From rancid at veggiechinese.net Wed Nov 1 01:44:53 2006 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 31 Oct 2006 17:44:53 -0800 Subject: [rancid] Re: clogin needs this line to support exit error on Cisco CSS In-Reply-To: <20061004180558.GA90815@viol8tr.com> References: <20061004180558.GA90815@viol8tr.com> Message-ID: <20061101014453.GK8104@mitch.veggiechinese.net> On Wed, Oct 04, 2006 at 11:05:58AM -0700, Lance Vermilion wrote: > Please add this to clogin so it will support the prompt that the CSS > spits out when a config is changed and you attempt to exit. > -re "Configuration changes have occurred*" { > send "n\r" > exp_continue Ahh! I was just about to write about this very problem... thanks for sending a solution - good thing I looked through my list mail first for once. I'm not sure what the "*" at the end accomplishes. I think it will work without it. And it didn't really need to be a regex. It might make sense to also add an entry for the: "Profile changes have occurred. Save changes before exiting, [y/n]" message. I've attached a diff to current clogin which does the above, and I think has more or less the correct indenting and stuff... It's also at: http://veggiechinese.net/rancid_css_diff1.txt If no one sees any problems, perhaps this (or a modified "fix") can be added to the next release? w -------------- next part -------------- --- clogin.orig 2006-10-31 17:22:18.000000000 -0800 +++ clogin 2006-10-31 17:37:25.000000000 -0800 @@ -671,6 +671,10 @@ send "exit\r" exp_continue; } + -re "(Profile|Configuration) changes have occurred\." { + send "n\r" + exp_continue + } "Do you wish to save your configuration changes" { send "n\r" exp_continue From rancid at veggiechinese.net Wed Nov 1 05:28:28 2006 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 31 Oct 2006 21:28:28 -0800 Subject: [rancid] folded lines Message-ID: <20061101052828.GB17635@mitch.veggiechinese.net> I have a Cisco 4948 and RANCID is repeatedly noticing the following difference: (squished down the columns a little to be a bit easier to read) !VLAN: VLAN Name Status Ports !VLAN: ---- -------------- -------- ------------------------------- - !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4 - !VLAN: Gi1/5, Gi1/6, Gi1/9, Gi1/10 - !VLAN: Gi1/11, Gi1/13, Gi1/14, Gi1/15 - !VLAN: Gi1/17, Gi1/18, Gi1/19, Gi1/21 - !VLAN: Gi1/22, Gi1/23, Gi1/24, Gi1/25 - !VLAN: Gi1/27, Gi1/29, Gi1/30, Gi1/31 - !VLAN: Gi1/33, Gi1/35, Gi1/37, Gi1/39 - !VLAN: Gi1/41, Gi1/42, Gi1/43, Gi1/44 + !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/15, Gi1/17, Gi1/18, Gi1/19, Gi1/21, Gi1/22, Gi1/23, Gi1/24, Gi1/25, Gi1/27, Gi1/29, Gi1/30, Gi1/31, Gi1/33, Gi1/35, Gi1/37, Gi1/39, Gi1/41, Gi1/42, Gi1/43, Gi1/44 !VLAN: 20 VLAN0020 active Gi1/45, Gi1/46, Gi1/47, Gi1/48 Each time it runs, the version that gets committed flip-flops. Am I missing something obvious? w From rancid at veggiechinese.net Wed Nov 1 05:38:52 2006 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 31 Oct 2006 21:38:52 -0800 Subject: [rancid] Re: unencrypted passwords in .cloginrc ... In-Reply-To: <45412BB4.80706@nipper.de> References: <45412896.4030207@get.topica.com> <45412BB4.80706@nipper.de> Message-ID: <20061101053852.GC17635@mitch.veggiechinese.net> On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote: > On 26.10.2006 23:28 John Dworske wrote > > Is there any way getting around using unencrypted passwords in the > > .cloginrc file ? My co-workers will not let me use rancid unless we > > can come up with something more secure ? > > "chmod 600 .cloginrc" is not secure enough? I'm not exactly disagreeing with the sentiments expressed on the list, but just to play devil's advocate.... for one thing, some businesses have to deal with security checklists for various types of compliance, and often there are cookie cutter requirements like "no passwords for X type of device stored in cleartext". Now I think most people here would probably agree that filling out a checklist isn't going to make a network more or less secure, but the fact of the matter is that some corporations care more concerned about saying that they checked that box than about having actual security. w From mark_scheuber at yahoo.com Wed Nov 1 06:02:10 2006 From: mark_scheuber at yahoo.com (mark_scheuber at yahoo.com) Date: Tue, 31 Oct 2006 22:02:10 -0800 (PST) Subject: [rancid] Re: unencrypted passwords in .cloginrc ... In-Reply-To: <20061101053852.GC17635@mitch.veggiechinese.net> Message-ID: <20061101060210.40007.qmail@web52808.mail.yahoo.com> One loophole is that some places that don't allow unencrypted passwords do allow trusted ssh keys. This doesn't always work, but can on some non-cisco gear this is an option. On a side note, it's important to point out that sometimes it's not the company itself that requires the lack of unencrypted passwords but the auditors from 1. your customers or 2. regulatory commissions. If you encrypt the file system as a whole would this meet the criteria your coworkers have stipulated? - Mark William Yardley wrote: On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote: > On 26.10.2006 23:28 John Dworske wrote > > Is there any way getting around using unencrypted passwords in the > > .cloginrc file ? My co-workers will not let me use rancid unless we > > can come up with something more secure ? > > "chmod 600 .cloginrc" is not secure enough? I'm not exactly disagreeing with the sentiments expressed on the list, but just to play devil's advocate.... for one thing, some businesses have to deal with security checklists for various types of compliance, and often there are cookie cutter requirements like "no passwords for X type of device stored in cleartext". Now I think most people here would probably agree that filling out a checklist isn't going to make a network more or less secure, but the fact of the matter is that some corporations care more concerned about saying that they checked that box than about having actual security. w _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss --------------------------------- We have the perfect Group for you. Check out the handy changes to Yahoo! Groups. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061031/a28b41d9/attachment.html From jsherrill at currentcomm.net Wed Nov 1 13:51:29 2006 From: jsherrill at currentcomm.net (Sherrill, Justin) Date: Wed, 1 Nov 2006 08:51:29 -0500 Subject: [rancid] Re: Timeout problems with Cisco CSS's Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACACB@rocexch01.currentcomm.com> Try this: in your .cloginrc: add autoenable veri-stg-dmz-css-1.net 1 It looks like you are automatically enabling that account, and rancid assumes that you are not enabled unless told so specifically. ----------------------------------------- Justin C. Sherrill - CURRENT Communications 220 Kenneth Drive Rochester, New York 14623 P: 585.486.0549 F: 585.486.0030 -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Eidem Sent: Tuesday, October 31, 2006 3:08 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Timeout problems with Cisco CSS's I've installed rancid 2.3.2a5 and I have successfully copied the configs from my routers and switches (all Cisco,) but I'm having problems with my Cisco CSS's (CSS-11152s-AC). When I connect (successfully) using clogin, I get the following: $ clogin veri-stg-dmz-css-1.net veri-stg-dmz-css-1.net spawn telnet veri-stg-dmz-css-1.net Trying WWW.XXX.YYY.ZZZ... Connected to veri-stg-dmz-css-1.net. Escape character is '^]'. User Access Verification Username:admin Password: v-stg-dmz-css-1# Error: TIMEOUT reached $ I am unable to enter any commands, and my scripts also timeout. This is not true when connecting to the routers and switches. Any clues as to where I should begin troubleshooting this? What other information can I provide? $ uname -a OpenBSD xnetmon1 3.9 GENERIC.MP#598 i386 $ expect -v expect version 5.43.0 Thanks in advance, - chris _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. From rancid at gheek.net Wed Nov 1 15:37:03 2006 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 1 Nov 2006 07:37:03 -0800 Subject: [rancid] Re: unencrypted passwords in .cloginrc ... In-Reply-To: <20061101053852.GC17635@mitch.veggiechinese.net> References: <45412896.4030207@get.topica.com> <45412BB4.80706@nipper.de> <20061101053852.GC17635@mitch.veggiechinese.net> Message-ID: <20061101153703.GA76044@viol8tr.com> On Tue, Oct 31, 2006 at 09:38:52PM -0800, William Yardley wrote: > On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote: > > On 26.10.2006 23:28 John Dworske wrote > > > > Is there any way getting around using unencrypted passwords in the > > > .cloginrc file ? My co-workers will not let me use rancid unless we > > > can come up with something more secure ? > > > > "chmod 600 .cloginrc" is not secure enough? > > I'm not exactly disagreeing with the sentiments expressed on the list, > but just to play devil's advocate.... for one thing, some businesses > have to deal with security checklists for various types of compliance, > and often there are cookie cutter requirements like "no passwords for X > type of device stored in cleartext". Now I think most people here would > probably agree that filling out a checklist isn't going to make a > network more or less secure, but the fact of the matter is that some > corporations care more concerned about saying that they checked that box > than about having actual security. > > w > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss You could alway pgp lock the file and keep the passphrase in some file and then use that. That would justify it being secure. They just have to find the file with the passphrase. Or you could do as I have done in the past. Create a ... file (most people will alway skip over the ...) or create some file in the man directory like "/usr/share/man/man1/pine" and keep the passphrase in either of those places. This approach should reach your goal as well. -- -Lance From rancid at gheek.net Wed Nov 1 15:39:11 2006 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 1 Nov 2006 07:39:11 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <20061101052828.GB17635@mitch.veggiechinese.net> References: <20061101052828.GB17635@mitch.veggiechinese.net> Message-ID: <20061101153911.GA76209@viol8tr.com> On Tue, Oct 31, 2006 at 09:28:28PM -0800, William Yardley wrote: > I have a Cisco 4948 and RANCID is repeatedly noticing the following > difference: (squished down the columns a little to be a bit easier to > read) > > !VLAN: VLAN Name Status Ports > !VLAN: ---- -------------- -------- ------------------------------- > > - !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4 > - !VLAN: Gi1/5, Gi1/6, Gi1/9, Gi1/10 > - !VLAN: Gi1/11, Gi1/13, Gi1/14, Gi1/15 > - !VLAN: Gi1/17, Gi1/18, Gi1/19, Gi1/21 > - !VLAN: Gi1/22, Gi1/23, Gi1/24, Gi1/25 > - !VLAN: Gi1/27, Gi1/29, Gi1/30, Gi1/31 > - !VLAN: Gi1/33, Gi1/35, Gi1/37, Gi1/39 > - !VLAN: Gi1/41, Gi1/42, Gi1/43, Gi1/44 > + !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/15, Gi1/17, > Gi1/18, Gi1/19, Gi1/21, Gi1/22, Gi1/23, Gi1/24, Gi1/25, Gi1/27, Gi1/29, Gi1/30, Gi1/31, Gi1/33, Gi1/35, Gi1/37, Gi1/39, Gi1/41, Gi1/42, Gi1/43, Gi1/44 > !VLAN: 20 VLAN0020 active Gi1/45, Gi1/46, Gi1/47, Gi1/48 > > Each time it runs, the version that gets committed flip-flops. Am I > missing something obvious? > > w > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss I have that same problem. Anyone else solved this problem other than ignoring !VLAN lines? -- -Lance From chen_daniel at emc.com Wed Nov 1 18:12:53 2006 From: chen_daniel at emc.com (chen_daniel at emc.com) Date: Wed, 1 Nov 2006 13:12:53 -0500 Subject: [rancid] Re: folded lines In-Reply-To: <20061101153911.GA76209@viol8tr.com> Message-ID: Here's an idea, It would seem that the IOS directive 'term width 0' just like the 'term length 0' prevents the paging. Ooh, time to change the 'clogin' code near the 'term length 0' section. I have 6509 with lots of vlan memberships that constantly change as ports link/unlink. Regards, Daniel Chen > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Lance Vermilion > Sent: Wednesday, November 01, 2006 10:39 AM > To: William Yardley > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: folded lines > > On Tue, Oct 31, 2006 at 09:28:28PM -0800, William Yardley wrote: > > I have a Cisco 4948 and RANCID is repeatedly noticing the following > > difference: (squished down the columns a little to be a bit easier to > > read) > > > > !VLAN: VLAN Name Status Ports > > !VLAN: ---- -------------- -------- ------------------------------- > > > > - !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4 > > - !VLAN: Gi1/5, Gi1/6, Gi1/9, Gi1/10 > > - !VLAN: Gi1/11, Gi1/13, Gi1/14, Gi1/15 > > - !VLAN: Gi1/17, Gi1/18, Gi1/19, Gi1/21 > > - !VLAN: Gi1/22, Gi1/23, Gi1/24, Gi1/25 > > - !VLAN: Gi1/27, Gi1/29, Gi1/30, Gi1/31 > > - !VLAN: Gi1/33, Gi1/35, Gi1/37, Gi1/39 > > - !VLAN: Gi1/41, Gi1/42, Gi1/43, Gi1/44 > > + !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4, Gi1/5, > Gi1/6, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/15, Gi1/17, > > Gi1/18, Gi1/19, Gi1/21, Gi1/22, Gi1/23, Gi1/24, Gi1/25, Gi1/27, Gi1/29, > Gi1/30, Gi1/31, Gi1/33, Gi1/35, Gi1/37, Gi1/39, Gi1/41, Gi1/42, Gi1/43, > Gi1/44 > > !VLAN: 20 VLAN0020 active Gi1/45, Gi1/46, > Gi1/47, Gi1/48 > > > > Each time it runs, the version that gets committed flip-flops. Am I > > missing something obvious? > > > > w > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > I have that same problem. Anyone else solved this problem other than > ignoring !VLAN lines? > -- > > -Lance > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Wed Nov 1 18:17:21 2006 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 1 Nov 2006 10:17:21 -0800 Subject: [rancid] Re: folded lines In-Reply-To: References: <20061101153911.GA76209@viol8tr.com> Message-ID: <20061101181721.GA82991@viol8tr.com> On Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com wrote: > Here's an idea, > > It would seem that the IOS directive 'term width 0' just like the 'term > length 0' prevents the paging. > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > I have 6509 with lots of vlan memberships that constantly change as > ports link/unlink. > > Regards, > Daniel Chen > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Lance Vermilion > > Sent: Wednesday, November 01, 2006 10:39 AM > > To: William Yardley > > Cc: rancid-discuss at shrubbery.net > > Subject: [rancid] Re: folded lines > > > > On Tue, Oct 31, 2006 at 09:28:28PM -0800, William Yardley wrote: > > > I have a Cisco 4948 and RANCID is repeatedly noticing the following > > > difference: (squished down the columns a little to be a bit easier > to > > > read) > > > > > > !VLAN: VLAN Name Status Ports > > > !VLAN: ---- -------------- -------- > ------------------------------- > > > > > > - !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4 > > > - !VLAN: Gi1/5, Gi1/6, Gi1/9, Gi1/10 > > > - !VLAN: Gi1/11, Gi1/13, Gi1/14, Gi1/15 > > > - !VLAN: Gi1/17, Gi1/18, Gi1/19, Gi1/21 > > > - !VLAN: Gi1/22, Gi1/23, Gi1/24, Gi1/25 > > > - !VLAN: Gi1/27, Gi1/29, Gi1/30, Gi1/31 > > > - !VLAN: Gi1/33, Gi1/35, Gi1/37, Gi1/39 > > > - !VLAN: Gi1/41, Gi1/42, Gi1/43, Gi1/44 > > > + !VLAN: 1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4, > Gi1/5, > > Gi1/6, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/15, Gi1/17, > > > Gi1/18, Gi1/19, Gi1/21, Gi1/22, Gi1/23, Gi1/24, Gi1/25, Gi1/27, > Gi1/29, > > Gi1/30, Gi1/31, Gi1/33, Gi1/35, Gi1/37, Gi1/39, Gi1/41, Gi1/42, > Gi1/43, > > Gi1/44 > > > !VLAN: 20 VLAN0020 active Gi1/45, > Gi1/46, > > Gi1/47, Gi1/48 > > > > > > Each time it runs, the version that gets committed flip-flops. Am I > > > missing something obvious? > > > > > > w > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > I have that same problem. Anyone else solved this problem other than > > ignoring !VLAN lines? > > -- > > > > -Lance > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > Chen, Have you changed your code and had success with the changes? -- -Lance From Todd at equivoice.com Thu Nov 2 20:01:07 2006 From: Todd at equivoice.com (Todd Heide) Date: Thu, 2 Nov 2006 14:01:07 -0600 Subject: [rancid] Scheduling group gets Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22040A346@exchange.Equivoice.local> Is it possible to have Rancid pull each group at a different time? For example, if I want my Core_routers group to poll every 2 hours, the Core_switches group every 3, and the other groups once during the night, is it possible? I finally got to the point where I can start implementing Rancid now that I van view the CVS repository easily. Thanks Todd Heide Equivoice LLC -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061102/02bb37e6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061102/02bb37e6/attachment.jpe From heas at shrubbery.net Thu Nov 2 22:24:58 2006 From: heas at shrubbery.net (john heasley) Date: Thu, 2 Nov 2006 22:24:58 +0000 Subject: [rancid] Re: Scheduling group gets In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22040A346@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E22040A346@exchange.Equivoice.local> Message-ID: <20061102222458.GB17886@shrubbery.net> you can add group names to the rancid-run cmd-line and schedule how ever you like from cron. Thu, Nov 02, 2006 at 02:01:07PM -0600, Todd Heide: > Is it possible to have Rancid pull each group at a different time? For > example, if I want my Core_routers group to poll every 2 hours, the > Core_switches group every 3, and the other groups once during the night, > is it possible? I finally got to the point where I can start > implementing Rancid now that I van view the CVS repository easily. > > > > Thanks > > Todd Heide > > Equivoice LLC > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Nov 3 23:08:43 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 3 Nov 2006 23:08:43 +0000 Subject: [rancid] Re: folded lines In-Reply-To: References: <20061101153911.GA76209@viol8tr.com> Message-ID: <20061103230843.GU11447@shrubbery.net> Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com: > Here's an idea, > > It would seem that the IOS directive 'term width 0' just like the 'term > length 0' prevents the paging. > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > I have 6509 with lots of vlan memberships that constantly change as > ports link/unlink. Could you folks compare IOS versions? I've not seen this problem myself. [I fear what obscure IOS bugs 'term width 0' might reveal] From rancid at gheek.net Fri Nov 3 23:53:17 2006 From: rancid at gheek.net (Lance Vermilion) Date: Fri, 3 Nov 2006 15:53:17 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <20061103230843.GU11447@shrubbery.net> References: <20061101153911.GA76209@viol8tr.com> <20061103230843.GU11447@shrubbery.net> Message-ID: <20061103235317.GA27363@gheek.net> John, I have noticed something rather wierd happening with my version. I have some devices listed as IP addresses in the router.db and the cvs diff that is emailed out shows there are all kinds of differences, including the ones for the VLAN, but if I use viewvc I do not see any of those particular differences. It is rather wierd. Maybe it is just my setup. -- -Lance On Fri, Nov 03, 2006 at 11:08:43PM +0000, john heasley wrote: > Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com: > > Here's an idea, > > > > It would seem that the IOS directive 'term width 0' just like the 'term > > length 0' prevents the paging. > > > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > > > I have 6509 with lots of vlan memberships that constantly change as > > ports link/unlink. > > Could you folks compare IOS versions? I've not seen this problem myself. > > [I fear what obscure IOS bugs 'term width 0' might reveal] From johnd at get.topica.com Sat Nov 4 00:07:11 2006 From: johnd at get.topica.com (John Dworske) Date: Fri, 03 Nov 2006 16:07:11 -0800 Subject: [rancid] [Fwd: corp config diffs] Message-ID: <454BD9AF.7040309@get.topica.com> Anyone know why we get so many of these emails regarding portvlancost .... Thanks, John Dworske -------------- next part -------------- An embedded message was scrubbed... From: Amar Parikh Subject: corp config diffs Date: Fri, 3 Nov 2006 07:50:28 -0800 (PST) Size: 2056 Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061103/1c292cc0/attachment.mht From lance at gheek.net Fri Nov 3 23:51:03 2006 From: lance at gheek.net (Lance Vermilion) Date: Fri, 3 Nov 2006 15:51:03 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <20061103230843.GU11447@shrubbery.net> References: <20061101153911.GA76209@viol8tr.com> <20061103230843.GU11447@shrubbery.net> Message-ID: <20061103235103.GA27155@gheek.net> John, I have noticed something rather wierd happening with my version. I have some devices listed as IP addresses in the router.db and the cvs diff that is emailed out shows there are all kinds of differences, including the ones for the VLAN, but if I use viewvc I do not see any of those particular differences. It is rather wierd. Maybe it is just my setup. -- -Lance On Fri, Nov 03, 2006 at 11:08:43PM +0000, john heasley wrote: > Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com: > > Here's an idea, > > > > It would seem that the IOS directive 'term width 0' just like the 'term > > length 0' prevents the paging. > > > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > > > I have 6509 with lots of vlan memberships that constantly change as > > ports link/unlink. > > Could you folks compare IOS versions? I've not seen this problem myself. > > [I fear what obscure IOS bugs 'term width 0' might reveal] From JJackson at aninetworks.com Sat Nov 4 00:15:07 2006 From: JJackson at aninetworks.com (Joseph Jackson) Date: Fri, 3 Nov 2006 16:15:07 -0800 Subject: [rancid] Re: [Fwd: corp config diffs] Message-ID: Haha that's kinda funny.. > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > John Dworske > Sent: Friday, November 03, 2006 4:07 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] [Fwd: corp config diffs] > > > > Anyone know why we get so many of these emails regarding > portvlancost .... > > Thanks, > John Dworske > From heas at shrubbery.net Sat Nov 4 02:09:00 2006 From: heas at shrubbery.net (john heasley) Date: Sat, 4 Nov 2006 02:09:00 +0000 Subject: [rancid] Re: folded lines In-Reply-To: <20061103235103.GA27155@gheek.net> References: <20061101153911.GA76209@viol8tr.com> <20061103230843.GU11447@shrubbery.net> <20061103235103.GA27155@gheek.net> Message-ID: <20061104020900.GE11447@shrubbery.net> you should look for cvs commit errors in the group's log file. Fri, Nov 03, 2006 at 03:51:03PM -0800, Lance Vermilion: > John, > > I have noticed something rather wierd happening with my version. I > have some devices listed as IP addresses in the router.db and the > cvs diff that is emailed out shows there are all kinds of differences, > including the ones for the VLAN, but if I use viewvc I do not see any > of those particular differences. It is rather wierd. Maybe it is just > my setup. > > -- > > -Lance > > On Fri, Nov 03, 2006 at 11:08:43PM +0000, john heasley wrote: > > Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com: > > > Here's an idea, > > > > > > It would seem that the IOS directive 'term width 0' just like the 'term > > > length 0' prevents the paging. > > > > > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > > > > > I have 6509 with lots of vlan memberships that constantly change as > > > ports link/unlink. > > > > Could you folks compare IOS versions? I've not seen this problem myself. > > > > [I fear what obscure IOS bugs 'term width 0' might reveal] > From faron.hopper at capgemini.com Sat Nov 4 03:10:05 2006 From: faron.hopper at capgemini.com (Hopper, Faron W.) Date: Fri, 3 Nov 2006 22:10:05 -0500 Subject: [rancid] show cdp neighbor Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681013E7C94@caonmastxm03.na.capgemini.com> I have need of having a record of the show cdp neighbor command in rancid/cvs. Is it as simple as adding @commandtable = ( {'show cdp neighbor detail' => 'ShowCdpDetail'}, Or is there more work to do? (* Note* I am not what you would call a programmer...I thought I was doing pretty good to find the file to update...*) Thanks in advance. Faron This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061103/dd2f297d/attachment.html From heas at shrubbery.net Sat Nov 4 09:08:10 2006 From: heas at shrubbery.net (john heasley) Date: Sat, 4 Nov 2006 09:08:10 +0000 Subject: [rancid] Re: [Fwd: corp config diffs] In-Reply-To: <454BD9AF.7040309@get.topica.com> References: <454BD9AF.7040309@get.topica.com> Message-ID: <20061104090810.GC18645@shrubbery.net> What is changing the port cost? VTP? Fri, Nov 03, 2006 at 04:07:11PM -0800, John Dworske: > > > Anyone know why we get so many of these emails regarding portvlancost .... > > Thanks, > John Dworske > From: Amar Parikh > To: sysadmin at get.topica.com > Subject: corp config diffs > Date: Fri, 3 Nov 2006 07:50:28 -0800 (PST) > > Why do we get so many of these? > > thx. > > > ---------- Forwarded message ---------- > Date: Thu, 2 Nov 2006 21:20:24 -0800 > From: rancid at malak.topica.com > To: rancid-corp-switches at malak.topica.com > Subject: corp-switches router config diffs > > Index: configs/sw2-sfo > =================================================================== > retrieving revision 1.99 > diff -u -4 -r1.99 sw2-sfo > @@ -642,10 +642,10 @@ > set trunk 2/46 auto dot1q 1-1005 > set trunk 2/47 auto dot1q 1-1005 > set trunk 2/48 auto dot1q 1-1005 > set spantree portfast 2/1-48 disable > - set spantree portcost 2/1,2/5-6,2/8-10,2/14,2/17,2/19,2/21-23,2/25-26,2/32,2/36-37 19 > - set spantree portcost 2/2-4,2/7,2/11-13,2/15-16,2/18,2/20,2/24,2/27-31,2/33-35,2/38-48 100 > + set spantree portcost 2/1,2/5-6,2/8-10,2/14,2/17,2/19,2/21-23,2/25-26,2/32,2/35-37 19 > + set spantree portcost 2/2-4,2/7,2/11-13,2/15-16,2/18,2/20,2/24,2/27-31,2/33-34,2/38-48 100 > set spantree portpri 2/1-48 32 > set spantree portvlanpri 2/1 0 > set spantree portvlanpri 2/2 0 > set spantree portvlanpri 2/3 0 > @@ -727,9 +727,9 @@ > set spantree portvlancost 2/31 cost 99 > set spantree portvlancost 2/32 cost 18 > set spantree portvlancost 2/33 cost 99 > set spantree portvlancost 2/34 cost 99 > - set spantree portvlancost 2/35 cost 99 > + set spantree portvlancost 2/35 cost 18 > set spantree portvlancost 2/36 cost 18 > set spantree portvlancost 2/37 cost 18 > set spantree portvlancost 2/38 cost 99 > set spantree portvlancost 2/39 cost 99 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From terry at tmk.com Sat Nov 4 09:08:51 2006 From: terry at tmk.com (Terry Kennedy) Date: Sat, 04 Nov 2006 04:08:51 -0500 (EST) Subject: [rancid] Re: [Fwd: corp config diffs] In-Reply-To: "Your message dated Sat, 04 Nov 2006 09:08:10 +0000" <20061104090810.GC18645@shrubbery.net> References: <454BD9AF.7040309@get.topica.com> Message-ID: <01M95FUEZZRG0000TY@tmk.com> > What is changing the port cost? VTP? On CatOS, this happens when the ports go up or down - the cost changes depending on whether the link is up. Terry Kennedy http://www.tmk.com terry at tmk.com New York, NY USA From teun at teun.tv Sat Nov 4 08:22:11 2006 From: teun at teun.tv (Teun Vink) Date: Sat, 4 Nov 2006 09:22:11 +0100 Subject: [rancid] Re: folded lines In-Reply-To: <20061103230843.GU11447@shrubbery.net> References: <20061101153911.GA76209@viol8tr.com> <20061103230843.GU11447@shrubbery.net> Message-ID: <49A894DF-33D6-4C83-A67A-DC8BE9D0C351@teun.tv> > [...] > Could you folks compare IOS versions? I've not seen this problem > myself. > > [I fear what obscure IOS bugs 'term width 0' might reveal] I've seen this happen as well on Cisco 6509's and 2970's with quite some vlans configured on a port. I've added a "term width 0" statement in the clogin code right after the "term length 0". I haven't received bogus config change messages since and also haven't seen anything out of the ordinary. I'll keep you posted. Teun From heas at shrubbery.net Sat Nov 4 19:26:22 2006 From: heas at shrubbery.net (john heasley) Date: Sat, 4 Nov 2006 19:26:22 +0000 Subject: [rancid] Re: [Fwd: corp config diffs] In-Reply-To: <01M95FUEZZRG0000TY@tmk.com> References: <454BD9AF.7040309@get.topica.com> <01M95FUEZZRG0000TY@tmk.com> Message-ID: <20061104192622.GC9543@shrubbery.net> Sat, Nov 04, 2006 at 04:08:51AM -0500, Terry Kennedy: > > What is changing the port cost? VTP? > > On CatOS, this happens when the ports go up or down - the cost changes > depending on whether the link is up. I'm not sure which is more silly, that the cost changes for a interface that can't forward or that something "automatically" changes user configuration knobs (I understand that the user didn't configure the cost here) and it is reflected in the configuration. Because it is user configurable, it can't really be filtered. From afort at choqolat.org Mon Nov 6 05:58:00 2006 From: afort at choqolat.org (Andrew Fort) Date: Sun, 5 Nov 2006 21:58:00 -0800 Subject: [rancid] Re: show cdp neighbor In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681013E7C94@caonmastxm03.na.capgemini.com> References: <0D9EF3454D8EFC4B8BFFD2B862941681013E7C94@caonmastxm03.na.capgemini.com> Message-ID: <7654d9d0611052158u55651eb3nb92ad5959e07738f@mail.gmail.com> On 11/3/06, Hopper, Faron W. wrote: > > I have need of having a record of the show cdp neighbor command in > rancid/cvs. Is it as simple as adding > > @commandtable = ( > > {'show cdp neighbor detail' => 'ShowCdpDetail'}, > > Or is there more work to do? (* Note* I am not what you would call a > programmer?I thought I was doing pretty good to find the file to update?*) Aaron, you'll also need to add a subroutine named 'ShowCdpDetail' that will parse the output of the 'show cdp nei detail' command to your liking. See the other parser routines in the relevant *rancid script for more detail. Regarding the arguments for ProcessHistory, you can leave them all blank, and it will place the new command output at one end of the comments (towards the end, if I recall correctly). By changing the argument that is usually of the form '[A-Z][0-9]' will move the output around within the comments section. Remember to prefix the line with a '!' in the processhistory call, so that the command output will appear as a comment. You will also need to use regular expressions to match the necessary fields you care about in the 'show cdp nei detail' output, as the detail includes the hold-time, which will change each time you run the command (causing a diff each time rancid runs, a situation you'd rather avoid). -andrew From afort at choqolat.org Mon Nov 6 06:01:40 2006 From: afort at choqolat.org (Andrew Fort) Date: Sun, 5 Nov 2006 22:01:40 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <20061101052828.GB17635@mitch.veggiechinese.net> References: <20061101052828.GB17635@mitch.veggiechinese.net> Message-ID: <7654d9d0611052201p1741afb8wd14d1b1f2cac334a@mail.gmail.com> On 10/31/06, William Yardley wrote: > Each time it runs, the version that gets committed flip-flops. Am I > missing something obvious? Does this occur if you just run it from cron? (i.e., you don't run rancid-run from your shell). If not, could this be due to TERM differences between cron and an interactive shell? -andrew From rancid at gheek.net Mon Nov 6 16:10:19 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 6 Nov 2006 08:10:19 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <20061104020900.GE11447@shrubbery.net> References: <20061101153911.GA76209@viol8tr.com> <20061103230843.GU11447@shrubbery.net> <20061103235103.GA27155@gheek.net> <20061104020900.GE11447@shrubbery.net> Message-ID: <20061106161019.GA87851@gheek.net> John, For some reason I never thought of looking there. Thank you for the no brainer. :-D I was missing a file it was looking for and it was dying on the cvs portion from there. I fixed and we are happy once again. :-D Thx. -- -Lance On Sat, Nov 04, 2006 at 02:09:00AM +0000, john heasley wrote: > you should look for cvs commit errors in the group's log file. > > Fri, Nov 03, 2006 at 03:51:03PM -0800, Lance Vermilion: > > John, > > > > I have noticed something rather wierd happening with my version. I > > have some devices listed as IP addresses in the router.db and the > > cvs diff that is emailed out shows there are all kinds of differences, > > including the ones for the VLAN, but if I use viewvc I do not see any > > of those particular differences. It is rather wierd. Maybe it is just > > my setup. > > > > -- > > > > -Lance > > > > On Fri, Nov 03, 2006 at 11:08:43PM +0000, john heasley wrote: > > > Wed, Nov 01, 2006 at 01:12:53PM -0500, chen_daniel at emc.com: > > > > Here's an idea, > > > > > > > > It would seem that the IOS directive 'term width 0' just like the 'term > > > > length 0' prevents the paging. > > > > > > > > Ooh, time to change the 'clogin' code near the 'term length 0' section. > > > > > > > > I have 6509 with lots of vlan memberships that constantly change as > > > > ports link/unlink. > > > > > > Could you folks compare IOS versions? I've not seen this problem myself. > > > > > > [I fear what obscure IOS bugs 'term width 0' might reveal] > > From rancid at gheek.net Mon Nov 6 16:11:48 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 6 Nov 2006 08:11:48 -0800 Subject: [rancid] Re: folded lines In-Reply-To: <7654d9d0611052201p1741afb8wd14d1b1f2cac334a@mail.gmail.com> References: <20061101052828.GB17635@mitch.veggiechinese.net> <7654d9d0611052201p1741afb8wd14d1b1f2cac334a@mail.gmail.com> Message-ID: <20061106161148.GB87851@gheek.net> Mine doesn't differ between interactive and non interactive. Lets see if there is a difference since I fixed my CVS issues I had. -- -Lance On Sun, Nov 05, 2006 at 10:01:40PM -0800, Andrew Fort wrote: > On 10/31/06, William Yardley wrote: > > Each time it runs, the version that gets committed flip-flops. Am I > > missing something obvious? > > Does this occur if you just run it from cron? (i.e., you don't run > rancid-run from your shell). If not, could this be due to TERM > differences between cron and an interactive shell? > > -andrew > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at veggiechinese.net Tue Nov 7 22:44:27 2006 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 7 Nov 2006 14:44:27 -0800 Subject: [rancid] PIX - pager and shun? Message-ID: <20061107224427.GA11480@mitch.veggiechinese.net> I noticed the following comment in clogin: # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. I don't know which version that's based on, but with version 6.3(5), you can do: # no pager to disable paging. I'm pretty sure that Extreme can disable this with "disable clipaging", and this has even been pointed out on the rancid list. http://www.shrubbery.net/pipermail/rancid-discuss/2005-January.txt On an unrelated note, is there any (easy) way to get Rancid to keep track of the shun list (sh shun) on a PIX, or would I have to make the necessary changes myself? If the latter, would there be interest in such a feature? w From seansettle.lists at gmail.com Tue Nov 7 23:00:18 2006 From: seansettle.lists at gmail.com (List Sink) Date: Tue, 7 Nov 2006 16:00:18 -0700 Subject: [rancid] Re: PIX - pager and shun? In-Reply-To: <20061107224427.GA11480@mitch.veggiechinese.net> References: <20061107224427.GA11480@mitch.veggiechinese.net> Message-ID: I beleive you can also do 'pager 0' to disable the pager as well. On 11/7/06, William Yardley wrote: > > I noticed the following comment in clogin: > > # the pager can not be turned off on the PIX, so we have to look > # for the "More" prompt. > > I don't know which version that's based on, but with version 6.3(5), you > can do: > > # no pager > > to disable paging. > > I'm pretty sure that Extreme can disable this with "disable clipaging", > and this has even been pointed out on the rancid list. > http://www.shrubbery.net/pipermail/rancid-discuss/2005-January.txt > > On an unrelated note, is there any (easy) way to get Rancid to keep > track of the shun list (sh shun) on a PIX, or would I have to make the > necessary changes myself? If the latter, would there be interest in such > a feature? > > w > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061107/2a4ec049/attachment.html From heas at shrubbery.net Wed Nov 8 01:54:37 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 7 Nov 2006 17:54:37 -0800 Subject: [rancid] Re: PIX - pager and shun? In-Reply-To: References: <20061107224427.GA11480@mitch.veggiechinese.net> Message-ID: <20061108015437.GJ14892@shrubbery.net> afaik, both are global knobs, rather than affecting just the current tty. Tue, Nov 07, 2006 at 04:00:18PM -0700, List Sink: > I beleive you can also do 'pager 0' to disable the pager as well. > > On 11/7/06, William Yardley wrote: > > > >I noticed the following comment in clogin: > > > ># the pager can not be turned off on the PIX, so we have to look > ># for the "More" prompt. > > > >I don't know which version that's based on, but with version 6.3(5), you > >can do: > > > ># no pager > > > >to disable paging. > > > >I'm pretty sure that Extreme can disable this with "disable clipaging", > >and this has even been pointed out on the rancid list. > >http://www.shrubbery.net/pipermail/rancid-discuss/2005-January.txt > > > >On an unrelated note, is there any (easy) way to get Rancid to keep > >track of the shun list (sh shun) on a PIX, or would I have to make the > >necessary changes myself? If the latter, would there be interest in such > >a feature? > > > >w > >_______________________________________________ > >Rancid-discuss mailing list > >Rancid-discuss at shrubbery.net > >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From geecla at mail.nih.gov Wed Nov 8 14:06:01 2006 From: geecla at mail.nih.gov (Gee-clough, Aaron (NIH/CIT) [C]) Date: Wed, 8 Nov 2006 09:06:01 -0500 Subject: [rancid] Re: PIX - pager and shun? In-Reply-To: <20061108015437.GJ14892@shrubbery.net> Message-ID: <574EDBCEEAD4F84C8DBBE177B7AC8CD123E3D5@NIHCESMLBX3.nih.gov> Yes, "pager 0" is a configuration setting that will be saved, so using that would cause Rancid to change the PIXs configuration (which I would rather it not do, personally). However, starting in PIX 7 there is a new option, "term length", which is session-specific. So, you can now set "term length 0" to disable the pager for just that tty (but only for PIXOS > 7). I have no idea if that command would lead to something surprising on other Cisco products, though. As for shuns, the problem with shuns is that they're not saved as part of the config. If you reload a PIX with shun settings, the shuns do not come back with the rest of the config. You could, theoretically, add "show shun" in clogin, but you'll get all sorts of odd changes when the firewall reloads, since they'll all go away. aaron ------------------ Aaron Gee-Clough CIT/DNST/NEB/NSS Contractor. Geek. > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Tuesday, November 07, 2006 8:55 PM > To: List Sink > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: PIX - pager and shun? > > afaik, both are global knobs, rather than affecting just the > current tty. > > Tue, Nov 07, 2006 at 04:00:18PM -0700, List Sink: > > I beleive you can also do 'pager 0' to disable the pager as well. > > > > On 11/7/06, William Yardley wrote: > > > > > >I noticed the following comment in clogin: > > > > > ># the pager can not be turned off on the PIX, so we have to look > > ># for the "More" prompt. > > > > > >I don't know which version that's based on, but with > version 6.3(5), you > > >can do: > > > > > ># no pager > > > > > >to disable paging. > > > > > >I'm pretty sure that Extreme can disable this with > "disable clipaging", > > >and this has even been pointed out on the rancid list. > > >http://www.shrubbery.net/pipermail/rancid-discuss/2005-January.txt > > > > > >On an unrelated note, is there any (easy) way to get Rancid to keep > > >track of the shun list (sh shun) on a PIX, or would I have > to make the > > >necessary changes myself? If the latter, would there be > interest in such > > >a feature? > > > > > >w > > >_______________________________________________ > > >Rancid-discuss mailing list > > >Rancid-discuss at shrubbery.net > > >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From sbarnard at govolution.com Fri Nov 10 20:53:54 2006 From: sbarnard at govolution.com (Sam Barnard) Date: Fri, 10 Nov 2006 15:53:54 -0500 Subject: [rancid] config fetcher problems - networking Message-ID: <07664A0F5A117444952626897EDA77237E82C2@hardrock.govolution.com> I get this for my secondary firewall, however I do not get the same message for the primary firewall in the same network. Both are Netscreen 204s with a 5.0 screen OS. The rancid user is a tacacs user and is using the same login information on all. Besides a different IP and hostname there really should not be any differences between the firewalls. Any ideas as to what causes this. I can login as rancid to the box and dump the config manually using "get conf". Is there a setting either on the netscreen or in rancid. This firewall is currently a slave to the one that works just fine. Thanks, Sam Barnard Systems Administrator/Engineer Govolution LLC (703) 894-5000 x 5703 sbarnard at govolution.com -----Original Message----- From: Networking Backups [mailto:rancid at mail.velocitypayment.com] Sent: Friday, November 10, 2006 1:09 AM To: rancid-networking at mail.velocitypayment.com Subject: config fetcher problems - networking The following routers have not been successfully contacted for more than 4 hours. -rw-r----- 1 rancid netadm 0 Oct 18 01:01 From heas at shrubbery.net Sat Nov 11 05:25:09 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 10 Nov 2006 21:25:09 -0800 Subject: [rancid] Re: PIX - pager and shun? In-Reply-To: <574EDBCEEAD4F84C8DBBE177B7AC8CD123E3D5@NIHCESMLBX3.nih.gov> References: <20061108015437.GJ14892@shrubbery.net> <574EDBCEEAD4F84C8DBBE177B7AC8CD123E3D5@NIHCESMLBX3.nih.gov> Message-ID: <20061111052509.GC19216@shrubbery.net> Wed, Nov 08, 2006 at 09:06:01AM -0500, Gee-clough, Aaron (NIH/CIT) [C]: > Yes, "pager 0" is a configuration setting that will be saved, so using > that would cause Rancid to change the PIXs configuration (which I would > rather it not do, personally). However, starting in PIX 7 there is a > new option, "term length", which is session-specific. So, you can now > set "term length 0" to disable the pager for just that tty (but only for > PIXOS > 7). I have no idea if that command would lead to something > surprising on other Cisco products, though. clogin will send 'term length 0', its was just an error up to now. :) > As for shuns, the problem with shuns is that they're not saved as part > of the config. If you reload a PIX with shun settings, the shuns do not > come back with the rest of the config. You could, theoretically, add > "show shun" in clogin, but you'll get all sorts of odd changes when the > firewall reloads, since they'll all go away. Thanks Aaron. From eravin at panix.com Tue Nov 14 16:56:42 2006 From: eravin at panix.com (Ed Ravin) Date: Tue, 14 Nov 2006 11:56:42 -0500 Subject: [rancid] 7513 CBUS mash-up provoked by RANCID Message-ID: <20061114165642.GB13731@panix.com> This morning's RANCID run against our 7513 showed that all our interfaces in slot 0 were no longer in the config, as if they'd been pulled out. The router logs show: .Nov 14 10:13:23 EST: %DBUS-3-DBUSINTERR: Slot 0, Internal Error .Nov 14 10:13:23 EST: %LB-5-CHAN_MEMBER_OUT: FastEthernet0/0/0 taken out of Port-channel1 .Nov 14 10:13:23 EST: %LB-5-CHAN_MEMBER_OUT: FastEthernet0/0/0 taken out of Port-channel1 .Nov 14 10:13:59 EST: %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0xF800FFA0, slot 8, cmd code 2 Nov 14 10:13:25 166.84.143.9/166.84.143.9 21384: .Nov 14 10:13:23 EST: %DBUS-3-DBUSINTERR: Slot 0, Internal Error -Traceback= 4032C744 404B1A5C 404B2330 404A962C 404B83B4 401A1E44 401A0A14 401A48DC 401A57A4 401A8290 4039BD64 404A0DEC 404AF9E0 404B0020 404A17FC .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (61 0x00000008) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000060) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-ADDRFILTR: Interface FastEthernet8/1/0, address filter write command failed, code 0x8010 -Traceback= 4032C744 404B7844 404B8044 404B83BC 401A1E44 401A0A14 401A48DC 401A57A4 401A8290 4039BD64 404A0DEC 404AF9E0 404B0020 404A17FC .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x0000FFFF) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000060) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x0000FFFF) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %CBUS-3-CCBCMDFAIL1: Controller 8, cmd (36 0x00000100) failed (0x8010) .Nov 14 10:13:59 EST: %LB-5-CHAN_MEMBER_IN: FastEthernet0/0/0 added as member-2 to Port-channel1 .Nov 14 10:13:59 EST: %LB-5-CHAN_MEMBER_OUT: FastEthernet8/1/0 taken out of Port-channel1 .Nov 14 10:13:59 EST: %LB-5-CHAN_MEMBER_OUT: FastEthernet8/1/0 taken out of Port-channel1 .Nov 14 10:13:59 EST: %SYS-3-CPUHOG: Task ran for 10828 msec (257/150), process = OIR Handler, PC = 404A158C. -Traceback= 404A1594 And then a few moments later: .Nov 14 10:14:59 EST: %DBUS-3-WEDGED: Line card in slot 8 is wedged .Nov 14 10:15:37 EST: %LB-5-CHAN_MEMBER_IN: FastEthernet8/1/0 added as member-2 to Port-channel1 .Nov 14 10:15:37 EST: %SYS-3-CPUHOG: Task ran for 11732 msec (52/14), process = OIR Handler, PC = 404A158C. -Traceback= 404A1594 And the router seems to have found its slot again. I looked at the router config, and the slot 0 devices are back in there. As near as I can tell, one of RANCID's diagnostic commands provoked the CBUS stall, and when RANCID subsequently read the config, pieces of it were missing since the router was still trying to figure out which hardware was working and which wasn't. Has anyone else seen a 7500 router react this way to RANCID probes? From jsherrill at currentcomm.net Fri Nov 17 16:55:14 2006 From: jsherrill at currentcomm.net (Sherrill, Justin) Date: Fri, 17 Nov 2006 11:55:14 -0500 Subject: [rancid] 'out of band' access script changes? Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACB16@rocexch01.currentcomm.com> I tried applying the patch that Ed Ravin posted: http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html And trying it as mentioned here, to reach a device on a separate network: http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001551.html (in .clogin) add method 192.168.19.10 {usercmd} add usercmd 192.168.19.10 {clogin} {-c} {telnet 172.21.121.18} {192.168.19.10} (at the command line) $ ./bin/clogin -c 'show version' 192.168.19.10 192.168.19.10 spawn clogin -c telnet 172.21.121.18 192.168.19.10 192.168.19.10 Error: unknown connection method: usercmd Error: Couldn't login: 192.168.19.10 If I typoed it, I'm not familiar enough with expect to see the error right off the bat. Is there a more recent version of the patch, or did I mess up something in a more basic fashion? ----------------------------------------- Justin C. Sherrill - CURRENT Communications 220 Kenneth Drive Rochester, New York 14623 P: 585.486.0549 F: 585.486.0030 ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. From eravin at panix.com Fri Nov 17 17:37:29 2006 From: eravin at panix.com (Ed Ravin) Date: Fri, 17 Nov 2006 12:37:29 -0500 Subject: [rancid] Re: 'out of band' access script changes? In-Reply-To: <7D3405B5488C0648B39948C26AE91A9B028ACB16@rocexch01.currentcomm.com> References: <7D3405B5488C0648B39948C26AE91A9B028ACB16@rocexch01.currentcomm.com> Message-ID: <20061117173729.GA28799@panix.com> On Fri, Nov 17, 2006 at 11:55:14AM -0500, Sherrill, Justin wrote: > I tried applying the patch that Ed Ravin posted: > http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html I thought I heard a noise on the FTP server... > And trying it as mentioned here, to reach a device on a separate > network: > > http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001551.html > > (in .clogin) > add method 192.168.19.10 {usercmd} > add usercmd 192.168.19.10 {clogin} {-c} {telnet 172.21.121.18} > {192.168.19.10} > > (at the command line) > $ ./bin/clogin -c 'show version' 192.168.19.10 > 192.168.19.10 > spawn clogin -c telnet 172.21.121.18 192.168.19.10 > 192.168.19.10 > > Error: unknown connection method: usercmd Sounds like something went wrong with the application of the patch. Send me the unpatched and patched version of clogin (off-list, please) and I'll take a look at it. From eravin at panix.com Sun Nov 19 05:26:51 2006 From: eravin at panix.com (Ed Ravin) Date: Sun, 19 Nov 2006 00:26:51 -0500 Subject: [rancid] Re: 'out of band' access script changes? In-Reply-To: <20061117173729.GA28799@panix.com> References: <7D3405B5488C0648B39948C26AE91A9B028ACB16@rocexch01.currentcomm.com> <20061117173729.GA28799@panix.com> Message-ID: <20061119052651.GA24225@panix.com> On Fri, Nov 17, 2006 at 11:55:14AM -0500, Sherrill, Justin wrote: > I tried applying the patch that Ed Ravin posted: > http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html > > And trying it as mentioned here, to reach a device on a separate > network: > > http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001551.html > > (in .clogin) > add method 192.168.19.10 {usercmd} > add usercmd 192.168.19.10 {clogin} {-c} {telnet 172.21.121.18} > {192.168.19.10} > > (at the command line) > $ ./bin/clogin -c 'show version' 192.168.19.10 > 192.168.19.10 > spawn clogin -c telnet 172.21.121.18 192.168.19.10 > 192.168.19.10 > > Error: unknown connection method: usercmd You didn't make any mistakes with the patches. It's your cloginrc - you are using the same router IP (192.168.19.10) for the first and second hop. clogin thinks the way to get to 192.168.19.10 is to first log into 192.168.19.10 and then telnet to 172.21.121.18, which makes no sense. Since you're calling the unpatched clogin on the second hop, it sees the "usercmd" stuff defined for 192.168.19.10 and aborts. You probably wanted to say that the route to 172.21.121.18 is via logging into 192.168.19.10 and then issuing the telnet command, like this: add method 172.21.121.18 {usercmd} add usercmd 172.21.121.18 {clogin} {-noenable} {-c} {telnet 192.168.19.10} add method 192.168.19.10 {telnet} add password 192.168.19.10 {xxx} {yyy} The mistake would have been obvious if you had called the patched clogin in the "usercmd" - it would have understood "usercmd" and started a recursive infinite loop of clogins. Let me know if you run into any more trouble with the patch. -- Ed From jsherrill at currentcomm.net Mon Nov 20 20:33:22 2006 From: jsherrill at currentcomm.net (Sherrill, Justin) Date: Mon, 20 Nov 2006 15:33:22 -0500 Subject: [rancid] Re: 'out of band' access script changes? Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACB22@rocexch01.currentcomm.com> Going by your example, it doesn't work, as the spawned process doesn't get a target router passed to it: (192.168.248.1 is the 'gateway' router, and 192.168.249.11 is the remote router that can only be reached through the gateway.) $ ./bin/clogin -c 'show vers' 192.168.249.11 router: 192.168.249.11 spawn clogin -noenable -c telnet 192.168.248.1 No routers listed error : Usage: [snip...] As I understand it, the usercmd option that's been patched in supplies a new connection method for whatever server's being accessed, so I tried constructing this line: add usercmd 192.168.249.11 {cmtslogin} {-c} {telnet 192.168.249.11} {192.168.248.1} Am I correct in that this should say "Connect to 192.168.248.1 and issue 'telnet 192.168.249.11', in order to connect to 192.168.249.11"? It works in that it eventually connects to the remote device, but the two connections seem to spawn and run in parallel - i.e. I see the username and password for the second device getting printed out while the first device is being logged into. Has anyone done this in practice? I'm wondering if I'm just syntax-impaired. ----------------------------------------- Justin C. Sherrill - CURRENT Communications 220 Kenneth Drive Rochester, New York 14623 P: 585.486.0549 F: 585.486.0030 -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Sunday, November 19, 2006 12:27 AM To: Sherrill, Justin Cc: rancid-discuss at shrubbery.net Subject: Re: 'out of band' access script changes? On Fri, Nov 17, 2006 at 11:55:14AM -0500, Sherrill, Justin wrote: > I tried applying the patch that Ed Ravin posted: > http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html > > And trying it as mentioned here, to reach a device on a separate > network: > > http://www.shrubbery.net/pipermail/rancid-discuss/2006-June/001551.html > > (in .clogin) > add method 192.168.19.10 {usercmd} > add usercmd 192.168.19.10 {clogin} {-c} {telnet 172.21.121.18} > {192.168.19.10} > > (at the command line) > $ ./bin/clogin -c 'show version' 192.168.19.10 > 192.168.19.10 > spawn clogin -c telnet 172.21.121.18 192.168.19.10 > 192.168.19.10 > > Error: unknown connection method: usercmd You didn't make any mistakes with the patches. It's your cloginrc - you are using the same router IP (192.168.19.10) for the first and second hop. clogin thinks the way to get to 192.168.19.10 is to first log into 192.168.19.10 and then telnet to 172.21.121.18, which makes no sense. Since you're calling the unpatched clogin on the second hop, it sees the "usercmd" stuff defined for 192.168.19.10 and aborts. You probably wanted to say that the route to 172.21.121.18 is via logging into 192.168.19.10 and then issuing the telnet command, like this: add method 172.21.121.18 {usercmd} add usercmd 172.21.121.18 {clogin} {-noenable} {-c} {telnet 192.168.19.10} add method 192.168.19.10 {telnet} add password 192.168.19.10 {xxx} {yyy} The mistake would have been obvious if you had called the patched clogin in the "usercmd" - it would have understood "usercmd" and started a recursive infinite loop of clogins. Let me know if you run into any more trouble with the patch. -- Ed ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. From eravin at panix.com Mon Nov 20 21:40:00 2006 From: eravin at panix.com (Ed Ravin) Date: Mon, 20 Nov 2006 16:40:00 -0500 Subject: [rancid] Re: 'out of band' access script changes? In-Reply-To: <7D3405B5488C0648B39948C26AE91A9B028ACB22@rocexch01.currentcomm.com> References: <7D3405B5488C0648B39948C26AE91A9B028ACB22@rocexch01.currentcomm.com> Message-ID: <20061120213959.GA12807@panix.com> On Mon, Nov 20, 2006 at 03:33:22PM -0500, Sherrill, Justin wrote: > Going by your example, it doesn't work, as the spawned process doesn't > get a target router passed to it Yes, I forgot the router argument won't get automatically generated as it normally does for clogin. But I see you figured that out already... > As I understand it, the usercmd option that's been patched in supplies a > new connection method for whatever server's being accessed, so I tried > constructing this line: > > add usercmd 192.168.249.11 {cmtslogin} {-c} {telnet 192.168.249.11} > {192.168.248.1} > > Am I correct in that this should say "Connect to 192.168.248.1 and issue > 'telnet 192.168.249.11', in order to connect to 192.168.249.11"? > > It works in that it eventually connects to the remote device, but the > two connections seem to spawn and run in parallel - i.e. I see the > username and password for the second device getting printed out while > the first device is being logged into. > > Has anyone done this in practice? I'm wondering if I'm just > syntax-impaired. As far as I know, you're the first one to chain clogins together like this. It's been only an academic discussion until now. :-) I'm guessing that clogin#1 sees the login dialogue of clogin#2 logging into the gateway router, and thinks that is the login prompt of the far-end device. To fix that, we need some way for the patched clogin to detect that you've gotten past the telnet command of clogin#1. The usercmd_chat feature should work for that. Maybe if you match the first Cisco's telnet command, like this: add usercmd_chat 192.168.249.11 {Trying.*192.168.249.11} {} This waits for the "Trying" message Cisco's telnet command prints just before connecting, and sends an empty string, then exits chat mode and returns to the normal clogin login prompt detection stuff. If that fails, run the clogins with debug options and see if you can find some output just before the far-end router's Username: prompt to match. If the far-end router has a login banner that is distinct from that sent by the gateway router, you could try matching on that. -- Ed From arnold at nipper.de Mon Nov 20 21:55:57 2006 From: arnold at nipper.de (Arnold Nipper) Date: Mon, 20 Nov 2006 22:55:57 +0100 Subject: [rancid] Is there a f10login? Message-ID: <4562246D.7050201@nipper.de> While I found a f10rancid, I miss a f10login. clogin does work almost all of the time, but bales when using multi-line commands like clogin -c"conf term\ninterface Gi0/0\ndescription blabla\end" f10box The f10box simply removes all "\n" ... Arnold From heas at shrubbery.net Tue Nov 21 03:42:10 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 20 Nov 2006 19:42:10 -0800 Subject: [rancid] Re: Is there a f10login? In-Reply-To: <4562246D.7050201@nipper.de> References: <4562246D.7050201@nipper.de> Message-ID: <20061121034210.GI5468@shrubbery.net> Mon, Nov 20, 2006 at 10:55:57PM +0100, Arnold Nipper: > While I found a f10rancid, I miss a f10login. clogin does work almost > all of the time, but bales when using multi-line commands like > > clogin -c"conf term\ninterface Gi0/0\ndescription blabla\end" f10box > > The f10box simply removes all "\n" ... try \r From eravin at panix.com Tue Nov 21 15:13:36 2006 From: eravin at panix.com (Ed Ravin) Date: Tue, 21 Nov 2006 10:13:36 -0500 Subject: [rancid] router scripting question Message-ID: <20061121151336.GA11763@panix.com> I need a script to dig information out of a Cisco router for a particular ATM VC. The end user will supply the DSL customer's username, and the script would then run "show users", dig out the username and corresponding virtual-interface, run "show interface" to dig out the corresponding ATM VC, and then run some diagnostic commands (like OAM ping, or look at the interface counters). Has anyone written a script like this that does two or three steps of digging and extracting information? I haven't done much coding with Expect and would like to start with a working example. Thanks, -- Ed From jsherrill at currentcomm.net Tue Nov 21 15:59:44 2006 From: jsherrill at currentcomm.net (Sherrill, Justin) Date: Tue, 21 Nov 2006 10:59:44 -0500 Subject: [rancid] Re: 'out of band' access script changes? Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACB24@rocexch01.currentcomm.com> Looking at the debug output, the command never enters the login information at the right time. ('user' is the username for the second device.) User Access Verification Username: % User Access Verification Username: timeout expired! User Access Verification user user Username: I think the first clogin process is holding the output that contains the Username: prompt, so the second spawned process doesn't see the prompt and continue until there's an initial timeout and the first process kicks out the output so far and the error message. When that happens, the second script prints out the username twice, since it sees "Username:" twice, but the prompt isn't there for it yet. The overlay command looks like it may be a solution, but a few seconds of fiddling haven't produced a working example for me yet. I'd gladly send a (six-pack|batch of cookies) of choice to someone who could make this work. ----------------------------------------- Justin C. Sherrill - CURRENT Communications 220 Kenneth Drive Rochester, New York 14623 P: 585.486.0549 F: 585.486.0030 -----Original Message----- From: Ed Ravin [mailto:eravin at panix.com] Sent: Monday, November 20, 2006 4:40 PM To: Sherrill, Justin Cc: rancid-discuss at shrubbery.net Subject: Re: 'out of band' access script changes? On Mon, Nov 20, 2006 at 03:33:22PM -0500, Sherrill, Justin wrote: > Going by your example, it doesn't work, as the spawned process doesn't > get a target router passed to it Yes, I forgot the router argument won't get automatically generated as it normally does for clogin. But I see you figured that out already... > As I understand it, the usercmd option that's been patched in supplies a > new connection method for whatever server's being accessed, so I tried > constructing this line: > > add usercmd 192.168.249.11 {cmtslogin} {-c} {telnet 192.168.249.11} > {192.168.248.1} > > Am I correct in that this should say "Connect to 192.168.248.1 and issue > 'telnet 192.168.249.11', in order to connect to 192.168.249.11"? > > It works in that it eventually connects to the remote device, but the > two connections seem to spawn and run in parallel - i.e. I see the > username and password for the second device getting printed out while > the first device is being logged into. > > Has anyone done this in practice? I'm wondering if I'm just > syntax-impaired. As far as I know, you're the first one to chain clogins together like this. It's been only an academic discussion until now. :-) I'm guessing that clogin#1 sees the login dialogue of clogin#2 logging into the gateway router, and thinks that is the login prompt of the far-end device. To fix that, we need some way for the patched clogin to detect that you've gotten past the telnet command of clogin#1. The usercmd_chat feature should work for that. Maybe if you match the first Cisco's telnet command, like this: add usercmd_chat 192.168.249.11 {Trying.*192.168.249.11} {} This waits for the "Trying" message Cisco's telnet command prints just before connecting, and sends an empty string, then exits chat mode and returns to the normal clogin login prompt detection stuff. If that fails, run the clogins with debug options and see if you can find some output just before the far-end router's Username: prompt to match. If the far-end router has a login banner that is distinct from that sent by the gateway router, you could try matching on that. -- Ed ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. From eravin at panix.com Wed Nov 22 06:09:13 2006 From: eravin at panix.com (Ed Ravin) Date: Wed, 22 Nov 2006 01:09:13 -0500 Subject: [rancid] Re: 'out of band' access script changes? In-Reply-To: <7D3405B5488C0648B39948C26AE91A9B028ACB24@rocexch01.currentcomm.com> References: <7D3405B5488C0648B39948C26AE91A9B028ACB24@rocexch01.currentcomm.com> Message-ID: <20061122060913.GA22469@panix.com> On Tue, Nov 21, 2006 at 10:59:44AM -0500, Sherrill, Justin wrote: > Looking at the debug output, the command never enters the login > information at the right time. [...] OK, you convinced me to climb out of the ivory tower and get my hands dirty. It looks like the second clogin isn't passing through the output of the gateway router back to the first clogin in a timely manner. Here's a fix using the "interact" command of Expect (which explicitly enables a "pass-through" mode to the user) and clogin's handy-dandy scripting features: First, create a file called "far-router.exp", containing these two lines: send "telnet far-router\r" interact Then, add entries like these to your cloginrc: add method gateway-router telnet add user gateway-router rancid add password gateway-router {mumble} add method far-router {usercmd} add usercmd far-router {clogin} {-noenable} {-s} {far-router.exp} {gateway-router} add user far-router rancid add password far-router {mumble} {grumble} add usercmd_chat far-router {Trying.*Open} {} {User Access Verification} {} It worked for me even without the "usercmd_chat" in cloginrc, but it won't hurt since it'll always make sure you're logging in to the second router. Note that clogin will not exit right away after running your commands. It will sit on the gateway router's prompt for 30 seconds or so and then time out. That's normal for the usercmd stuff, since I didn't add any mechanism for closing the "gateway" session after the far-end router is disconnected. This hasn't been a problem for my use of it - clogin runs out of a batch script, and I don't really care if the script takes an extra 30 seconds to exit. But I suppose I could add something like "usercmd_exit_chat" to handle it if needed. -- Ed From eravin at panix.com Wed Nov 22 14:42:26 2006 From: eravin at panix.com (Ed Ravin) Date: Wed, 22 Nov 2006 09:42:26 -0500 Subject: [rancid] Re: 'out of band' access script changes? In-Reply-To: <20061122060913.GA22469@panix.com> References: <7D3405B5488C0648B39948C26AE91A9B028ACB24@rocexch01.currentcomm.com> <20061122060913.GA22469@panix.com> Message-ID: <20061122144226.GB22668@panix.com> On Wed, Nov 22, 2006 at 01:09:13AM -0500, Ed Ravin wrote: > OK, you convinced me to climb out of the ivory tower and get my hands > dirty. It looks like the second clogin isn't passing through the output > of the gateway router back to the first clogin in a timely manner. > Here's a fix using the "interact" command of Expect (which explicitly > enables a "pass-through" mode to the user) and clogin's handy-dandy > scripting features: Oh, sheesh, I forgot clogin will automatically invoke the "interact" command if you don't give it any options. So there's no need for the "-s" option and the script file. Try the configuration below in cloginrc, this worked in my tests: add method gateway-router telnet add user gateway-router rancid add password gateway-router {mumble} add method far-router {usercmd} add user far-router rancid add password far-router {mumble} {grumble} add usercmd far-router {clogin} {-noenable} {gateway-router} add usercmd_chat far-router {>} {telnet far-router\r} {User Access Verification} {} Now, the usercmd_chat dialogue does all the dirty work - wait for the gateway router's prompt, send the telnet command, wait for some evidence that there's a Cisco answering on the other side, then a null send (the usercmd_chat requires expect-send pairs) and let clogin do what it knows how to do. You might want to change "{>}" to something that more specifically matches the gateway router's command line prompt, like "{Gateway>}", especially if you have any ">" characters in the router's login banner message. -- Ed From vchopov at digifonica.com Wed Nov 22 17:01:50 2006 From: vchopov at digifonica.com (Valentin Chopov) Date: Wed, 22 Nov 2006 09:01:50 -0800 Subject: [rancid] simle solution for SVN with URI Message-ID: <4564827E.7070609@digifonica.com> Hi all, This is my first post here. 1. I added this in my rancid.conf : CVSROOT=https:///cisco RCSSYS=svn; export RCSSYS 2. Manualy on my I run: svnadmin create /cisco 3. Applied this small patch to rancid-cvs: --- cut here --- *** rancid-cvs.original Tue Nov 21 15:55:05 2006 --- rancid-cvs Tue Nov 21 16:00:39 2006 *************** *** 49,56 **** if [ ! -d $CVSROOT ]; then if [ $RCSSYS = cvs ]; then cvs -d $CVSROOT init ! else ! svnadmin create $CVSROOT fi fi --- 49,56 ---- if [ ! -d $CVSROOT ]; then if [ $RCSSYS = cvs ]; then cvs -d $CVSROOT init ! # else ! # svnadmin create $CVSROOT fi fi *************** *** 81,89 **** cd $BASEDIR cvs checkout $GROUP else ! svn import -m "$GROUP" . file://$CVSROOT/$GROUP cd $BASEDIR ! svn checkout file://$CVSROOT/$GROUP $GROUP fi fi cd $DIR --- 81,89 ---- cd $BASEDIR cvs checkout $GROUP else ! svn import -m "$GROUP" . $CVSROOT/$GROUP cd $BASEDIR ! svn checkout $CVSROOT/$GROUP $GROUP fi fi cd $DIR --- cut here --- 4. Everything else is according to the rancid docs. I had a small problem and I hat do run manually "svn update" once but after that everythings looks ok. BTW, I'm running rancid-2.3.2a5 on FreeBSD 6.1 Thanks, Val -- Valentin S. Chopov, CC[NDS]P Senior Systems Administrator Digifonica Canada Limited (604) 628-8900 ext. 0058 From Johan.Bergstrom at tietoenator.com Thu Nov 23 07:22:09 2006 From: Johan.Bergstrom at tietoenator.com (Johan =?ISO-8859-1?Q?Bergstr=F6m?=) Date: Thu, 23 Nov 2006 08:22:09 +0100 Subject: [rancid] VTP Message-ID: <1164266529.3451.3.camel@satyr.eu.tieto.com> Why doesn't rancid pick out vtp information and save it ? It would definitely be useful, since I have quite a large network and it would be easier to be able to tell my co-workers who aren't very used to playing around with communication devices just to "download" a configuration file from the rancid cvs archive and copy&paste if they need to replace the supervisor card. But as it is today, they have to type in the vtp commands separately. Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of 6500s too. Johan From stsimb at irc.gr Fri Nov 24 10:40:29 2006 From: stsimb at irc.gr (Sotiris Tsimbonis) Date: Fri, 24 Nov 2006 12:40:29 +0200 Subject: [rancid] Re: SSH Proto 1 In-Reply-To: <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com> References: <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <4566CC1D.7000406@irc.gr> Ian Lists said the following on 24/10/2006 9:53 ??: > I have seen some postings online to use the "add sshcmd" line in my .cloginrc file to enable ssh protocol 1 for a device. I don't see this as one of the avaliable options in the sample .cloginrc file and it didn't seem to work for me anyway. Could someone give me some tips on getting the ssh "-1" flag to work? Use a tiny wrapper for ssh :-) $ cat ssh1 #!/bin/sh exec ssh -1 $@ ############### in .cloginrc put the following add sshcmd hostname ssh1 Cheers, Sotiris. From Atle.Ostbo at tdcsong.no Fri Nov 24 12:56:50 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Fri, 24 Nov 2006 13:56:50 +0100 Subject: [rancid] Possible to use different password in .cloginrc Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F3459@NO-SVG1EX01.nordiclan.net> Hi I have installed the rancid-2.3.2a5.tar.gz on an Linux RedHat server. Most of our cpe and core routeres/switches have configured tacacs, but there is several of them that use login/enable password to get access to the configuration. Are the possible to set up some roule to use the tacacs login first, if that failed - then go to next match in the .cloginrc file. Example: # Most of the routers have tacacs login - try with that first add user *.no.sn.net auto add password *.no.sn.net {rancid!} add autoenable *.no.sn.net 1 #If login failed - try login/enable password add password *.no.sn.net {differentyou} {v8motor} add autoenable*.no.sn.net 0 I have used some time to search the web for some solution for this, but I have not get any match. If you have some tips how I should do this - please send me an answer. I will also say this is a wery good tool - and help us to hold track for our canges on the routers. Best regards Atle Oestboe Network Services TDC Song AS Prof.O.Hanssensvei 7 Postboks 8034 N-4068 Stavanger Norway Phone: +47 51 20 26 51 /Mobile: +47 40 000 651 Fax +47 51 20 26 01 E-mail: atle.ostbo at tdcsong.no Web: tdcsong.no From heas at shrubbery.net Sat Nov 25 02:49:23 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 24 Nov 2006 18:49:23 -0800 Subject: [rancid] Re: Possible to use different password in .cloginrc In-Reply-To: <357EEDAD7111AE46916A5D882E361E5F3F3459@NO-SVG1EX01.nordiclan.net> References: <357EEDAD7111AE46916A5D882E361E5F3F3459@NO-SVG1EX01.nordiclan.net> Message-ID: <20061125024923.GM7881@shrubbery.net> Fri, Nov 24, 2006 at 01:56:50PM +0100, Atle ?stb?: > Hi > > I have installed the rancid-2.3.2a5.tar.gz on an Linux RedHat server. > > Most of our cpe and core routeres/switches have configured tacacs, but there is several of them that use login/enable password to get access to the configuration. > > Are the possible to set up some roule to use the tacacs login first, if that failed - then go to next match in the .cloginrc file. > > Example: > > # Most of the routers have tacacs login - try with that first > add user *.no.sn.net auto > add password *.no.sn.net {rancid!} > add autoenable *.no.sn.net 1 > > #If login failed - try login/enable password > add password *.no.sn.net {differentyou} {v8motor} > add autoenable*.no.sn.net 0 > > > I have used some time to search the web for some solution for this, but I have not get any match. > If you have some tips how I should do this - please send me an answer. > > I will also say this is a wery good tool - and help us to hold track for our canges on the routers. This is not possible, ATM. The cloginrc matching ends upon the first match. Either find some unique pattern in the name of your non-tacacs devices or create one with supplemental names in /etc/hosts such as prepending an _. I'll admit that this sounds useful, and cumbersome if continuation is not something you want. Perhaps a better alternative is some form of "continue" token, or some kind ifelse structure, but I can't envision how either might work at the moment. From heas at shrubbery.net Sat Nov 25 04:37:36 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 24 Nov 2006 20:37:36 -0800 Subject: [rancid] Re: SSH Proto 1 In-Reply-To: <20061125043628.5DB2111CE33@ni.shrubbery.net> <4566CC1D.7000406@irc.gr> References: <20061125043628.5DB2111CE33@ni.shrubbery.net> <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com> <4566CC1D.7000406@irc.gr> Message-ID: <20061125043736.GP7881@shrubbery.net> Fri, Nov 24, 2006 at 12:40:29PM +0200, Sotiris Tsimbonis: > Ian Lists said the following on 24/10/2006 9:53 ??: > > I have seen some postings online to use the "add sshcmd" line in my .cloginrc file to enable ssh protocol 1 for a device. I don't see this as one of the avaliable options in the sample .cloginrc file and it didn't seem to work for me anyway. Could someone give me some tips on getting the ssh "-1" flag to work? > > Use a tiny wrapper for ssh :-) > > $ cat ssh1 > #!/bin/sh > > exec ssh -1 $@ > ############### > Try this patch. Index: clogin.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/clogin.in,v retrieving revision 1.102 diff -d -u -r1.102 clogin.in --- clogin.in 23 Nov 2006 04:20:50 -0000 1.102 +++ clogin.in 25 Nov 2006 04:34:12 -0000 @@ -315,10 +315,11 @@ } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { - set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] - + set cmd [join [lindex $sshcmd 0] " "] + set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] } else { - set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] + set cmd [join [lindex $sshcmd 0] " "] + set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user -p $port $router" { }]} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" From heas at shrubbery.net Sat Nov 25 04:47:02 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 24 Nov 2006 20:47:02 -0800 Subject: [rancid] Re: VTP In-Reply-To: <1164266529.3451.3.camel@satyr.eu.tieto.com> References: <1164266529.3451.3.camel@satyr.eu.tieto.com> Message-ID: <20061125044702.GQ7881@shrubbery.net> Thu, Nov 23, 2006 at 08:22:09AM +0100, Johan Bergstr?m: > Why doesn't rancid pick out vtp information and save it ? > > It would definitely be useful, since I have quite a large network and it > would be easier to be able to tell my co-workers who aren't very used to > playing around with communication devices just to "download" a > configuration file from the rancid cvs archive and copy&paste if they > need to replace the supervisor card. But as it is today, they have to > type in the vtp commands separately. > > Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of > 6500s too. > Where is this data? Example? From rancid at veggiechinese.net Sun Nov 26 23:24:27 2006 From: rancid at veggiechinese.net (William Yardley) Date: Sun, 26 Nov 2006 15:24:27 -0800 Subject: [rancid] rancid errors Message-ID: <20061126232427.GA18591@mitch.veggiechinese.net> I've been getting the following error recently, and not getting emails sent by rancid, even though the router.db file exists and I can do a "cvs [whatever]" on it as the rancid user. Not sure if the two are connected, but the message isn't even getting submitted to my error log. My CVS path got changed recently, and so I tried both modifying CVS/Root (in the base dir of the working copy and the configs dir) and just doing a new checkout. Rancid doesn't seem to complain about anything else - I just don't get the email. Anything obvious I should check out? Trying to get all of the configs. All routers sucessfully completed. cvs server: Diffing . cvs [server aborted]: cannot open file router.db for comparing: No such file or directory cvs commit: Examining . cvs commit: Examining configs Checking in configs/css1; /cvs/cvsroot/rancid/configs/css1,v <-- css1 new revision: 1.53; previous revision: 1.52 done ending: Sun Nov 26 15:20:00 PST 2006 w From johan.bergstrom at tietoenator.com Mon Nov 27 09:40:24 2006 From: johan.bergstrom at tietoenator.com (Johan =?ISO-8859-1?Q?Bergstr=F6m?=) Date: Mon, 27 Nov 2006 10:40:24 +0100 Subject: [rancid] Re: VTP In-Reply-To: <20061125044702.GQ7881@shrubbery.net> References: <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> Message-ID: <1164620424.3449.24.camel@satyr.eu.tieto.com> Well I guess that's one of the problems, I don't know if you can catch it in 'show run'. But you can see the VTP settings by issuing 'show vtp status' and the output will be something like this, Router>sh vtp status VTP Version : 2 (1) Configuration Revision : 181 Maximum VLANs supported locally : 1005 Number of existing VLANs : 47 VTP Operating Mode : Server (Client or Transparent) VTP Domain Name : VTP_DOMAIN VTP Pruning Mode : Disabled (Enabled) VTP V2 Mode : Disabled (Enabled) VTP Traps Generation : Disabled (Enabled) MD5 digest : 0x1F 0xCD ... ... Configuration last modified by 192.168.255.200 at 11-16-06 21:10:34 Local updater ID is 192.168.255.200 on interface Vl1 (lowest numbered VLAN interface found) Everything within parentheses are my comments in the above output. It's possible outputs from the 'sh vtp status' command. The important information for me is VTP Operating Mode, VTP Domain Name and VTP Traps Generation But I guess for others VTP Pruning Mode, VTP V2 Mode and VTP Version could be just as important. The commands I use to setup my vtp are 'vtp domain VTP_DOMAIN' and 'vtp mode server(or client or transparent)' on some switches/routers where I want vtp traps, I enable that with 'snmp-server enable traps vtp' the snmp-server command is shown in 'sh run', so it's cought with rancid already. The other VTP commands are set with 'vtp pruning', 'vtp version <1|2>' Johan On Fri, 2006-11-24 at 20:47 -0800, john heasley wrote: > Thu, Nov 23, 2006 at 08:22:09AM +0100, Johan Bergstr?m: > > Why doesn't rancid pick out vtp information and save it ? > > > > It would definitely be useful, since I have quite a large network and it > > would be easier to be able to tell my co-workers who aren't very used to > > playing around with communication devices just to "download" a > > configuration file from the rancid cvs archive and copy&paste if they > > need to replace the supervisor card. But as it is today, they have to > > type in the vtp commands separately. > > > > Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of > > 6500s too. > > > > Where is this data? Example? From Atle.Ostbo at tdcsong.no Mon Nov 27 10:18:21 2006 From: Atle.Ostbo at tdcsong.no (=?iso-8859-1?B?QXRsZSDYc3Ri+A==?=) Date: Mon, 27 Nov 2006 11:18:21 +0100 Subject: [rancid] Re: Possible to use different password in .cloginrc In-Reply-To: <20061125024923.GM7881@shrubbery.net> Message-ID: <357EEDAD7111AE46916A5D882E361E5F3F345B@NO-SVG1EX01.nordiclan.net> Hi John Thank's for you answer. I agree there is better with one alternative is some form of "continue" token, or some kind ifelse structure, but how should it be implemented ? I have look at the clogin file and have found the place for the login check. If login failed - og to next device. # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { # if login failed or rsh was successful, move on to the next device -----> continue | } | if { $enable } { | | | |---------------------------------------------------------- | I think there is here the "continue" token should be called. | ----------------------------------------------------------- ------------------------------------------------ Med vennlig hilsen/Best regards Atle ?stb? Network Services > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 25. november 2006 03:49 > To: Atle ?stb? > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Possible to use different password in .cloginrc > > Fri, Nov 24, 2006 at 01:56:50PM +0100, Atle ?stb?: > > Hi > > > > I have installed the rancid-2.3.2a5.tar.gz on an Linux > RedHat server. > > > > Most of our cpe and core routeres/switches have configured > tacacs, but there is several of them that use login/enable > password to get access to the configuration. > > > > Are the possible to set up some roule to use the tacacs > login first, if that failed - then go to next match in the > .cloginrc file. > > > > Example: > > > > # Most of the routers have tacacs login - try with that first > > add user *.no.sn.net auto > > add password *.no.sn.net {rancid!} > > add autoenable *.no.sn.net 1 > > > > #If login failed - try login/enable password add password > *.no.sn.net > > {differentyou} {v8motor} add autoenable*.no.sn.net 0 > > > > > > I have used some time to search the web for some solution > for this, but I have not get any match. > > If you have some tips how I should do this - please send me > an answer. > > > > I will also say this is a wery good tool - and help us to > hold track for our canges on the routers. > > This is not possible, ATM. The cloginrc matching ends upon > the first match. Either find some unique pattern in the name > of your non-tacacs devices or create one with supplemental > names in /etc/hosts such as prepending an _. > > I'll admit that this sounds useful, and cumbersome if > continuation is not something you want. Perhaps a better > alternative is some form of "continue" > token, or some kind ifelse structure, but I can't envision > how either might work at the moment. > From jsherrill at currentcomm.net Mon Nov 27 16:28:14 2006 From: jsherrill at currentcomm.net (Sherrill, Justin) Date: Mon, 27 Nov 2006 11:28:14 -0500 Subject: [rancid] Re: 'out of band' access script changes? Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACB33@rocexch01.currentcomm.com> Alright, then to sum up for future people who may encounter this problem: If the target device for Rancid is on a separate network that can't be accessed directly from the machine Rancid is on, but can be accessed from a gateway device, here's the steps to reach that remote router. In .cloginrc: add method 192.168.0.2 telnet add user 192.168.0.2 your_gateway_router_username add password 192.168.0.2 {your_gateway_router_password} add method 172.18.0.1 {usercmd} add user 172.18.0.1 your_remote_switch_username add password 172.18.0.1 {your_ remote_switch_password} {your_ remote_switch_enable_password} add usercmd 172.18.0.1 {clogin} {-noenable} {192.168.0.2} add usercmd_chat 172.18.0.1 {>} {telnet far-router\r} {User Access Verification} {} clogin needs to be patched with Ed Ravin's changes here: http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html The {>} in the above example needs to be changed to match whatever shows up on the gateway system's prompt. Credit goes to Ed Ravin for getting this all to work. Ed, I owe you beer/cookies; mail me what brand/recipe you prefer and where to send them. ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. From Dmitar.Mitic at iskon.hr Mon Nov 27 11:33:06 2006 From: Dmitar.Mitic at iskon.hr (=?iso-8859-2?Q?Dmitar_Miti=E6?=) Date: Mon, 27 Nov 2006 12:33:06 +0100 Subject: [rancid] extreme networks XOS issues Message-ID: <550DB94D61B5BA43AF7A61339ECA6B4C09204F2E@postman.iskon.local> Hi, I have rancid-2.3.2a5 running fine with Cisco, however, I have problems with getting configs from Extreme. Is there a patch for XOS? Tnx D. ExtremeWare XOS Copyright (C) 2000-2006 Extreme Networks. All rights reserved. Image : ExtremeWare XOS version 11.4.1.4 v1141b4 by release-manager on Wed Mar 15 20:30:01 PST 2006 From heas at shrubbery.net Mon Nov 27 19:44:22 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 27 Nov 2006 11:44:22 -0800 Subject: [rancid] Re: extreme networks XOS issues In-Reply-To: <550DB94D61B5BA43AF7A61339ECA6B4C09204F2E@postman.iskon.local> References: <550DB94D61B5BA43AF7A61339ECA6B4C09204F2E@postman.iskon.local> Message-ID: <20061127194422.GG24782@shrubbery.net> Mon, Nov 27, 2006 at 12:33:06PM +0100, Dmitar Miti?: > > Hi, > > > I have rancid-2.3.2a5 running fine with Cisco, however, I have problems with getting configs from Extreme. Is there a patch for XOS? The patch is in a5. Have you tried the tests in the FAQ (1st question of section 3)? > > Tnx > > D. > > > > ExtremeWare XOS > Copyright (C) 2000-2006 Extreme Networks. All rights reserved. > > Image : ExtremeWare XOS version 11.4.1.4 v1141b4 by release-manager > on Wed Mar 15 20:30:01 PST 2006 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Nov 27 19:52:10 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 27 Nov 2006 11:52:10 -0800 Subject: [rancid] Re: VTP In-Reply-To: <1164620424.3449.24.camel@satyr.eu.tieto.com> References: <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> Message-ID: <20061127195210.GH24782@shrubbery.net> Mon, Nov 27, 2006 at 10:40:24AM +0100, Johan Bergstr?m: > Well I guess that's one of the problems, I don't know if you can catch > it in 'show run'. But you can see the VTP settings by issuing 'show vtp > status' and the output will be something like this, > > Router>sh vtp status > VTP Version : 2 (1) > Configuration Revision : 181 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 47 > VTP Operating Mode : Server (Client or Transparent) > VTP Domain Name : VTP_DOMAIN > VTP Pruning Mode : Disabled (Enabled) > VTP V2 Mode : Disabled (Enabled) > VTP Traps Generation : Disabled (Enabled) > MD5 digest : 0x1F 0xCD ... ... > Configuration last modified by 192.168.255.200 at 11-16-06 21:10:34 > Local updater ID is 192.168.255.200 on interface Vl1 (lowest numbered > VLAN interface found) > > Everything within parentheses are my comments in the above output. It's > possible outputs from the 'sh vtp status' command. > > The important information for me is VTP Operating Mode, > VTP Domain Name and VTP Traps Generation show vtp status was added a long time ago. and, I expect the commands to alter it would appear in show running (excepting the 'defaults' which cisco may change at their whim). > But I guess for others VTP Pruning Mode, VTP V2 Mode and VTP Version > could be just as important. > > The commands I use to setup my vtp are 'vtp domain VTP_DOMAIN' and 'vtp > mode server(or client or transparent)' on some switches/routers where I > want vtp traps, I enable that with 'snmp-server enable traps vtp' the > snmp-server command is shown in 'sh run', so it's cought with rancid > already. > > The other VTP commands are set with 'vtp pruning', 'vtp version <1|2>' all of these should appear in the show running output. either you're running a very old version, have the device configured as "cat5", or ??? > Johan > > On Fri, 2006-11-24 at 20:47 -0800, john heasley wrote: > > Thu, Nov 23, 2006 at 08:22:09AM +0100, Johan Bergstr?m: > > > Why doesn't rancid pick out vtp information and save it ? > > > > > > It would definitely be useful, since I have quite a large network and it > > > would be easier to be able to tell my co-workers who aren't very used to > > > playing around with communication devices just to "download" a > > > configuration file from the rancid cvs archive and copy&paste if they > > > need to replace the supervisor card. But as it is today, they have to > > > type in the vtp commands separately. > > > > > > Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of > > > 6500s too. > > > > > > > Where is this data? Example? From johan.bergstrom at tietoenator.com Tue Nov 28 07:16:43 2006 From: johan.bergstrom at tietoenator.com (Johan =?ISO-8859-1?Q?Bergstr=F6m?=) Date: Tue, 28 Nov 2006 08:16:43 +0100 Subject: [rancid] Re: VTP In-Reply-To: <20061127195210.GH24782@shrubbery.net> References: <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> Message-ID: <1164698204.3449.65.camel@satyr.eu.tieto.com> On Mon, 2006-11-27 at 11:52 -0800, john heasley wrote: > > > > The important information for me is VTP Operating Mode, > > VTP Domain Name and VTP Traps Generation > > show vtp status was added a long time ago. and, I expect the commands to > alter it would appear in show running (excepting the 'defaults' which > cisco may change at their whim). > > > The commands I use to setup my vtp are 'vtp domain VTP_DOMAIN' and 'vtp > > mode server(or client or transparent)' on some switches/routers where I > > want vtp traps, I enable that with 'snmp-server enable traps vtp' the > > snmp-server command is shown in 'sh run', so it's cought with rancid > > already. > > > > The other VTP commands are set with 'vtp pruning', 'vtp version <1|2>' > > all of these should appear in the show running output. either you're > running a very old version, have the device configured as "cat5", or > ??? It doesn't show vtp domain or vtp mode in show running, I'm using the following versions, 4500, Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA6, RELEASE SOFTWARE (fc1) IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(18)EW1, RELEASE SOFTWARE (fc1) 6500, IOS (tm) s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(17d)SXB3, RELEASE SOFTWARE (fc1) 3750, Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) And I'm running my devices as cisco in rancid. > > > > On Fri, 2006-11-24 at 20:47 -0800, john heasley wrote: > > > Thu, Nov 23, 2006 at 08:22:09AM +0100, Johan Bergstr?m: > > > > Why doesn't rancid pick out vtp information and save it ? > > > > > > > > It would definitely be useful, since I have quite a large network and it > > > > would be easier to be able to tell my co-workers who aren't very used to > > > > playing around with communication devices just to "download" a > > > > configuration file from the rancid cvs archive and copy&paste if they > > > > need to replace the supervisor card. But as it is today, they have to > > > > type in the vtp commands separately. > > > > > > > > Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of > > > > 6500s too. > > > > > > > > > > Where is this data? Example? From Bruce.Rodger at strath.ac.uk Tue Nov 28 15:15:37 2006 From: Bruce.Rodger at strath.ac.uk (Bruce Rodger) Date: Tue, 28 Nov 2006 15:15:37 +0000 (GMT) Subject: [rancid] Rancid and 3Com 5500 Message-ID: before I start re-inventing the wheel, has anyone done a rancid mod to cope with the 3Com 5500 switch range? Bruce. -- Bruce Rodger |Bruce.Rodger at strath.ac.uk PGP key available Network Manager, IT Services |http://www.strath.ac.uk/IT/People/bruce.html The University of Strathclyde | +44 (0)141 548 3300 Glasgow G4 0LN, Scotland. | Fax 553 4100 From rancid at gheek.net Tue Nov 28 17:05:41 2006 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 28 Nov 2006 09:05:41 -0800 Subject: [rancid] Re: VTP In-Reply-To: <1164698204.3449.65.camel@satyr.eu.tieto.com> References: <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> Message-ID: <20061128170541.GA13534@gheek.net> John/Johan, I hope the information I have provided aids a resolution quickly. The VTP information would be helpful along with show cdp nei/show cdp nei detail. I am sure there are a lot of other commands that would be incredibly helpful to people. VTP info is not really captured in the config. IOS ------ ops-dsr-01#sh run | i vtp vtp interface lo0 #user defined, by default lowest vlan is chosen snmp-server enable traps vtp #enable/disable is user defined CATOS (all of this is captured in the show run/config/config all) ------ sh run ... ... set snmp trap enable vtp #enable/disable is user defined #vtp set vtp domain [ops] #ops is user defined or null set vtp mode client [vlan] #vlan is optional set logging level vtp 5 default #logging level is user defined The show vtp domain/status is different for catos/ios. Here are examples. IOS ------ ops-dsr-01#sh vtp status VTP Version : 2 Configuration Revision : 98 Maximum VLANs supported locally : 1005 Number of existing VLANs : 59 VTP Operating Mode : Server VTP Domain Name : ops VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Enabled MD5 digest : 0xF7 0x00 0x00 0x00 0xD6 0x60 0x24 0x85 Configuration last modified by 172.21.253.253 at 10-19-06 19:51:14 Local updater ID is 172.21.253.254 on interface Lo0 (preferred interface) Preferred interface name is lo0 CATOS ------ ops-as-01> (enable) sh vtp dom Domain Name Domain Index VTP Version Local Mode Password -------------------------------- ------------ ----------- ----------- ---------- ops 1 2 client - Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 59 1023 98 enabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.21.253.253 enabled enabled 2-1000 I mentioned "show cdp neighbor [detail]" earlier so here is the info for that. I would personally think show cdp neighbor detail would be better because if you have specified the domain name for your device in the config then you end up with lines that wordwrap. Detail gives you all the info from show cdp neighbor and more. Namely I think you should only capture lines like so for the Detail portion: IOS (See Below for a full output of the command) ------ ^Device ID: (Ex. [Device ID: ops-dsr-02.somedomain.com]) ^\s*IP Address: (Ex. [ IP Address: 172.21.254.252]) ^Interface (Ex. [Interface: GigabitEthernet5/2, Port ID (outgoing port): GigabitEthernet5/2]) ^advertisement (Ex. [advertisement version: 2]) ^VTP (Ex. [VTP Management Domain: 'ops']) ^Native (Ex. [Native VLAN: 1]) ^Duplex (Ex. [Duplex: full]) CATOS (See Below for a full output of the command) ------ ^Port (Ex. [Port (Our Port): 1/1]) ^Device-ID: (Ex. [Device-ID: ops-dsr-02.somedomain.com]) ^\s*IP Address: (Ex. [ IP Address: 172.21.254.252]) ^Platform (Ex. [Platform: cisco WS-C6509]) ^Port (Ex. [Port-ID (Port on Neighbors's Device): GigabitEthernet4/6]) ^VTP (Ex. [VTP Management Domain: ops]) ^Native (Ex. [Native VLAN: 1]) ^Duplex (Ex. [Duplex: full]) IOS ------ ops-dsr-01#sh cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ops-dsr-02.bestwestern.com Gig 5/2 163 R S I WS-C6509 Gig 5/2 ops-dsr-02.bestwestern.com Gig 5/1 163 R S I WS-C6509 Gig 5/1 ... ... ops-dsr-01#show cdp neighbor detail ------------------------- Device ID: ops-dsr-02.somedomain.com Entry address(es): IP address: 172.21.254.252 Platform: cisco WS-C6509, Capabilities: Router Switch IGMP Interface: GigabitEthernet5/2, Port ID (outgoing port): GigabitEthernet5/2 Holdtime : 157 sec Version : Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-VM), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Sat 08-Jul-06 04:05 by kellythw advertisement version: 2 VTP Management Domain: 'ops' Native VLAN: 1 Duplex: full ------------------------- Device ID: ops-dsr-02.somedomain.com Entry address(es): IP address: 172.21.254.252 Platform: cisco WS-C6509, Capabilities: Router Switch IGMP Interface: GigabitEthernet5/1, Port ID (outgoing port): GigabitEthernet5/1 Holdtime : 157 sec Version : Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-VM), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Sat 08-Jul-06 04:05 by kellythw advertisement version: 2 VTP Management Domain: 'ops' Native VLAN: 1 Duplex: full ... ... CATOS ------ ops-as-04> (enable) sh cdp neighbor * - indicates vlan mismatch. # - indicates duplex mismatch. Port Device-ID Port-ID Platform -------- ------------------------------- ------------------------- ------------ 1/1 ops-dsr-02.somedomain.com GigabitEthernet4/6 cisco WS-C6509 1/2 ops-dsr-01.somedomain.com GigabitEthernet4/8 cisco WS-C6509 2/17 OPS-WLC-01 Unit - 0 Slot - 0 Port - WLC4402-25 2/18 OPS-WLC-01 Unit - 0 Slot - 0 Port - WLC4402-25 ops-as-04> (enable) sh cdp neighbor detail Port (Our Port): 1/1 Device-ID: ops-dsr-02.somedomain.com Device Addresses: IP Address: 172.21.254.252 Holdtime: 173 sec Capabilities: ROUTER SWITCH IGMP Version: Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-VM), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Sat 08-Jul-06 04:05 by kellythw Platform: cisco WS-C6509 Port-ID (Port on Neighbors's Device): GigabitEthernet4/6 VTP Management Domain: ops Native VLAN: 1 Duplex: full System Name: unknown System Object ID: unknown Management Addresses: unknown Physical Location: unknown ___________________________________________________________________________ Port (Our Port): 1/2 Device-ID: ops-dsr-01.somedomain.com Device Addresses: IP Address: 172.21.254.253 Holdtime: 173 sec Capabilities: ROUTER SWITCH IGMP Version: Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-VM), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Sat 08-Jul-06 04:05 by kellythw Platform: cisco WS-C6509 Port-ID (Port on Neighbors's Device): GigabitEthernet4/8 VTP Management Domain: ops Native VLAN: 1 Duplex: full System Name: unknown System Object ID: unknown Management Addresses: unknown Physical Location: unknown ___________________________________________________________________________ Port (Our Port): 2/17 Device-ID: OPS-WLC-01 Device Addresses: IP Address: 172.21.254.250 Holdtime: 167 sec Capabilities: HOST Version: Manufacturer's Name: Cisco Systems Inc. Product Name: Cisco Controller Product Version: 4.0.155.5 RTOS Version: 4.0.155.5 Bootloader Version: 4.0.155.5 Build Type: DATA + WPS Platform: WLC4402-25 Port-ID (Port on Neighbors's Device): Unit - 0 Slot - 0 Port - 2 VTP Management Domain: unknown Native VLAN: unknown Duplex: unknown System Name: unknown System Object ID: unknown Management Addresses: unknown Physical Location: unknown ... ... -- -Lance On Tue, Nov 28, 2006 at 08:16:43AM +0100, Johan Bergstr?m wrote: > On Mon, 2006-11-27 at 11:52 -0800, john heasley wrote: > > > > > > The important information for me is VTP Operating Mode, > > > VTP Domain Name and VTP Traps Generation > > > > show vtp status was added a long time ago. and, I expect the commands to > > alter it would appear in show running (excepting the 'defaults' which > > cisco may change at their whim). > > > > > The commands I use to setup my vtp are 'vtp domain VTP_DOMAIN' and 'vtp > > > mode server(or client or transparent)' on some switches/routers where I > > > want vtp traps, I enable that with 'snmp-server enable traps vtp' the > > > snmp-server command is shown in 'sh run', so it's cought with rancid > > > already. > > > > > > The other VTP commands are set with 'vtp pruning', 'vtp version <1|2>' > > > > all of these should appear in the show running output. either you're > > running a very old version, have the device configured as "cat5", or > > ??? > > It doesn't show vtp domain or vtp mode in show running, I'm using the > following versions, > > 4500, > Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), > Version 12.2(25)EWA6, RELEASE SOFTWARE (fc1) > > IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version > 12.2(18)EW1, RELEASE SOFTWARE (fc1) > > 6500, > IOS (tm) s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(17d)SXB3, > RELEASE SOFTWARE (fc1) > > 3750, > > Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version > 12.2(25)SEE2, RELEASE SOFTWARE (fc1) > > And I'm running my devices as cisco in rancid. > > > > > > > On Fri, 2006-11-24 at 20:47 -0800, john heasley wrote: > > > > Thu, Nov 23, 2006 at 08:22:09AM +0100, Johan Bergstr?m: > > > > > Why doesn't rancid pick out vtp information and save it ? > > > > > > > > > > It would definitely be useful, since I have quite a large network and it > > > > > would be easier to be able to tell my co-workers who aren't very used to > > > > > playing around with communication devices just to "download" a > > > > > configuration file from the rancid cvs archive and copy&paste if they > > > > > need to replace the supervisor card. But as it is today, they have to > > > > > type in the vtp commands separately. > > > > > > > > > > Oh and this is all cisco devices. mostly 4500s and 3750s and a bunch of > > > > > 6500s too. > > > > > > > > > > > > > Where is this data? Example? > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From thijs at virtu.nl Tue Nov 28 16:05:03 2006 From: thijs at virtu.nl (Thijs Groener) Date: Tue, 28 Nov 2006 17:05:03 +0100 Subject: [rancid] Using rancid to hop from router to router Message-ID: Hi Bob, I am trying to get this setup to work right now with a linux machine as my hop. I can use clogin to login to the linux machine directly and I can type commands, but if I try to login to my switch through the linux machine it enters the linux machine and in the history I can see that it only enters the username once more (on a normal prompt so that does not work) and then it stops functioning. So my question is... did you ever get it to work ? Kind regards, Thijs -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061128/912772d6/attachment.html From heas at shrubbery.net Tue Nov 28 18:43:59 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 28 Nov 2006 10:43:59 -0800 Subject: [rancid] Re: VTP In-Reply-To: <20061128170541.GA13534@gheek.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> References: <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> <20061128170541.GA13534@gheek.net> <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> Message-ID: <20061128184359.GC13534@shrubbery.net> Tue, Nov 28, 2006 at 08:16:43AM +0100, Johan Bergstr?m: > On Mon, 2006-11-27 at 11:52 -0800, john heasley wrote: > > > > > > The important information for me is VTP Operating Mode, > > > VTP Domain Name and VTP Traps Generation > > > > show vtp status was added a long time ago. and, I expect the commands to > > alter it would appear in show running (excepting the 'defaults' which > > cisco may change at their whim). > > > > > The commands I use to setup my vtp are 'vtp domain VTP_DOMAIN' and 'vtp > > > mode server(or client or transparent)' on some switches/routers where I > > > want vtp traps, I enable that with 'snmp-server enable traps vtp' the > > > snmp-server command is shown in 'sh run', so it's cought with rancid > > > already. > > > > > > The other VTP commands are set with 'vtp pruning', 'vtp version <1|2>' > > > > all of these should appear in the show running output. either you're > > running a very old version, have the device configured as "cat5", or > > ??? > > It doesn't show vtp domain or vtp mode in show running, I'm using the > following versions, both are collected though; show running and show vtp. I don't understand what's missing or where to get it. Tue, Nov 28, 2006 at 09:05:41AM -0800, Lance Vermilion: > VTP info is not really captured in the config. s/really/entirely/ > IOS > ------ > ops-dsr-01#sh run | i vtp > vtp interface lo0 #user defined, by default lowest vlan is chosen > snmp-server enable traps vtp #enable/disable is user defined > > CATOS (all of this is captured in the show run/config/config all) > ------ > sh run > ... > ... > set snmp trap enable vtp #enable/disable is user defined > #vtp > set vtp domain [ops] #ops is user defined or null > set vtp mode client [vlan] #vlan is optional > set logging level vtp 5 default #logging level is user defined > > > The show vtp domain/status is different for catos/ios. Here are examples. > > IOS > ------ > ops-dsr-01#sh vtp status > VTP Version : 2 > Configuration Revision : 98 > Maximum VLANs supported locally : 1005 > Number of existing VLANs : 59 > VTP Operating Mode : Server > VTP Domain Name : ops > VTP Pruning Mode : Enabled > VTP V2 Mode : Enabled > VTP Traps Generation : Enabled > MD5 digest : 0xF7 0x00 0x00 0x00 0xD6 0x60 0x24 0x85 > Configuration last modified by 172.21.253.253 at 10-19-06 19:51:14 > Local updater ID is 172.21.253.254 on interface Lo0 (preferred interface) > Preferred interface name is lo0 > > CATOS > ------ > ops-as-01> (enable) sh vtp dom Ah! This command is missing. > Domain Name Domain Index VTP Version Local Mode Password > -------------------------------- ------------ ----------- ----------- ---------- > ops 1 2 client - > > Vlan-count Max-vlan-storage Config Revision Notifications > ---------- ---------------- --------------- ------------- > 59 1023 98 enabled > > Last Updater V2 Mode Pruning PruneEligible on Vlans > --------------- -------- -------- ------------------------- > 172.21.253.253 enabled enabled 2-1000 From johan.bergstrom at tietoenator.com Wed Nov 29 07:40:30 2006 From: johan.bergstrom at tietoenator.com (Johan =?ISO-8859-1?Q?Bergstr=F6m?=) Date: Wed, 29 Nov 2006 08:40:30 +0100 Subject: [rancid] Re: VTP In-Reply-To: <20061128184359.GC13534@shrubbery.net> References: <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> <20061128170541.GA13534@gheek.net> <1164266529.3451.3.camel@satyr.eu.tieto.com> <20061125044702.GQ7881@shrubbery.net> <1164620424.3449.24.camel@satyr.eu.tieto.com> <20061127195210.GH24782@shrubbery.net> <1164698204.3449.65.camel@satyr.eu.tieto.com> <20061128184359.GC13534@shrubbery.net> Message-ID: <1164786030.3449.99.camel@satyr.eu.tieto.com> On Tue, 2006-11-28 at 10:43 -0800, john heasley wrote: > Tue, Nov 28, 2006 at 08:16:43AM +0100, Johan Bergstr?m: > > On Mon, 2006-11-27 at 11:52 -0800, john heasley wrote: > > > > > > > > The important information for me is VTP Operating Mode, > > > > VTP Domain Name and VTP Traps Generation > > > > > > show vtp status was added a long time ago. and, I expect the commands to > > > alter it would appear in show running (excepting the 'defaults' which > > > cisco may change at their whim). > > > Oh my bad... I have been thinking something like capture the info, and rewrite it into the config as commands modifying all necessary vtp settings. The info is there alright, sh vtp status output as comments(!) in the configfile in my repository. Didn't even notice that until now. I'll just rewrite the information into the commands I need in the config file as it is requested out of the repository from my technicians. > both are collected though; show running and show vtp. I don't understand > what's missing or where to get it. > > Tue, Nov 28, 2006 at 09:05:41AM -0800, Lance Vermilion: > > VTP info is not really captured in the config. > > s/really/entirely/ > > > IOS > > ------ > > ops-dsr-01#sh run | i vtp > > vtp interface lo0 #user defined, by default lowest vlan is chosen > > snmp-server enable traps vtp #enable/disable is user defined > > > > CATOS (all of this is captured in the show run/config/config all) > > ------ > > sh run > > ... > > ... > > set snmp trap enable vtp #enable/disable is user defined > > #vtp > > set vtp domain [ops] #ops is user defined or null > > set vtp mode client [vlan] #vlan is optional > > set logging level vtp 5 default #logging level is user defined > > > > > > The show vtp domain/status is different for catos/ios. Here are examples. > > > > IOS > > ------ > > ops-dsr-01#sh vtp status > > VTP Version : 2 > > Configuration Revision : 98 > > Maximum VLANs supported locally : 1005 > > Number of existing VLANs : 59 > > VTP Operating Mode : Server > > VTP Domain Name : ops > > VTP Pruning Mode : Enabled > > VTP V2 Mode : Enabled > > VTP Traps Generation : Enabled > > MD5 digest : 0xF7 0x00 0x00 0x00 0xD6 0x60 0x24 0x85 > > Configuration last modified by 172.21.253.253 at 10-19-06 19:51:14 > > Local updater ID is 172.21.253.254 on interface Lo0 (preferred interface) > > Preferred interface name is lo0 > > > > CATOS > > ------ > > ops-as-01> (enable) sh vtp dom > > Ah! This command is missing. > > > Domain Name Domain Index VTP Version Local Mode Password > > -------------------------------- ------------ ----------- ----------- ---------- > > ops 1 2 client - > > > > Vlan-count Max-vlan-storage Config Revision Notifications > > ---------- ---------------- --------------- ------------- > > 59 1023 98 enabled > > > > Last Updater V2 Mode Pruning PruneEligible on Vlans > > --------------- -------- -------- ------------------------- > > 172.21.253.253 enabled enabled 2-1000 From eravin at panix.com Wed Nov 29 18:04:53 2006 From: eravin at panix.com (Ed Ravin) Date: Wed, 29 Nov 2006 13:04:53 -0500 Subject: [rancid] Re: Using rancid to hop from router to router In-Reply-To: References: Message-ID: <20061129180453.GA7592@panix.com> On Tue, Nov 28, 2006 at 05:05:03PM +0100, Thijs Groener wrote: > I am trying to get this setup to work right now with a linux machine > as my hop. I can use clogin to login to the linux machine directly and > I can type commands, but if I try to login to my switch through the > linux machine it enters the linux machine and in the history I can see > that it only enters the username once more (on a normal prompt so that > does not work) and then it stops functioning. So my question is... did > you ever get it to work ? Have you applied the "usercmd" patch? http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html If you have, and reading the previous discussions on this topic don't answer your questions, please post the relevant portions of your .cloginrc. You will need to use a "usercmd_chat" script to send the command to the linux machine that connects to the switch.