From owner-rancid-discuss@shrubbery.net Thu Apr 4 10:56:01 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34Au1p23530 for ; Thu, 4 Apr 2002 10:56:01 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g34Am4808429 for rancid-discuss-outgoing; Thu, 4 Apr 2002 10:48:04 GMT Received: from phase.skylab.nyc.analogue.net (w186.z064000057.nyc-ny.dsl.cnc.net [64.0.57.186]) by guelah.shrubbery.net (8.11.6/8.11.1) with SMTP id g34Am0s08421 for ; Thu, 4 Apr 2002 10:48:01 GMT Received: (qmail 2887 invoked by uid 501); 4 Apr 2002 10:47:52 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Apr 2002 10:47:52 -0000 Date: Thu, 4 Apr 2002 05:47:52 -0500 (EST) From: jeffrey arnold X-X-Sender: To: Subject: Rancid & PIX. Message-ID: X-extra-phat-email-headers: yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net From owner-rancid-discuss@shrubbery.net Thu Apr 4 13:52:48 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34Dqmp28270 for ; Thu, 4 Apr 2002 13:52:48 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g34DlhZ01419 for rancid-discuss-outgoing; Thu, 4 Apr 2002 13:47:43 GMT Received: from mxgate02.reliant.com (mxgate02.RELIANT.COM [208.205.136.170]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34Dles01411 for ; Thu, 4 Apr 2002 13:47:40 GMT Received: from rriexcon01.services.reinternal.com ([10.48.101.77]) by mxgate02.reliant.com (8.11.4/8.11.4) with ESMTP id g34DlX025566; Thu, 4 Apr 2002 07:47:33 -0600 (CST) Received: from rriexmb02.services.reinternal.com ([10.48.101.89]) by rriexcon01.services.reinternal.com with Microsoft SMTPSVC(5.0.2195.3779); Thu, 4 Apr 2002 07:47:19 -0600 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Subject: RE: Rancid & PIX. Date: Thu, 4 Apr 2002 07:47:28 -0600 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rancid & PIX. Thread-Index: AcHbx2mBWeHp9EHOS8Cwt76h6jTPqwAF3rTA From: "Zhang, Anchi" To: "jeffrey arnold" , X-OriginalArrivalTime: 04 Apr 2002 13:47:19.0891 (UTC) FILETIME=[3D7D8230:01C1DBDF] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id g34Dles01413 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk It has worked for me without any change to the program but I have never tried it using telnet and/or without AAA. log2% rancid eo-pit-pix1 log2% clogin eo-pit-pix1 eo-pit-pix1 spawn ssh -c 3des -x -l azhang eo-pit-pix1 azhang@eo-pit-pix1's password: Type help or '?' for a list of available commands. eo-pit-pix1> eo-pit-pix1> enable Password: ********** eo-pit-pix1# -----Original Message----- From: jeffrey arnold [mailto:jba@analogue.net] Sent: Thursday, April 04, 2002 4:48 AM To: rancid-discuss@shrubbery.net Subject: Rancid & PIX. first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net From owner-rancid-discuss@shrubbery.net Thu Apr 4 15:13:18 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34FDHp00537 for ; Thu, 4 Apr 2002 15:13:17 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g34F8Gr11438 for rancid-discuss-outgoing; Thu, 4 Apr 2002 15:08:16 GMT Received: from mailgw1.ibeam.com (mailgw1.ibeam.com [216.106.164.8]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34F89s11423 for ; Thu, 4 Apr 2002 15:08:13 GMT Received: from plains.ibeam.com (localhost [127.0.0.1]) by mailgw1.ibeam.com (8.11.3/8.11.3) with ESMTP id g34F8Oa27463; Thu, 4 Apr 2002 09:08:24 -0600 (CST) Received: by plains.ibeam.com with Internet Mail Service (5.5.2653.19) id ; Thu, 4 Apr 2002 09:01:25 -0600 Message-ID: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT> From: John Coke To: "'jeffrey arnold'" , rancid-discuss@shrubbery.net Subject: RE: Rancid & PIX. Date: Thu, 4 Apr 2002 09:15:57 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DBEB.9ED60C30" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DBEB.9ED60C30 Content-Type: text/plain; charset="iso-8859-1" Works like a champ. If you take a look at crancid, there is code to recognize the PIX and to "ask" it different things than it asks say a Cat5. -John -----Original Message----- From: jeffrey arnold [mailto:jba@analogue.net] Sent: Thursday, April 04, 2002 4:48 AM To: rancid-discuss@shrubbery.net Subject: Rancid & PIX. first off, thanks to all who have contributed to such a great tool. I'm interested in hearing if anyone has gotten rancid working with a cisco PIX. A cursory glance at clogin makes me believe that some initial framework is there, but full PIX support is not ready. Is this a fair evaluation? Any info will be much appreciated. cheers, -jba -- [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net ------_=_NextPart_001_01C1DBEB.9ED60C30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Rancid & PIX.

Works like a champ.  If you take a look at = crancid, there is code to recognize the PIX and to "ask" it = different things than it asks say a Cat5.

-John

-----Original Message-----
From: jeffrey arnold [mailto:jba@analogue.net]
Sent: Thursday, April 04, 2002 4:48 AM
To: rancid-discuss@shrubbery.net
Subject: Rancid & PIX.



first off, thanks to all who have contributed to such = a great tool.

I'm interested in hearing if anyone has gotten rancid = working with a cisco
PIX. A cursory glance at clogin makes me believe = that some initial
framework is there, but full PIX support is not = ready. Is this a fair
evaluation?

Any info will be much appreciated.

cheers,
-jba
--
 [jba@analogue.net] :: analogue.networks.nyc :: = http://analogue.net

------_=_NextPart_001_01C1DBEB.9ED60C30-- From owner-rancid-discuss@shrubbery.net Thu Apr 4 19:56:56 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g34Jutp09845 for ; Thu, 4 Apr 2002 19:56:55 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g34JpZU17309 for rancid-discuss-outgoing; Thu, 4 Apr 2002 19:51:35 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g34JpSt17292; Thu, 4 Apr 2002 19:51:28 GMT Date: Thu, 4 Apr 2002 11:51:27 -0800 From: john heasley To: John Coke Cc: "'jeffrey arnold'" , rancid-discuss@shrubbery.net Subject: Re: Rancid & PIX. Message-ID: <20020404115127.D20220@shrubbery.net> References: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <13CFD9ED17AAD411982B00D0B76DFB8A01370AE4@WHEAT>; from jcoke@ibeam.com on Thu, Apr 04, 2002 at 09:15:57AM -0600 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Apr 04, 2002 at 09:15:57AM -0600, John Coke: > Works like a champ. If you take a look at crancid, there is code to > recognize the PIX and to "ask" it different things than it asks say a Cat5. > > -John to be pedantic, the script that currently handles the PIX is bin/rancid, same one as for a cisco router. so, in router.db, it would be of type 'cisco' (router.db(5)). anyway, it may not be as complete as it could be for a pix, as i don't have one to poke. if anyone happens to notice things that should be added, please drop us a note. thanks. cheers. > -----Original Message----- > From: jeffrey arnold [mailto:jba@analogue.net] > Sent: Thursday, April 04, 2002 4:48 AM > To: rancid-discuss@shrubbery.net > Subject: Rancid & PIX. > > > > first off, thanks to all who have contributed to such a great tool. > > I'm interested in hearing if anyone has gotten rancid working with a cisco > PIX. A cursory glance at clogin makes me believe that some initial > framework is there, but full PIX support is not ready. Is this a fair > evaluation? > > Any info will be much appreciated. > > cheers, > -jba > -- > [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net > From owner-rancid-discuss@shrubbery.net Fri Apr 5 06:26:09 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g356Q9p01233 for ; Fri, 5 Apr 2002 06:26:09 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g356Kkc07058 for rancid-discuss-outgoing; Fri, 5 Apr 2002 06:20:47 GMT Received: from alhmailsrv.alhsys (mail.alhsys.com [194.69.248.4]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g356Khs07050 for ; Fri, 5 Apr 2002 06:20:43 GMT Received: by ALHMAILSRV with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 08:25:58 +0200 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV> From: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= To: rancid-discuss@shrubbery.net Subject: rancid & Procurve 2524 Date: Fri, 5 Apr 2002 08:25:56 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DC6A.BE9D2BA0" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DC6A.BE9D2BA0 Content-Type: text/plain; charset="iso-8859-1" Hello to all, I'm working the marvellous rancid tool since two weeks ago. I have registered all the cisco routers, but know I have problems to collect the cinfiguration of HP Procurve 2524 switches. I use the following definitions in routers.db and .cloginrc: ========= routers.db ========= ... 192.168.1.78:hp:up ... ========= .cloginrc ========= add autoenable 192.168.1.78 1 add password 192.168.1.78 telnetpasswd enablepasswd The switch is autoeabled, i.e. when I telnet by hand and press 'intro' I have the '#' prompt, and I can run commands as 'show config'. But rancid tells that can't contact the device. If I debug the connection following the FAQ guidelines I see that rancid makes me to specify the line with the password although it don't use them. the execution of .hlogi or .clogin shows me the connection to the switch like telnet, but it blocks, perhaps rancid is waiting for some characters from switch, and the switch is waiting for characters from rancid. Hos anybody practical experience with HP Procurve switches like 2524? Best Regards. ------_=_NextPart_001_01C1DC6A.BE9D2BA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable rancid & Procurve 2524

Hello to all,

I'm working the marvellous rancid tool = since two weeks ago.
I have registered all the cisco = routers, but know I have problems to collect the cinfiguration of HP = Procurve 2524 switches.

I use the following definitions in = routers.db and .cloginrc:

=3D=3D=3D=3D=3D=3D=3D=3D=3D
routers.db
=3D=3D=3D=3D=3D=3D=3D=3D=3D
...
192.168.1.78:hp:up
...

=3D=3D=3D=3D=3D=3D=3D=3D=3D
.cloginrc
=3D=3D=3D=3D=3D=3D=3D=3D=3D
add autoenable 192.168.1.78 1
add password 192.168.1.78 = telnetpasswd enablepasswd


The switch is autoeabled, i.e. when I = telnet by hand and press 'intro' I have the '#' prompt, and I can run = commands as 'show config'.  But rancid tells that can't contact = the device.

If I debug the connection following = the FAQ guidelines I see that rancid makes me to specify the line with = the password although it don't use them. the execution of .hlogi or = .clogin shows me the connection to the switch like telnet, but it = blocks, perhaps rancid is waiting for some characters from switch, and = the switch is waiting for characters from rancid.


