherboard revision number: B0
    Model number: WS-C2950-12
    System serial number: 
    Configuration register is 0xF
     
    LAB-SW03#exit
    Connection closed by foreign host.

  7. #27
    Join Date
    Jun 2010
    Beans
    4

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Hey! I was hoping someone could help me with gettng Rancid to authenticate a user with AAA and a Tacacs server. I am kinda new to this kinda stuff. I have rancid installed on Ubuntu server 10.04 (lucid) anyhelp would be amazing

  8. #28
    Join Date
    Jun 2008
    Beans
    3
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    great post, thanks a bunch, GrammatonCleric!

  9. #29
    Join Date
    Dec 2007
    Location
    Otsego, MN
    Beans
    11
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    In keeping with the apparent theme of posting to this thread once every couple of months... Here's another Rancid oddity:

    Trying to pull config diffs from HP Procurve switches. Latest versions of Tcl, Expect, diff stat, and 2.3.5 Rancid.

    Getting random characters changes and white space changes seen as diffs. Things like ";password manager <removed>" in one config showing up in the next chrons run as "c5# ord manager". This generates a new email every time.

    Since we have these going directly into our ticketing system for change control, these pile up over time and need to be parsed out from actual config changes.

    I've tried various diff switches in the control_rancid. Current command string in the control_rancid file is "cvs -f diff -TwbB -U 4 -ko | sed -e '/^RCS file: /d' -e/^--- /d' \ -e '/^+++/d' -e 's/^\([-+]\)/\1 /' >$TMP.dff"

    I've also tried looking in the hrancid, hlogin, and htlogin files for more hints that might be scrambling my diffs, but no luck.

    Here's a sample of what shows up in my ticket queue:

    retrieving revision 1.71
    diff -T -w -b -B -U 4 -r1.71 10.5.2.55
    @@ -47,6 +47,6 @@
    untagged 1
    tagged Trk1
    exit
    spanning-tree Trk1 priority 4
    - ;password manager <removed>
    + 72-nc6# manager
    ;
    Last edited by Rev. Dead Corpse; January 3rd, 2011 at 08:21 PM. Reason: additional info

  10. #30
    Join Date
    Dec 2007
    Location
    Otsego, MN
    Beans
    11
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by Rev. Dead Corpse View Post
    In keeping with the apparent theme of posting to this thread once every couple of months... Here's another Rancid oddity:

    Trying to pull config diffs from HP Procurve switches. Latest versions of Tcl, Expect, diff stat, and 2.3.5 Rancid.

    Getting random characters changes and white space changes seen as diffs. Things like ";password manager <removed>" in one config showing up in the next chrons run as "c5# ord manager". This generates a new email every time.

    Since we have these going directly into our ticketing system for change control, these pile up over time and need to be parsed out from actual config changes.

    I've tried various diff switches in the control_rancid. Current command string in the control_rancid file is "cvs -f diff -TwbB -U 4 -ko | sed -e '/^RCS file: /d' -e/^--- /d' \ -e '/^+++/d' -e 's/^\([-+]\)/\1 /' >$TMP.dff"

    I've also tried looking in the hrancid, hlogin, and htlogin files for more hints that might be scrambling my diffs, but no luck.

    Here's a sample of what shows up in my ticket queue:
    Never mind. I set rancid.conf to only pull one config at a time and it got rid of the issue I was seeing. It went from taking 5 minutes to config diff all 99 devices to almost a half-hour, but at least it looks like it's pulling them correctly now.
    Last edited by Rev. Dead Corpse; January 10th, 2011 at 09:48 PM.

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •