[rancid] Cisco ASA+WLC script
618 views
Skip to first unread message
Michael Maymann
Mar 8, 2012, 4:17:09 PM3/8/12
to rancid-...@shrubbery.net
Hi List,
I am trying to configure scheduled backups of my Cisco ASAs and WLCs.
I am currently trying to use clogin. Login is successful, but it never enters enable/configure mode - and therefore is not able to run the desired commands/retrieve all the necessary information (it tries to though !).
Can't paste my .clogin, as I'm at home currently. But everything (password/enable_password) is ok there ! (I am running this already on my HP Switches)
just after login and before it should enter enable/configure mode, it tries to execute the command (from within clogin - not something I told it to...):
"terminal length 0"
but the right command for this on a ASA/WLC's is:
"no pager" or "terminal pager 0"
1. Is there a better Xlogin that I should use ?
2. If clogin is the best script, where in the clogin can I fix this ?
3. Furthermore clogin doesn't logout of my WLC's when it finishes - I guess I could just add a "; exit" or "; logout" at the end of my command, but where can I fix this as-well ?
Thanks in advance :) !
~maymann
I am trying to configure scheduled backups of my Cisco ASAs and WLCs.
I am currently trying to use clogin. Login is successful, but it never enters enable/configure mode - and therefore is not able to run the desired commands/retrieve all the necessary information (it tries to though !).
Can't paste my .clogin, as I'm at home currently. But everything (password/enable_password) is ok there ! (I am running this already on my HP Switches)
just after login and before it should enter enable/configure mode, it tries to execute the command (from within clogin - not something I told it to...):
"terminal length 0"
but the right command for this on a ASA/WLC's is:
"no pager" or "terminal pager 0"
1. Is there a better Xlogin that I should use ?
2. If clogin is the best script, where in the clogin can I fix this ?
3. Furthermore clogin doesn't logout of my WLC's when it finishes - I guess I could just add a "; exit" or "; logout" at the end of my command, but where can I fix this as-well ?
Thanks in advance :) !
~maymann
Daniel Schmidt
Mar 8, 2012, 6:23:15 PM3/8/12
to Michael Maymann, rancid-...@shrubbery.net
Clogin is not for the wlc, that would be wlogin. Out of sheer curiosity, now, why again are you trying to find a way to do what rancid already does for you?
E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties.
Michael Maymann
Mar 9, 2012, 6:23:24 AM3/9/12
to rancid-...@shrubbery.net
Hi,
Daniel+DenyIPAnyAny: Thanks for your quick reply :) !
1. I'm running rancid 2.3.6... don't have any wlogin anywhere... can't see any in 2.3.8 either - how do I get wlogin ?
I'm doing this because I have some equipment that rancid doesn't support, that I also need backed-up (and don't know expect that well). So just created a little wrapper around Rancid to perfect things for me.
2. How do you backup your ASA's ?
nothing is wrong with my .clogin:
---
add method * ssh
#add method * telnet
add user * USR
add password * {PWD} {enable_PWD}
add autoenable * {1}
---
works fine, logging in and trying to run command(s) and exits - but doesn't enter enable mode and therefore can't run commands like "more system:running-config" that is working fine manually logging in to enable mode:
-bash-3.2$ /usr/libexec/rancid/clogin -f ~/.cloginrc_cisco -c "more system:running-config" HOST
HOST
spawn ssh -c 3des -x -l admin HOST
USR@HOST's password:
Type help or '?' for a list of available commands.
HOST>
HOST> terminal length 0
^
ERROR: % Invalid input detected at '^' marker.
HOST> more system:running-config
^
ERROR: % Invalid input detected at '^' marker.
HOST>exit
Logoff
Connection to HOST closed.
Thanks in advance :-) !
~maymann
Daniel+DenyIPAnyAny: Thanks for your quick reply :) !
1. I'm running rancid 2.3.6... don't have any wlogin anywhere... can't see any in 2.3.8 either - how do I get wlogin ?
I'm doing this because I have some equipment that rancid doesn't support, that I also need backed-up (and don't know expect that well). So just created a little wrapper around Rancid to perfect things for me.
2. How do you backup your ASA's ?
nothing is wrong with my .clogin:
---
add method * ssh
#add method * telnet
add user * USR
add password * {PWD} {enable_PWD}
add autoenable * {1}
---
works fine, logging in and trying to run command(s) and exits - but doesn't enter enable mode and therefore can't run commands like "more system:running-config" that is working fine manually logging in to enable mode:
-bash-3.2$ /usr/libexec/rancid/clogin -f ~/.cloginrc_cisco -c "more system:running-config" HOST
HOST
spawn ssh -c 3des -x -l admin HOST
USR@HOST's password:
Type help or '?' for a list of available commands.
HOST>
HOST> terminal length 0
^
ERROR: % Invalid input detected at '^' marker.
HOST> more system:running-config
^
ERROR: % Invalid input detected at '^' marker.
HOST>exit
Logoff
Connection to HOST closed.
Thanks in advance :-) !
~maymann
2012/3/9 Deny IP Any Any <denyip...@gmail.com>
I backup several Cisco ASAs without issue; with your symptoms, usually
the problem is with your .clogin file (specifically either the
autologin option)
2012/3/8 Michael Maymann <mic...@maymann.org>:
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-...@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
--
deny ip any any (4393649193 matches)
Marito ...
Mar 9, 2012, 6:50:43 AM3/9/12
to mic...@maymann.org, rancid-...@shrubbery.net
Hi Michael,
You should set up autoenable to 0. As per Rancid .clogin help:
".B add autoenable <router name glob> {[01]}
When using locally defined usernames or AAA, it is possible to have a login which is automatically enabled. This is, that user has enable privileges without the need to execute the enable command. The router's prompt is different for enabled mode, ending with a # rather than a >.
Example: add autoenable * {1}
Default: 0
zero, meaning that the user is not automatically enabled and should execute the enable command to gain enable privileges, unless negated by the noenable directive or \-noenable command\-line option.
"
Regards.
From: mic...@maymann.org
Date: Fri, 9 Mar 2012 12:23:24 +0100
To: rancid-...@shrubbery.net
Subject: Re: [rancid] Cisco ASA+WLC script
You should set up autoenable to 0. As per Rancid .clogin help:
".B add autoenable <router name glob> {[01]}
When using locally defined usernames or AAA, it is possible to have a login which is automatically enabled. This is, that user has enable privileges without the need to execute the enable command. The router's prompt is different for enabled mode, ending with a # rather than a >.
Example: add autoenable * {1}
Default: 0
zero, meaning that the user is not automatically enabled and should execute the enable command to gain enable privileges, unless negated by the noenable directive or \-noenable command\-line option.
"
Regards.
From: mic...@maymann.org
Date: Fri, 9 Mar 2012 12:23:24 +0100
To: rancid-...@shrubbery.net
Subject: Re: [rancid] Cisco ASA+WLC script
Michael Maymann
Mar 9, 2012, 7:18:14 AM3/9/12
to rancid-...@shrubbery.net
Hi,
Marito: thanks, that did it for the ASA's :) !
now I have the following on my WLC's:
---
-bash-3.2$ /usr/libexec/rancid/clogin -f ~/.cloginrc_cisco -c "sh ver" HOST
HOST
spawn ssh -c 3des -x -l USR HOST
(Cisco Controller)
User: USR
Password:************
(Cisco Controller) >enable
Incorrect usage. Use the '?' or <TAB> key to list commands.
(Cisco Controller) >
Error: Check your Enable passwd
---
These are the non-enable-commands that I can run on the WLC:
---
(Cisco Controller) >?
clear Clear selected configuration elements.
config Configure switch options and settings.
debug Manages system debug options.
help Help
license Manage Software License
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP address.
mping Send Mobility echo packets to a specified mobility peer IP address.
eping Send Ethernet-over-IP echo packets to a specified mobility peer IP address.
reset Reset options.
save Save switch configurations.
show Display switch options and settings.
test Test trigger commands
transfer Transfer a file to or from the switch.
---
How can I get this to work as it seems that "enable" command is called "config" ?
Should I create a new .cloginrc_wlc for this and what would it look like ?
Thanks in advance :) !
~maymann
Marito: thanks, that did it for the ASA's :) !
now I have the following on my WLC's:
---
-bash-3.2$ /usr/libexec/rancid/clogin -f ~/.cloginrc_cisco -c "sh ver" HOST
HOST
spawn ssh -c 3des -x -l USR HOST
(Cisco Controller)
User: USR
Password:************
(Cisco Controller) >enable
Incorrect usage. Use the '?' or <TAB> key to list commands.
(Cisco Controller) >
Error: Check your Enable passwd
---
These are the non-enable-commands that I can run on the WLC:
---
(Cisco Controller) >?
clear Clear selected configuration elements.
config Configure switch options and settings.
debug Manages system debug options.
help Help
license Manage Software License
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP address.
mping Send Mobility echo packets to a specified mobility peer IP address.
eping Send Ethernet-over-IP echo packets to a specified mobility peer IP address.
reset Reset options.
save Save switch configurations.
show Display switch options and settings.
test Test trigger commands
transfer Transfer a file to or from the switch.
---
How can I get this to work as it seems that "enable" command is called "config" ?
Should I create a new .cloginrc_wlc for this and what would it look like ?
Thanks in advance :) !
~maymann
2012/3/9 Marito ... <me_go...@hotmail.com>
Ryan West
Mar 9, 2012, 7:45:08 AM3/9/12
to Michael Maymann, rancid-...@shrubbery.net
Do a search in the archive and you'll find the wlc script. What version are you running?
Sent from handheld
Sent from handheld
Michael Maymann
Mar 9, 2012, 8:20:23 AM3/9/12
to Ryan West, rancid-...@shrubbery.net
Hi,
Ryan: thanks for your reply.
I'm running...
Rancid: 2.3.6
WLC: 6.0.202.0
found a wlogin here:
http://www.gossamer-threads.com/lists/rancid/users/4674
but I can't get it to work:
-bash-3.2$ /usr/libexec/rancid/wlogin -f ~/.cloginrc_cisco -c "sh cpu" HOST
": no such file or directory
-bash-3.2$ /usr/libexec/rancid/wlogin -c "sh cpu" HOST
": no such file or directory
Is this the one you are talking about - or is there a newer one somewhere ?
Thanks in advance :-) !
~maymann
Ryan: thanks for your reply.
I'm running...
Rancid: 2.3.6
WLC: 6.0.202.0
found a wlogin here:
http://www.gossamer-threads.com/lists/rancid/users/4674
but I can't get it to work:
-bash-3.2$ /usr/libexec/rancid/wlogin -f ~/.cloginrc_cisco -c "sh cpu" HOST
": no such file or directory
-bash-3.2$ /usr/libexec/rancid/wlogin -c "sh cpu" HOST
": no such file or directory
Is this the one you are talking about - or is there a newer one somewhere ?
Thanks in advance :-) !
~maymann
2012/3/9 Ryan West <rw...@zyedge.com>
Ryan West
Mar 9, 2012, 8:29:35 AM3/9/12
to Michael Maymann, rancid-...@shrubbery.net
Yes, that's it. I assume you set up rancid-fe and tried rancid-run -r devicename as well?
Sent from handheld
Sent from handheld
Michael Maymann
Mar 9, 2012, 8:38:02 AM3/9/12
to Ryan West, rancid-...@shrubbery.net
Hi,
Ryan: ok.
No, I didn't - do I have to :) ?. Shouldn't I just be able to:
/usr/libexec/rancid/wlogin -f ~/.cloginrc_cisco -c "sh cpu" HOST
?
Thanks in advance :-)!
Ryan: ok.
No, I didn't - do I have to :) ?. Shouldn't I just be able to:
/usr/libexec/rancid/wlogin -f ~/.cloginrc_cisco -c "sh cpu" HOST
Thanks in advance :-)!
Ryan West
Mar 9, 2012, 8:50:35 AM3/9/12
to Michael Maymann, rancid-...@shrubbery.net
Try wlogin5
Sent from handheld
Sent from handheld
Michael Maymann
Mar 9, 2012, 9:12:19 AM3/9/12
to Ryan West, rancid-...@shrubbery.net
Hi,
how do i try wlogin5 ?
how do i try wlogin5 ?
Ryan West
Mar 9, 2012, 9:17:20 AM3/9/12
to Michael Maymann, rancid-...@shrubbery.net
Michael,
/usr/libexec/rancid/wlogin -f ~/.cloginrc_cisco -c ‘sh cpu’ HOST
This works for me. I was referring to ciscowlc5, my fault there.
-ryan
Michael Maymann
Mar 9, 2012, 9:25:48 AM3/9/12
to Ryan West, rancid-...@shrubbery.net
Hi,
ok - no worries...
Can you share your /usr/libexec/rancid/wlogin ?
Thanks in advance :) !
~maymann
ok - no worries...
Can you share your /usr/libexec/rancid/wlogin ?
Thanks in advance :) !
~maymann
2012/3/9 Ryan West <rw...@zyedge.com>
Reply all
Reply to author
Forward
0 new messages