Hos anybody practical experience with = HP Procurve switches like 2524?

Best Regards.

------_=_NextPart_001_01C1DC6A.BE9D2BA0-- From owner-rancid-discuss@shrubbery.net Fri Apr 5 06:38:14 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g356cEp02499 for ; Fri, 5 Apr 2002 06:38:14 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g356Wte08574 for rancid-discuss-outgoing; Fri, 5 Apr 2002 06:32:55 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g356Wqr08567 for rancid-discuss@shrubbery.net; Fri, 5 Apr 2002 06:32:52 GMT Received: from ukedimail02.edin.uk.sykes.com (ukedimail02.edin.uk.sykes.com [194.72.106.208]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g356SPs07983 for ; Fri, 5 Apr 2002 06:28:26 GMT Received: by UKEDIMAIL02 with Internet Mail Service (5.5.2655.55) id ; Fri, 5 Apr 2002 07:26:51 +0100 Message-ID: <59CFF4F7B037D411804800508B6D22B2495D68@UKEDIMAIL02> From: Johan Grip To: rancid-discuss@shrubbery.net Subject: Patch for modem autodiscovery Date: Fri, 5 Apr 2002 07:26:45 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi all. Just dropping a patch for those of us having modem autoconfigure discovery configured on async lines. This causes the config to change the baudrate on the lines when the cisco attempts to locate a modem there, casuing lots and lots of unneeded commits. Bugs: It will also remove the speed setting from FastEthernet interface, which is not a concern for me, but might be for you. Anyway, here goes: --- rancid.in Tue Mar 19 07:38:47 2002 +++ rancid Fri Apr 5 07:14:56 2002 @@ -888,6 +888,8 @@ /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces + /^ speed / && next; # kill speed on async lines + /^ [rt]xspeed / && next; # kill even more async speeds if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); next; Kind regards, Johan Grip From owner-rancid-discuss@shrubbery.net Fri Apr 5 08:12:12 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g358CBp04427 for ; Fri, 5 Apr 2002 08:12:11 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3586kQ20657 for rancid-discuss-outgoing; Fri, 5 Apr 2002 08:06:46 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3586er20642; Fri, 5 Apr 2002 08:06:40 GMT Date: Fri, 5 Apr 2002 00:06:39 -0800 From: john heasley To: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= Cc: rancid-discuss@shrubbery.net Subject: Re: rancid & Procurve 2524 Message-ID: <20020405000639.I17115@shrubbery.net> References: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <1D23DFB85346D3118CA400A0C9E9872201985A06@ALHMAILSRV>; from jmartine@alhsys.com on Fri, Apr 05, 2002 at 08:25:56AM +0200 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, Apr 05, 2002 at 08:25:56AM +0200, Juan José Muñoz Martinez: > > Hello to all, > > I'm working the marvellous rancid tool since two weeks ago. > I have registered all the cisco routers, but know I have problems to collect > the cinfiguration of HP Procurve 2524 switches. > I use the following definitions in routers.db and .cloginrc: > > ========= > routers.db > ========= > ... > 192.168.1.78:hp:up > ... > > ========= > .cloginrc > ========= > add autoenable 192.168.1.78 1 > add password 192.168.1.78 telnetpasswd enablepasswd > > > The switch is autoeabled, i.e. when I telnet by hand and press 'intro' I > have the '#' prompt, and I can run commands as 'show config'. But rancid > tells that can't contact the device. > If I debug the connection following the FAQ guidelines I see that rancid > makes me to specify the line with the password although it don't use them. > the execution of .hlogi or .clogin shows me the connection to the switch > like telnet, but it blocks, perhaps rancid is waiting for some characters > from switch, and the switch is waiting for characters from rancid. "press I" leads me to believe that you're getting the silly menu system or they've added something terribly silly to the login procedure. rancid must have the command-line interface. eg: % ./hlogin 192.168.0.2 192.168.0.2 spawn hpfilter telnet 192.168.0.2 Trying 192.168.0.2... Connected to 192.168.0.2. Escape character is '^]'. HP J4813A ProCurve Switch 2524 Firmware revision F.02.13 Copyright (C) 1991-1998 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Connecting to Tacacs server 192.168.0.1 User Access Verification Username: user Password: HP ProCurve Switch 2524> enable Password: HP ProCurve Switch 2524# > > Hos anybody practical experience with HP Procurve switches like 2524? > > Best Regards. From owner-rancid-discuss@shrubbery.net Fri Apr 5 11:54:50 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g35Bsop12411 for ; Fri, 5 Apr 2002 11:54:50 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g35Bm3101047 for rancid-discuss-outgoing; Fri, 5 Apr 2002 11:48:03 GMT Received: from alhmailsrv.alhsys (mail.alhsys.com [194.69.248.4]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g35Blws01042 for ; Fri, 5 Apr 2002 11:47:58 GMT Received: by ALHMAILSRV with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 13:53:13 +0200 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV> From: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= To: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= Cc: rancid-discuss@shrubbery.net Subject: RE: rancid & Procurve 2524 Date: Fri, 5 Apr 2002 13:53:07 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DC98.7354EDD0" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DC98.7354EDD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I've got it. I've configured login password with "password operator" command and = enable password with "password manager", and then with the line "add password 192.168.1.78 login-pass enable-pass" in .cloginrc rancid can collect = the configuration and status. -----Mensaje original----- De: john heasley [mailto:heas@shrubbery.net] Enviado el: viernes, 05 de abril de 2002 10:07 Para: Juan Jos=E9 Mu=F1oz Martinez CC: rancid-discuss@shrubbery.net Asunto: Re: rancid & Procurve 2524 Fri, Apr 05, 2002 at 08:25:56AM +0200, Juan Jos=E9 Mu=F1oz Martinez: >=20 > Hello to all, >=20 > I'm working the marvellous rancid tool since two weeks ago. > I have registered all the cisco routers, but know I have problems to collect > the cinfiguration of HP Procurve 2524 switches. > I use the following definitions in routers.db and .cloginrc: >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D > routers.db > =3D=3D=3D=3D=3D=3D=3D=3D=3D > ... > 192.168.1.78:hp:up > ... >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D > .cloginrc > =3D=3D=3D=3D=3D=3D=3D=3D=3D > add autoenable 192.168.1.78 1 > add password 192.168.1.78 telnetpasswd enablepasswd >=20 >=20 > The switch is autoeabled, i.e. when I telnet by hand and press = 'intro' I > have the '#' prompt, and I can run commands as 'show config'. But = rancid > tells that can't contact the device. > If I debug the connection following the FAQ guidelines I see that = rancid > makes me to specify the line with the password although it don't use = them. > the execution of .hlogi or .clogin shows me the connection to the = switch > like telnet, but it blocks, perhaps rancid is waiting for some = characters > from switch, and the switch is waiting for characters from rancid. "press I" leads me to believe that you're getting the silly menu system or they've added something terribly silly to the login procedure. = rancid must have the command-line interface. eg: % ./hlogin 192.168.0.2 192.168.0.2 spawn hpfilter telnet 192.168.0.2 Trying 192.168.0.2... Connected to 192.168.0.2. Escape character is '^]'. HP J4813A ProCurve Switch 2524 Firmware revision F.02.13 Copyright (C) 1991-1998 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical = Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Connecting to Tacacs server 192.168.0.1 User Access Verification Username: user Password:=20 HP ProCurve Switch 2524> enable Password:=20 HP ProCurve Switch 2524#=20 >=20 > Hos anybody practical experience with HP Procurve switches like 2524? >=20 > Best Regards. ------_=_NextPart_001_01C1DC98.7354EDD0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: rancid & Procurve 2524

I've got it.

I've configured login password with "password = operator" command and enable password with "password = manager", and then with the line "add password 192.168.1.78 = login-pass enable-pass" in .cloginrc rancid can collect the = configuration and status.


-----Mensaje original-----
De: john heasley [mailto:heas@shrubbery.net]=
Enviado el: viernes, 05 de abril de 2002 = 10:07
Para: Juan Jos=E9 Mu=F1oz Martinez
CC: rancid-discuss@shrubbery.net
Asunto: Re: rancid & Procurve 2524


Fri, Apr 05, 2002 at 08:25:56AM +0200, Juan Jos=E9 = Mu=F1oz Martinez:
>
> Hello to all,
>
> I'm working the marvellous rancid tool since = two weeks ago.
> I have registered all the cisco routers, but = know I have problems to collect
> the cinfiguration of HP Procurve 2524 = switches.
> I use the following definitions in routers.db = and .cloginrc:
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> routers.db
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> ...
> 192.168.1.78:hp:up
> ...
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> .cloginrc
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> add autoenable 192.168.1.78 1
> add password 192.168.1.78 telnetpasswd = enablepasswd
>
>
> The switch is autoeabled, i.e. when I telnet by = hand and press 'intro' I
> have the '#' prompt, and I can run commands as = 'show config'.  But rancid
> tells that can't contact the device.
> If I debug the connection following the FAQ = guidelines I see that rancid
> makes me to specify the line with the password = although it don't use them.
> the execution of .hlogi or .clogin shows me the = connection to the switch
> like telnet, but it blocks, perhaps rancid is = waiting for some characters
> from switch, and the switch is waiting for = characters from rancid.

"press I" leads me to believe that you're = getting the silly menu system
or they've added something terribly silly to the = login procedure.  rancid
must have the command-line interface.  = eg:

% ./hlogin 192.168.0.2
192.168.0.2
spawn hpfilter telnet 192.168.0.2
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
HP J4813A ProCurve Switch 2524
Firmware revision F.02.13

Copyright (C) 1991-1998 Hewlett-Packard Co.  All = Rights Reserved.

          &nb= sp;           &nb= sp;    RESTRICTED RIGHTS LEGEND

 Use, duplication, or disclosure by the = Government is subject to restrictions
 as set forth in subdivision (b) (3) (ii) of = the Rights in Technical Data and
 Computer Software clause at = 52.227-7013.

         = HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

Connecting to Tacacs server 192.168.0.1

User Access Verification

Username: user
Password:

HP ProCurve Switch 2524> enable
Password:
HP ProCurve Switch 2524#

>
> Hos anybody practical experience with HP = Procurve switches like 2524?
>
> Best Regards.

