Discussion:
[rancid] Cisco 2960 switch
Steve Ousley
2008-09-26 12:15:55 UTC
Permalink
Hi All



We have just got some Cisco 2960 switches that we need to backup. However
when the backup runs on the switch, it simply misses the commands.



I think I know why this is, and that is that when I log in with clogin, it
logs in ok, and automatically displays the configuration, rather than
waiting for Rancid to collect it. This also has problems with paging int
hat when I clogin I see "-more-"at the bottom as though it's waiting for me
to press space or enter, yet, when I press anything, it just sits there
until the connection times out.



Has anyone ever got a 2960 backing up ok? If so, did they experience this as
well?



Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

<mailto:***@host-it.co.uk> ***@host-it.co.uk

<http://www.nucotechnologies.com/> www.nucotechnologies.com

Tel. 0870 165 1300



Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751
Martin, Seth
2008-09-26 12:26:28 UTC
Permalink
We backup several dozen 2960's without an issue. We are running
rancid-2.3.2a2 if that helps.



Does rancid log in as a priv'd account or are you using an enable
secret? What priv level did you give your rancid user? Are you using
anything special for AAA like Tacacs or radius?



_____________________________________________________________________
Seth Martin



________________________________

From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Steve Ousley
Sent: Friday, September 26, 2008 8:16 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Cisco 2960 switch



Hi All



We have just got some Cisco 2960 switches that we need to backup.
However when the backup runs on the switch, it simply misses the
commands.



I think I know why this is, and that is that when I log in with clogin,
it logs in ok, and automatically displays the configuration, rather than
waiting for Rancid to collect it. This also has problems with paging
int hat when I clogin I see "-more-"at the bottom as though it's waiting
for me to press space or enter, yet, when I press anything, it just sits
there until the connection times out.



Has anyone ever got a 2960 backing up ok? If so, did they experience
this as well?



Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

***@host-it.co.uk <mailto:***@host-it.co.uk>

www.nucotechnologies.com <http://www.nucotechnologies.com/>

Tel. 0870 165 1300



Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751
Steve Ousley
2008-09-26 12:53:26 UTC
Permalink
Hi Martin



I have asked a colleague the questions that you asked and the answers are as
Does rancid log in as a priv'd account or are you using an enable secret?
Yes, the config states:

"username rancid privilege 15 secret 5 ********"
What priv level did you give your rancid user?
As you can see from this, the rancid user has priv level 15.



We also have:



"username rancid autocommand show running"



So that when the user "rancid" logs in, it automatically runs "show
running". This works fine when I telnet to the switch from the rancid
machine, I can page through the output.



The reason we have this is so that Rancid can get the configs as an enabled
user, but then if anyone gains access to the passwords for Rancid, all they
can do is get the configs, and cannot actually change the configs at all.
Are you using anything special for AAA like Tacacs or radius?
No we are not using anything special, just plain login and auto-run the
command.



Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

<mailto:***@host-it.co.uk> ***@host-it.co.uk

<http://www.nucotechnologies.com/> www.nucotechnologies.com

Tel. 0870 165 1300



Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751



From: Martin, Seth [mailto:***@sourceinterlink.com]
Sent: 26 September 2008 13:26
To: Steve Ousley; rancid-***@shrubbery.net
Subject: RE: [rancid] Cisco 2960 switch



We backup several dozen 2960's without an issue. We are running
rancid-2.3.2a2 if that helps.



Does rancid log in as a priv'd account or are you using an enable secret?
What priv level did you give your rancid user? Are you using anything
special for AAA like Tacacs or radius?



_____________________________________________________________________
Seth Martin

_____

From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Steve Ousley
Sent: Friday, September 26, 2008 8:16 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Cisco 2960 switch



Hi All



We have just got some Cisco 2960 switches that we need to backup. However
when the backup runs on the switch, it simply misses the commands.



I think I know why this is, and that is that when I log in with clogin, it
logs in ok, and automatically displays the configuration, rather than
waiting for Rancid to collect it. This also has problems with paging int
hat when I clogin I see "-more-"at the bottom as though it's waiting for me
to press space or enter, yet, when I press anything, it just sits there
until the connection times out.



Has anyone ever got a 2960 backing up ok? If so, did they experience this as
well?



Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

<mailto:***@host-it.co.uk> ***@host-it.co.uk

<http://www.nucotechnologies.com/> www.nucotechnologies.com

Tel. 0870 165 1300



Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751
Alex Dekker
2008-09-26 13:12:12 UTC
Permalink
Post by Steve Ousley
"username rancid autocommand show running"
So that when the user "rancid" logs in, it automatically runs "show
running". This works fine when I telnet to the switch from the rancid
machine, I can page through the output.
That's your problem right there. Remove this and it'll work.

alexd
Martin, Seth
2008-09-26 13:20:18 UTC
Permalink
If you are worried about Rancid having too much access, you should try
restricting it using the privilege configurations in IOS. Maybe someone
on here has one already written you can copy to avoid having to figure
it all out.

I like rancid to have full access to my devices because we use it to
push out config.

_____________________________________________________________________
Seth Martin

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Alex Dekker
Sent: Friday, September 26, 2008 9:12 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Re: Cisco 2960 switch
Post by Steve Ousley
"username rancid autocommand show running"
So that when the user "rancid" logs in, it automatically runs "show
running". This works fine when I telnet to the switch from the rancid
machine, I can page through the output.
That's your problem right there. Remove this and it'll work.

alexd

Loading...