Jason Humes | 12 Sep 21:06 2014
Picon

[rancid] RANCID is incorrectly parsing my Cisco IOS Firewall, adding linebreaks, joining lines, etc

Hi
Recently upgraded to RANCID 3.1 and I'm finding all our Cisco devices are coming up with new configs after
every run due to rancid adding line breaks in some cases and in others it joins two lines of the config.

Any thoughts on why this might be going on?  I'm running Ubuntu 14.04.

Thanks

Jason 

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Jon Lewis | 12 Sep 16:50 2014

[rancid] interactive after -x

I recently had a desire to be able to use the rancid login scripts to run 
a series of commands on a large number of devices (altering their 
configs), and when finished with the -x command file, rather than exit, go 
interactive so that I could do some testing/verification before 
disconnecting.

I didn't see that this functionality was offered in the versions we have 
installed, so I patched it into flogin and clogin.  Assuming I didn't 
overlook this functionality already being present, I wonder if the patches 
might make it into a future version?  My expect is pretty rusty, but it 
didn't take much to add a command line switch telling [fc]login to go 
interactive after running the -x commands file.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

heasley | 12 Sep 15:41 2014
Picon

Re: [rancid] Rancid submits random characters after logon - causes config read failure

Fri, Sep 12, 2014 at 08:03:23AM -0400, Jon Lewis:
> On Fri, 12 Sep 2014, Neil Arnold wrote:
> > I've got an issue with 3 HP Procurve switches. All are running a recent
> > firmware version. The problem is that no config is being pulled from 3 HP
> > switches. in my network, the others give up their config just fine. I've
> > discovered the reason but I'm unsure of how to fix it.
> > The issue is caused because rancid is issuing the following command to the
> > switch after it logs on: ^[[46;148R
> >
> > I can see this by running /bin/clogin 10.100.20.149 and seeing that I get
> > dropped to the following:
> >
> > HP_SWITCH_1# ^[[46;148R
> > HP_SWITCH_1#
> >
> > So Rancid is issuing the manager username and password and then issuing
> > ^[[46;148R which the switch doesn't understand, Rancid, having not received
> 
> I have similar problems with clogin and arista gear.  In this case, it's 
> solved by clearing the TERM environment variable before running clogin.

the garbage text is from the switch, screen manipulation codes.  certainly
try hlogin first, but you can also try this patch.  without one of these
to poke, it is hard to figure out the fix.

Index: bin/hrancid.in
===================================================================
--- bin/hrancid.in	(revision 2859)
+++ bin/hrancid.in	(working copy)
 <at>  <at>  -61,6 +61,9  <at>  <at> 
(Continue reading)

Neil Arnold | 12 Sep 13:14 2014
Picon

[rancid] Rancid submits random characters after logon - causes config read failure

Hi,

I've got an issue with 3 HP Procurve switches. All are running a recent firmware version. The problem is that no config is being pulled from 3 HP switches. in my network, the others give up their config just fine. I've discovered the reason but I'm unsure of how to fix it.
The issue is caused because rancid is issuing the following command to the switch after it logs on: ^[[46;148R

I can see this by running /bin/clogin 10.100.20.149 and seeing that I get dropped to the following:

HP_SWITCH_1# ^[[46;148R
HP_SWITCH_1#

So Rancid is issuing the manager username and password and then issuing ^[[46;148R which the switch doesn't understand, Rancid, having not received the config, disconnects and moves on. I can Telnet into these switches from Rancid just fine using the manager logon so I know it's not an issue there. I just can't understand why Rancid seems to be issuing this random string of characters after it logs onto these particular switches.

Anyone have any ideas?

Many thanks for any pointers.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Wayne Eisenberg | 12 Sep 11:11 2014

[rancid] timeout problems with cisco switch/ap

Hi,

 

I’m using rancid 2.3.8 to monitor some devices and everything works well except at this one location behind a firewall. Rancid runs great against the firewall itself, and I have no problem reaching the switches and APs behind the firewall. I can login to the switches fine (either directly with ssh on the rancid box or with clogin), but any command I try to issue never seems to execute on the switch when using clogin. (I have no problems if I login with ssh from the rancid box. Response to issued commands is as quick as expected.) Example:

 

~~~~~~~~~~~~~~~~~~~~~~~~~

[rancid <at> xxxxxx rancid]$ bin/clogin switch1

spawn ssh -c 3des -x -l administrator -p 10001 switch1

 

************************ Warning! Warning! Warning! ************************

  This system is restricted to authorized users.  Unauthorized

<snip>

************************ Warning! Warning! Warning! ************************

Password:

 

Switch1#sh ver

 

Error: TIMEOUT reached

[rancid <at> xxxxxx rancid]$ sh ver

sh: ver: No such file or directory

[rancid <at> xxxxxx rancid]$

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Changing the timeout in clogin to 90 seconds doesn’t help. Any ideas?

 

 

Thanks,

Wayne

 

 

 

 



The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Ben Sanders | 10 Sep 15:52 2014
Picon

[rancid] Ignoring certain output in diffs

Good Day,

I am struggling trying to create a way to ignore lines in diff.  I have Patton devices which I am using the Cisco module for as it seems to grab the configuration.  Problem is every time you "show run" it generates a timestamp:

example:
#----------------------------------------------------------------#
#                                                                #
# SN4980/1E24V                                                   #
# R6.6 2014-07-11 H32 3 RBS SIP                                   #
# 2014-09-10T09:50:34                                            #
# SN/xxxxxxxxxx                                               #
# Generated configuration file                                   #
#                                                           &nbs p;    #
#----------------------------------------------------------------#


Could someone lend a hand in ignoring the timestamp line??

Thanks.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Neil Arnold | 8 Sep 12:47 2014
Picon

[rancid] HP Procurve - no config changes yet Rancid thinks there is

Hi,

I've got Rancid running for a lot of HP switches without issue. The only one I do have an issue with is my core switch. It's a HP Procurve 5412ZL. Rancid is set to run every hour and throughout the day. During the day it's quiet and not alerting me to anything (which is good as nothing in the config changes). However, during the night, it fires off email alerts telling me the config has changed. Looking at the email shows things like the following:

aaa port-access authenticator D11 auth-vid 1                  aaa port-access authenticato

It almost looks like the switch can't output the config quick enough for Rancid and Rancid only gets half the config. It then thinks it's changed, logs it as a diff and fires off an email. I've spent weeks playing with the set up to try and fix this all to no avail.

If anyone has any suggestions, I'd be happy to take them.

Thanks in advance...

Neil.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Richard Owen | 6 Sep 19:26 2014

Re: [rancid] Fortigate 100 or 200

I would but there EOL and just getting a backup incase they go bang. The only problem with upgrading, is that the config is completely different plus it gets wiped and not migrated when you upgrade the fortiOS :-(

> Date: Fri, 5 Sep 2014 23:36:49 +0000
> From: heas <at> shrubbery.net
> To: rowen121 <at> outlook.com
> Subject: Re: [rancid] Fortigate 100 or 200
>
> Fri, Sep 05, 2014 at 11:30:06PM +0100, Richard Owen:
> > I think I may have found the problem! we're using a super old version 2.5 on the Fortigates, as someone has been to lazy to upgrade them, even though we had a subscription to all updates until last year!!! (I've only just joined and have been tasked of backing up all network enitities) once upgraded to 3.0, the features used in the fnrancid work perfectly. For now though I have hacked both the fnlogin and fnrancid to get it working. I've changed the command from "show full-configuration" to "get config" in fnrancid, and commented out the disable paging mechanisms but added 15 send "/r" at that point, so when a --press <return> to continue, or q to quit-- is prompted, there's enough returns in the buffer to complete the paging of the config and therefore get a full backup.
> > If anyone has experienced the same problem, it would great to know how you fixed it.
> >
>
> save yourself the aggrevation and just upgrade them.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Nathan Burgerhout | 5 Sep 20:07 2014
Picon

Re: [rancid] Two Cisco device's on one WAN IP

Thank you Bob.

I tried to do this, but it didn't work. It just stops at the point where it types the seconds SSH. The problem could be that my Cisco's authenticate through a Tacacs+ server. I'm going to try some more. At least I'm going in the right direction.

---
Nathan

2014-09-05 19:27 GMT+02:00 Bob B <bob <at> softscape.ca>:
Nathan,

If it's any help, this is how we do it. We have many devices fitting this exact scenario and it seems to work reasonably well.

The configuration is a bit more involved in the .cloginrc file, but not overly complicated.

Bob.



> -----Original Message-----
> From: Rancid-discuss [mailto:rancid-discuss-bounces <at> shrubbery.net] On
> Behalf Of Nathan Burgerhout
> Sent: Friday, September 05, 2014 8:40 AM
> To: rancid-discuss <at> shrubbery.net
> Subject: [rancid] Two Cisco device's on one WAN IP
>
> Hello everyone,
>
>
> I hope that I'm in the right place to ask this.
>
> Recently I installed Rancid so that I can backup the Cisco devices from my
> customers. I have it working for one device. The second device can only be
> accessed by using SSH from the first Cisco to the second Cisco.
>
>
> Rancid Server at work --> Internet --> Cisco A --> Cisco B
>
>
> Is this possible to do? The example in the link below is for a network
> where the Rancid server is local which isn't the case for me, but it looks
> like I could use the usercmd method.
>
> http://www.shrubbery.net/pipermail/rancid-discuss/2008-
> September/003274.html
>
>
> Regards,
>
> Nathan




_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Nathan Burgerhout | 5 Sep 14:40 2014
Picon

[rancid] Two Cisco device's on one WAN IP

Hello everyone,

I hope that I'm in the right place to ask this.

Recently I installed Rancid so that I can backup the Cisco devices from my customers. I have it working for one device. The second device can only be accessed by using SSH from the first Cisco to the second Cisco.

Rancid Server at work --> Internet --> Cisco A --> Cisco B

Is this possible to do? The example in the link below is for a network where the Rancid server is local which isn't the case for me, but it looks like I could use the usercmd method.

http://www.shrubbery.net/pipermail/rancid-discuss/2008-September/003274.html

Regards,
Nathan
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Richard Owen | 4 Sep 18:58 2014

[rancid] Fortigate 100 or 200

Anybody got Rancid working with Fortigate 100 or 200? I have the 200 working via ssh and running get config

Thanks

Rich
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Gmane