------_=_NextPart_001_01C1DC98.7354EDD0-- From owner-rancid-discuss@shrubbery.net Fri Apr 5 18:23:09 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g35IN8p22545 for ; Fri, 5 Apr 2002 18:23:08 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g35IGlA02721 for rancid-discuss-outgoing; Fri, 5 Apr 2002 18:16:47 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g35IGg202716; Fri, 5 Apr 2002 18:16:42 GMT Date: Fri, 5 Apr 2002 10:16:41 -0800 From: john heasley To: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= Cc: rancid-discuss@shrubbery.net Subject: Re: rancid & Procurve 2524 Message-ID: <20020405101641.E2452@shrubbery.net> References: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <1D23DFB85346D3118CA400A0C9E9872201985A0F@ALHMAILSRV>; from jmartine@alhsys.com on Fri, Apr 05, 2002 at 01:53:07PM +0200 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, Apr 05, 2002 at 01:53:07PM +0200, Juan José Muñoz Martinez: > I've got it. > > I've configured login password with "password operator" command and enable > password with "password manager", and then with the line "add password are those part of the configuration? what is their significance (so, i may make a note in the FAQ/manpage)? From owner-rancid-discuss@shrubbery.net Wed Apr 10 13:46:57 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3ADkvp02428 for ; Wed, 10 Apr 2002 13:46:57 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3ADZow17137 for rancid-discuss-outgoing; Wed, 10 Apr 2002 13:35:50 GMT Received: from alhmailsrv.alhsys (mail.alhsys.com [194.69.248.4]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3ADZiB17118; Wed, 10 Apr 2002 13:35:45 GMT Received: by ALHMAILSRV with Internet Mail Service (5.5.2653.19) id ; Wed, 10 Apr 2002 15:40:41 +0200 Message-ID: <1D23DFB85346D3118CA400A0C9E9872201985A4C@ALHMAILSRV> From: =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1oz_Martinez?= To: "'john heasley'" , =?iso-8859-1?Q?Juan_Jos=E9_Mu=F1?= =?iso-8859-1?Q?oz_Martinez?= Cc: rancid-discuss@shrubbery.net Subject: RE: rancid & Procurve 2524 Date: Wed, 10 Apr 2002 15:40:33 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E095.49FCD5A0" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E095.49FCD5A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, sorry for the delay. the teo commands are typed in CLI mode through telnet or console, but = you can set the password for operator and administrator through menu = options through (first typing 'menu' command). the configuration loks like a cisco device, if you are in menu mode you = must go to CLI mode, if you enter with telnet and the prompt is '>' you must = type enable and enter password if defined to get privileged prompt '#'. Then to start configuration you must enter comand 'config terminal', = now you get the configuration prompt (config)# and can enter configuration = commands. password operator =20 Here is the sequence of commands and inputs: HP ProCurve Switch 2524> en HP ProCurve Switch 2524# alhambra. Invalid input: alhambra. HP ProCurve Switch 2524# pass Invalid input: pass HP ProCurve Switch 2524# conf term HP ProCurve Switch 2524(config)# password operator New password: ******** Please retype new password: ********* Retyped password differs from initially typed password. HP ProCurve Switch 2524(config)# password manager New password: ********* Please retype new password: ********* HP ProCurve Switch 2524(config)# exit HP ProCurve Switch 2524# write mem HP ProCurve Switch 2524# exit HP ProCurve Switch 2524> exit Do you want to log out (Y/N)?Y For polling of the switch with rancid add the followin lines to = .cloginrc and router.db: .cloginrc =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ... add password 192.168.1.78 login-pass enable-pass ... router.db =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ... 192.168.1.78:hp:up ... I expect to learn more about procurve switches command line, I provide = you more information as I get it. Best Regards. > -----Mensaje original----- > De: john heasley [mailto:heas@shrubbery.net] > Enviado el: viernes, 05 de abril de 2002 20:17 > Para: Juan Jos=E9 Mu=F1oz Martinez > CC: rancid-discuss@shrubbery.net > Asunto: Re: rancid & Procurve 2524 >=20 >=20 > Fri, Apr 05, 2002 at 01:53:07PM +0200, Juan Jos=E9 Mu=F1oz Martinez: > > I've got it. > >=20 > > I've configured login password with "password operator"=20 > command and enable > > password with "password manager", and then with the line=20 > "add password >=20 > are those part of the configuration? what is their=20 > significance (so, i > may make a note in the FAQ/manpage)? >=20 >=20 ------_=_NextPart_001_01C1E095.49FCD5A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: rancid & Procurve 2524

Hello, sorry for the delay.

the teo commands are typed in CLI mode through telnet = or console, but you can set the password for operator and administrator = through menu options through (first typing 'menu' command).

the configuration loks like a cisco device, if you = are in menu mode you must go to CLI mode, if you enter with telnet and = the prompt is '>' you must type enable and enter password if defined = to get privileged prompt '#'.

Then to start configuration you must enter comand = 'config terminal', now you get the configuration prompt (config)# and = can enter configuration commands.

 password operator<CR>
 
Here is the sequence of commands and inputs:

HP ProCurve Switch 2524> en
HP ProCurve Switch 2524# alhambra.
Invalid input: alhambra.
HP ProCurve Switch 2524# pass
Invalid input: pass
HP ProCurve Switch 2524# conf term
HP ProCurve Switch 2524(config)# password = operator
New password: ********
Please retype new password: *********
Retyped password differs from initially typed = password.
HP ProCurve Switch 2524(config)# password = manager
New password: *********
Please retype new password: *********
HP ProCurve Switch 2524(config)# exit
HP ProCurve Switch 2524# write mem
HP ProCurve Switch 2524# exit
HP ProCurve Switch 2524> exit
Do you want to log out (Y/N)?Y


For polling of the switch with rancid add the = followin lines to .cloginrc and router.db:

.cloginrc
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
...
add password 192.168.1.78 login-pass = enable-pass
...

router.db
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
...
192.168.1.78:hp:up
...

