Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: HOW TO: Automating Cisco Router, Switch, and Firewall backups

  1. #11
    Join Date
    Apr 2009
    Beans
    14

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    The tutorial above was really good, so thank you!

    I did get everything setup and working but I have a few minor issues. For some reason rancid is defaulting to my user directory for the .cloginrc file. I placed the file in /home/mydirectory/.cloginrc and it works fine any suggestions on how I can change this?

    Also if I (su rancid) it seems like the account does not have permission to write to /var/lib/rancid/backups/ directory.

    Thanks,
    -lo

  2. #12
    Join Date
    Apr 2009
    Beans
    14

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    bump

    I found out that I can control what password file is called by the command listed below. But for firewalls I keep getting the "term length 0" in the file:\ The command for an ASA is "term pager 0", so the question is how do I change this in rancid? And is the command below to large?

    Code:
    sudo /usr/lib/rancid/bin/clogin -f /home/user/.cloginrc-firewall -c 'ch context; terminal pager 0; sh run' 10.2.2.1 > /home/user/backups/firewall-test.cfg

  3. #13
    Join Date
    Nov 2005
    Location
    Ontario
    Beans
    26
    Distro
    Ubuntu 10.04 Lucid Lynx

    Lightbulb Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by ronni View Post
    I have followed the howto, and are able to login to an HP Switch using:
    /usr/lib/rancid/bin/clogin IPADDESSOFDEVICE
    Ronni,

    There are several login scripts like the 'clogin' for Cisco routers.
    'hlogin' is for HP gear.

    From the clogin man page:
    DESCRIPTION
    clogin is an expect(1) script to automate the process of logging into a Cisco router,
    catalyst switch, Extreme switch, Juniper ERX/E-series, Procket Networks, or Redback
    router. There are complementary scripts for Alteon, ADC-kentrox EZ-T3 mux, Bay
    Networks (nortel), Cisco AGM, Foundry, HP Procurve Switches, Hitachi Routers, Juniper
    Networks, Netscreen firewalls, Netscaler, Riverstone, and Lucent TNT, named alogin,
    blogin, elogin, flogin, hlogin, htlogin, jlogin, nlogin, nslogin, rivlogin, and
    tntlogin, respectively.
    Hope this helps, chk9

  4. #14
    Join Date
    Nov 2005
    Location
    Ontario
    Beans
    26
    Distro
    Ubuntu 10.04 Lucid Lynx

    Question Re: Error Message

    Quote Originally Posted by don_777 View Post
    error "/home/rancid/.cloginrc must not be world readable/writable", so I have no idea how to solve this problem. If some body has an idea?
    This step should have solved that:
    Code:
    Step 3: Protect the .cloginrc file. 
    -------------------------------------------------------------------- 
    
    
    Code:
    sudo chmod 640 /var/lib/rancid/.cloginrc
    Since this file does contain passwords; even better still is:
    Code:
    sudo chmod 600 /var/lib/rancid/.cloginrc
    I did create rancid as a regular user and can login as rancid directly.

  5. #15
    Join Date
    Nov 2005
    Location
    Ontario
    Beans
    26
    Distro
    Ubuntu 10.04 Lucid Lynx

    Exclamation Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by don_777 View Post
    Never mind I found the problem. The rancid user has to be in the root group and not under the rancid group.
    My rancid user is NOT in the root group, but the rancid group should have appropriate access to the files/folders rancid user wants to write to/read from... Check your permissions!

  6. #16
    Join Date
    Nov 2005
    Location
    Ontario
    Beans
    26
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by -lodogg- View Post
    for firewalls I keep getting the "term length 0" in the file:\ The command for an ASA is "term pager 0"
    I've put all ASA's on 'no pager' and you could put that in a separate script to run before the 'rancid-run' script in the crontab for rancid, if you have team-mates that like to put the pager statement back in.

  7. #17
    Join Date
    Oct 2006
    Beans
    Hidden!

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    This was originally posted in 2005. I'm curious, is it still applicable with recent rancid/ubuntu versions? Or is there a more up to date one to be found?

  8. #18
    Join Date
    Jan 2010
    Beans
    1

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    This post has been really helpfull to me. But I have a problem, I have not a route to an IP 10.200.1.10, I must telnet 10.30.2.10 and I already do that:

    add user 10.30.2.10 user
    add password 10.30.2.10 {password}
    add autoenable 10.30.2.10 1

    How can I configure the .cloginrc file in order to first telnet 10.30.2.10, and then telnet 10.200.1.10 automaticaly if I must be logged in the first one to reach the second one??

  9. #19
    Join Date
    Jan 2006
    Location
    NH, USA
    Beans
    49
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    I have a question for rancid users who are using this for their Cisco switches. I noticed that my config has a lot of unnecessary info in the beginning, like listing everything in the bootflash and NVRAM directories as well as some other info not relevant to the actual config. Is there a way to NOT output this info and just get the relevant config info?

  10. #20
    Join Date
    Apr 2006
    Beans
    8

    Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

    Quote Originally Posted by nuzzy View Post
    I have a question for rancid users who are using this for their Cisco switches. I noticed that my config has a lot of unnecessary info in the beginning, like listing everything in the bootflash and NVRAM directories as well as some other info not relevant to the actual config. Is there a way to NOT output this info and just get the relevant config info?
    Yes, there is - look in your bin/rancid:

    Code:
    #Main
    @commandtable = (
            {'admin show version'           => 'ShowVersion'},
            {'show version'                 => 'ShowVersion'},
            {'show redundancy secondary'    => 'ShowRedundancy'},
            {'show idprom backplane',       => 'ShowIDprom'},
            {'show install active'          => 'ShowInstallActive'},
            {'admin show env all'           => 'ShowEnv'},
            {'show env all'                 => 'ShowEnv'},
            {'show rsp chassis-info',       => 'ShowRSP'},
    (...)
            {'show running-config'          => 'WriteTerm'},
            {'write term'                   => 'WriteTerm'},
    );
    Just comment out unwanted commands.

Page 2 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •