Discussion:
[rancid] Nexus 7000 series backup issues.
Moermond, Timothy
2012-08-30 14:49:01 UTC
Permalink
I know this has been discussed before, but I still do not seem to be able to
find the solution to backing up the Nexus 7000 that I have.



nexus_1 clogin error: Error: TIMEOUT reached

nexus_1: missed cmd(s): show module,show environment fex all fan,show
license,dir usb1:,dir debug:,show debug,show version build-info all,show
cores vdc-all,show vtp status,show environment fan,show module xbar,show
environment power,show license host-id,show inventory,dir usb2:,show vlan,dir
volatile:,dir bootflash:,dir slot0:,term no monitor-force,show processes log
vdc-all,show environment clock,dir logflash:,show license usage,show
version,show running-config,show system redundancy status,show environment
temperature,show boot

nexus_1: End of run not found

!



If I use clogin I notice that it is getting hung up at the password prompt.
The prompt has not been changed from the standard Cisco uses. If I enter the
password in .cloginrc, everything is fine. I haven't been able to figure out
why it stops at this point, it is using the same login paramters as my other
devices and they are all working fine.



Not sure where to go next.



Tim
Daniel Schmidt
2012-08-30 18:41:16 UTC
Permalink
Does it go away if you remove all your banner/motd?



*From:* rancid-discuss-***@shrubbery.net [mailto:
rancid-discuss-***@shrubbery.net] *On Behalf Of *Moermond, Timothy
*Sent:* Thursday, August 30, 2012 8:49 AM
*To:* rancid-***@shrubbery.net
*Subject:* [rancid] Nexus 7000 series backup issues.



I know this has been discussed before, but I still do not seem to be able
to find the solution to backing up the Nexus 7000 that I have.



nexus_1 clogin error: Error: TIMEOUT reached

nexus_1: missed cmd(s): show module,show environment fex all fan,show
license,dir usb1:,dir debug:,show debug,show version build-info all,show
cores vdc-all,show vtp status,show environment fan,show module xbar,show
environment power,show license host-id,show inventory,dir usb2:,show
vlan,dir volatile:,dir bootflash:,dir slot0:,term no monitor-force,show
processes log vdc-all,show environment clock,dir logflash:,show license
usage,show version,show running-config,show system redundancy status,show
environment temperature,show boot

nexus_1: End of run not found

!



If I use clogin I notice that it is getting hung up at the password prompt.
The prompt has not been changed from the standard Cisco uses. If I enter
the password in .cloginrc, everything is fine. I haven’t been able to
figure out why it stops at this point, it is using the same login paramters
as my other devices and they are all working fine.



Not sure where to go next.



Tim

E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
Moermond, Timothy
2012-08-30 19:52:47 UTC
Permalink
This post might be inappropriate. Click to display it.
heasley
2012-08-30 20:19:43 UTC
Permalink
Post by Moermond, Timothy
Quick clarification, I did not need to load the linux expect hack on our
Redhat Enterprise 64 Bit 5.8 server, however we were not able to determine if
Redhat had actually included it or not already in their implementation of
expect 5.43.
I do not know if the problem persists in recent Linux or Solaris and expect
combinations. The symptom of the problem is that expect hangs, permanently
or until the device's idle timer breaks the connection. it is highly
network, device and host timing dependent.

For those reasons, I'd stick with the patch, if you've already built it.
Post by Moermond, Timothy
Okay I figured it out. On my Nexus 7000 version of NXOS 5.1(3) if you remove
the banner motd completely the system defaults to the following " #User
Access Verification#Using keyboard-interactive authentication." Which of
course includes the "#" symbol preventing the rancid from logging in
properly. As soon as I set a new banner motd then the problem goes away.
Cisco, you are our nemesis.
heasley
2012-08-30 22:17:30 UTC
Permalink
Post by Moermond, Timothy
Okay I figured it out. On my Nexus 7000 version of NXOS 5.1(3) if you remove
the banner motd completely the system defaults to the following " #User
Access Verification#Using keyboard-interactive authentication." Which of
course includes the "#" symbol preventing the rancid from logging in
properly. As soon as I set a new banner motd then the problem goes away.
I tried to come up with a way around this, such as this:

Index: bin/clogin.in
===================================================================
--- bin/clogin.in (revision 2618)
+++ bin/clogin.in (working copy)
@@ -567,6 +567,12 @@
}
exp_continue
}
+ "#User Access Verification# {
+ # NXOS 5.1(3) on 7000, perhaps earlier and on
+ # other Nexus, has this default banner, which
+ # breaks autoenable.
+ exp_continue
+ }
-re "$prompt" {
set prompt_match $expect_out(0,string);
break;

but that is not reliable. If the timing were off, which is very likely, it
would fail. I suppose it could be anchored at the beginning of the line,
but we can't expect that Cisco will not randomly change its placement or
format. If it were possible to know the full prompt with certainty before
login, that could be avoided.

A possibility is to alter the regex for the prompt to expect at least one
printable character preceeding it. Something like "^[^ ]*[^ ] ?#", but I
am always weary of how such changes will affect other platforms.

Another possibility is that folks complain to cisco and either use a banner
or do not use autoenable until it is fixed.

Suggestions?

Loading...