I expect to learn more about procurve switches = command line, I provide you more information as I get it.

Best Regards.

> -----Mensaje original-----
> De: john heasley [mailto:heas@shrubbery.net]=
> Enviado el: viernes, 05 de abril de 2002 = 20:17
> Para: Juan Jos=E9 Mu=F1oz Martinez
> CC: rancid-discuss@shrubbery.net
> Asunto: Re: rancid & Procurve 2524
>
>
> Fri, Apr 05, 2002 at 01:53:07PM +0200, Juan = Jos=E9 Mu=F1oz Martinez:
> > I've got it.
> >
> > I've configured login password with = "password operator"
> command and enable
> > password with "password = manager", and then with the line
> "add password
>
> are those part of the configuration?  what = is their
> significance (so, i
> may make a note in the FAQ/manpage)?
>
>

------_=_NextPart_001_01C1E095.49FCD5A0-- From owner-rancid-discuss@shrubbery.net Tue Apr 30 20:07:07 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3UK77p01138 for ; Tue, 30 Apr 2002 20:07:07 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UJgAG22125 for rancid-discuss-outgoing; Tue, 30 Apr 2002 19:42:10 GMT Received: from mail01hq.activate.net (mail.activate.NET [209.221.170.130]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3UJg7b22121 for ; Tue, 30 Apr 2002 19:42:07 GMT Received: by mail.seattle.activate.net with Internet Mail Service (5.5.2653.19) id ; Tue, 30 Apr 2002 12:41:02 -0700 Received: from chub.int.loudeye.com (CHUB [10.200.4.54]) by tsexch01.int.loudeye.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id JFB4QPPJ; Tue, 30 Apr 2002 12:41:01 -0700 From: Fergus Roche To: rancid-discuss@shrubbery.net Subject: blogin Timeout Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 30 Apr 2002 12:42:01 -0700 Message-Id: <1020195721.3982.50.camel@chub.int.loudeye.com> Mime-Version: 1.0 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs and times out. I have had the same problem with 2.2b8 and 2.2 on 2 different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake (2.2.14-15) I have tried various combinations of entries in .cloginrc, but always with the same result. Any help would be much appreciated. $ bin/blogin bay-nr1 bay-nr1 spawn telnet bay-nr1 Trying 10.10.0.1... Connected to bay-nr1 Escape character is '^]'. ******************************** * Bay Networks,Inc. * * Copyright (c) 1996-1999 * * All Rights Reserved * * Accelar 1200 * * Software Release 2.0.5.7 * ******************************** Login: Error: TIMEOUT reached $ cat .cloginrc add user bay-nr1 readwrite add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, but that appears to have been included in the 2.2 release. $ cat router.db bay-nr1:baynet:up Thanks, Fergus Roche Loudeye Technologies From owner-rancid-discuss@shrubbery.net Tue Apr 30 21:47:13 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3ULlCp15110 for ; Tue, 30 Apr 2002 21:47:12 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3ULOHh22617 for rancid-discuss-outgoing; Tue, 30 Apr 2002 21:24:17 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3ULOFe22612 for rancid-discuss@shrubbery.net; Tue, 30 Apr 2002 21:24:15 GMT Received: from sjc-exs-04.corp.ebay.com (electron.corp.ebay.com [209.63.31.39]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3FGXpB13863 for ; Mon, 15 Apr 2002 16:33:55 GMT Received: by sjc-exs-04.corp.ebay.com with Internet Mail Service (5.5.2653.19) id <25H39NS4>; Mon, 15 Apr 2002 09:33:11 -0700 Message-ID: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com> From: "Pierotti, Phil" To: "'rancid-discuss@shrubbery.net'" Subject: RANCID and Cisco Catalyst Switches Date: Mon, 15 Apr 2002 09:33:04 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Cisco Catalyst Switches effectively modify the configuration every time a port changes link state - by tweaking the active "spantree portcost" and "spantree portvlancost". Does anyone know/have a hack/tweak to make RANCID ignore these "differences" in the configurations? On a switch with end-users connecting/disconnecting/rebooting (ie working normally) you'll see a change every single time RANCID runs. Thanks, Phil P ---------------------------------------------------------------------------- -- Phil.Pierotti@eBay.com ---------------------------------------------------------------------------- -- Phil Pierotti Ph: 408 376 5820 Senior Network Engineer Cell: 408 410 1818 eBay, Inc. From owner-rancid-discuss@shrubbery.net Tue Apr 30 22:35:30 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3UMZUp21860 for ; Tue, 30 Apr 2002 22:35:30 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMCcA22883 for rancid-discuss-outgoing; Tue, 30 Apr 2002 22:12:38 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMCYn22878; Tue, 30 Apr 2002 22:12:34 GMT Date: Tue, 30 Apr 2002 22:12:34 +0000 From: john heasley To: Fergus Roche Cc: rancid-discuss@shrubbery.net Subject: Re: blogin Timeout Message-ID: <20020430221234.J20617@shrubbery.net> References: <1020195721.3982.50.camel@chub.int.loudeye.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1020195721.3982.50.camel@chub.int.loudeye.com>; from fergus.roche@loudeye.com on Tue, Apr 30, 2002 at 12:42:01PM -0700 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche: > I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs > and times out. I have had the same problem with 2.2b8 and 2.2 on 2 > different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on > RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake > (2.2.14-15) > I have tried various combinations of entries in .cloginrc, but always > with the same result. Any help would be much appreciated. please try attached. set for rancid-2.2.1 maint rel RSN. > > > $ bin/blogin bay-nr1 > bay-nr1 > spawn telnet bay-nr1 > Trying 10.10.0.1... > Connected to bay-nr1 > Escape character is '^]'. > > ******************************** > * Bay Networks,Inc. * > * Copyright (c) 1996-1999 * > * All Rights Reserved * > * Accelar 1200 * > * Software Release 2.0.5.7 * > ******************************** > > Login: > Error: TIMEOUT reached > > > $ cat .cloginrc > add user bay-nr1 readwrite > add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, > but that appears to have been included in the 2.2 release. > > > $ cat router.db > bay-nr1:baynet:up > > > > Thanks, > Fergus Roche > Loudeye Technologies --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="blogin.in" #!@EXPECT_PATH@ -- ## ## ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # blogin - Bay Networks(Nortel) login # # Unlike the Cisco's, there is no enable function on the Bay's. # Instead there are seperate User and Manager accounts. A 'system' command # exists, which i am told does nothing. # # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set enable 0 # The default is that you login non-enabled (tacacs can have you login already enabled) set autoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 0 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "Error: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } set cmd_fd [open $cmd_file r] set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set enable 0 # Does tacacs automatically enable us? } -autoenable { set autoenable 1 set enable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script global u_prompt p_prompt e_prompt set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" exit 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { send_user "\nError: ssh failed: $reason\n" exit 1 } } elseif ![string compare $prog "rsh"] { if [ catch {spawn rsh -l $user $router} reason ] { send_user "\nError: rsh failed: $reason\n" exit 1 } } else { puts "\nError: unknown connection method: $prog" return 1 } incr progs -1 sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog)\n"; return 1 } } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "$u_prompt" { send "$user\r" expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 } -re "$p_prompt" { send "$userpswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } -re "$p_prompt" { if ![string compare $prog "ssh"] { send "$userpswd\r" } else { send "$passwd\r" } expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -re "$e_prompt" { send "$enapasswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } denied { send_user "\nError: Check your Enable passwd\n"; return 1} "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "more off\r" expect $prompt {} regsub -all "\[)(]" $prompt {\\&} reprompt # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "^\[^\n\r *]*$reprompt" {} -re "^\[^\n\r]*$reprompt." { exp_continue } -re "\[\n\r]" { exp_continue } } } } else { send "[subst -nocommands $command]\r" expect { -re "^\[^\n\r *]*$reprompt" {} -re "^\[^\n\r]*$reprompt." { exp_continue } -re "\[\n\r]" { exp_continue } } } send "logout\r" expect { "\n" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $autoenable { set prompt "#" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "#" } else { set autoenable 0 set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "Error - no password for $router in $password_file.\n" continue } if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "Error - no enable password for $router in $password_file.\n" continue } set passwd [lindex $pswd 0] set enapasswd [lindex $pswd 1] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [find user $router] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [find userpassword $router] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [find enauser $router] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet}} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { send "more off\r" expect $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 --IS0zKkzwUGydFO0o-- From owner-rancid-discuss@shrubbery.net Tue Apr 30 22:42:06 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3UMg6p22761 for ; Tue, 30 Apr 2002 22:42:06 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMIrk22952 for rancid-discuss-outgoing; Tue, 30 Apr 2002 22:18:53 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMInD22947; Tue, 30 Apr 2002 22:18:49 GMT Date: Tue, 30 Apr 2002 22:18:49 +0000 From: john heasley To: Fergus Roche Cc: rancid-discuss@shrubbery.net Subject: Re: blogin Timeout Message-ID: <20020430221849.K20617@shrubbery.net> References: <1020195721.3982.50.camel@chub.int.loudeye.com> <20020430221234.J20617@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020430221234.J20617@shrubbery.net>; from heas@shrubbery.net on Tue, Apr 30, 2002 at 10:12:34PM +0000 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Apr 30, 2002 at 10:12:34PM +0000, john heasley: > Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche: > > I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs > > and times out. I have had the same problem with 2.2b8 and 2.2 on 2 > > different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on > > RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake > > (2.2.14-15) > > I have tried various combinations of entries in .cloginrc, but always > > with the same result. Any help would be much appreciated. > > please try attached. set for rancid-2.2.1 maint rel RSN. actually, scratch that comment. you probably want this version; but, i think the problem is really the case of "Login". the user prompt its looking for is the regex "(Username|login|user name):". if you add to .cloginrc: add userprompt bay-nr1 {Login:} i think this will work. i'm interested to know if the case has changed or if we've made a mistake somewhere along the line and inadvertently changed the regex. > > > > > > $ bin/blogin bay-nr1 > > bay-nr1 > > spawn telnet bay-nr1 > > Trying 10.10.0.1... > > Connected to bay-nr1 > > Escape character is '^]'. > > > > ******************************** > > * Bay Networks,Inc. * > > * Copyright (c) 1996-1999 * > > * All Rights Reserved * > > * Accelar 1200 * > > * Software Release 2.0.5.7 * > > ******************************** > > > > Login: > > Error: TIMEOUT reached > > > > > > $ cat .cloginrc > > add user bay-nr1 readwrite > > add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01, > > but that appears to have been included in the 2.2 release. > > > > > > $ cat router.db > > bay-nr1:baynet:up > > > > > > > > Thanks, > > Fergus Roche > > Loudeye Technologies > #!@EXPECT_PATH@ -- > ## > ## > ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting. > ## All rights reserved. > ## > ## This software may be freely copied, modified and redistributed without > ## fee for non-commerical purposes provided that this copyright notice is > ## preserved intact on all copies and modified copies. > ## > ## There is no warranty or other guarantee of fitness of this software. > ## It is provided solely "as is". The author(s) disclaim(s) all > ## responsibility and liability with respect to this software's usage > ## or its effect upon hardware, computer systems, other software, or > ## anything else. > ## > ## > # > # blogin - Bay Networks(Nortel) login > # > # Unlike the Cisco's, there is no enable function on the Bay's. > # Instead there are seperate User and Manager accounts. A 'system' command > # exists, which i am told does nothing. > # > > # Usage line > set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ > \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ > \[-s script-file\] \[-t timeout\] \[-u username\] \ > \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ > \[-y ssh_cypher_type\] router \[router...\]\n" > > # env(CLOGIN) may contain: > # x == do not set xterm banner or name > > # Password file > set password_file $env(HOME)/.cloginrc > # Default is to login to the router > set do_command 0 > set do_script 0 > # The default is to automatically enable > set enable 0 > # The default is that you login non-enabled (tacacs can have you login already enabled) > set autoenable 0 > # The default is to look in the password file to find the passwords. This > # tracks if we receive them on the command line. > set do_passwd 1 > set do_enapasswd 0 > > # Find the user in the ENV, or use the unix userid. > if {[ info exists env(CISCO_USER) ] } { > set default_user $env(CISCO_USER) > } elseif {[ info exists env(USER) ]} { > set default_user $env(USER) > } else { > # This uses "id" which I think is portable. At least it has existed > # (without options) on all machines/OSes I've been on recently - > # unlike whoami or id -nu. > if [ catch {exec id} reason ] { > send_error "\nError: could not exec id: $reason\n" > exit 1 > } > regexp {\(([^)]*)} "$reason" junk default_user > } > > # Sometimes routers take awhile to answer (the default is 10 sec) > set timeout 45 > > # Process the command line > for {set i 0} {$i < $argc} {incr i} { > set arg [lindex $argv $i] > > switch -glob -- $arg { > # Username > -u* - > -U* { > if {! [ regexp .\[uU\](.+) $arg ignore user]} { > incr i > set username [ lindex $argv $i ] > } > # VTY Password > } -p* - > -P* { > if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { > incr i > set userpasswd [ lindex $argv $i ] > } > set do_passwd 0 > # VTY Password > } -v* - > -v* { > if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { > incr i > set passwd [ lindex $argv $i ] > } > set do_passwd 0 > # Enable Username > } -w* - > -W* { > if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { > incr i > set enausername [ lindex $argv $i ] > } > # Environment variable to pass to -s scripts > } -E* > { > if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { > set E$varname $varvalue > } else { > send_user "Error: invalid format for -E in $arg\n" > exit 1 > } > # Enable Password > } -e* > { > if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} { > incr i > set enapasswd [ lindex $argv $i ] > } > set do_enapasswd 0 > # Command to run. > } -c* - > -C* { > if {! [ regexp .\[cC\](.+) $arg ignore command]} { > incr i > set command [ lindex $argv $i ] > } > set do_command 1 > # Expect script to run. > } -s* - > -S* { > if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { > incr i > set sfile [ lindex $argv $i ] > } > if { ! [ file readable $sfile ] } { > send_user "\nError: Can't read $sfile\n" > exit 1 > } > set do_script 1 > # 'ssh -c' cypher type > } -y* - > -Y* { > if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { > incr i > set cypher [ lindex $argv $i ] > } > # alternate cloginrc file > } -f* - > -F* { > if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { > incr i > set password_file [ lindex $argv $i ] > } > # Timeout > } -t* - > -T* { > if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { > incr i > set timeout [ lindex $argv $i ] > } > # Command file > } -x* - > -X { > if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { > incr i > set cmd_file [ lindex $argv $i ] > } > set cmd_fd [open $cmd_file r] > set cmd_text [read $cmd_fd] > close $cmd_fd > set command [join [split $cmd_text \n] \;] > set do_command 1 > # Do we enable? > } -noenable { > set enable 0 > # Does tacacs automatically enable us? > } -autoenable { > set autoenable 1 > set enable 0 > } -* { > send_user "\nError: Unknown argument! $arg\n" > send_user $usage > exit 1 > } default { > break > } > } > } > # Process routers...no routers listed is an error. > if { $i == $argc } { > send_user "\nError: $usage" > } > > # Only be quiet if we are running a script (it can log its output > # on its own) > if { $do_script } { > log_user 0 > } else { > log_user 1 > } > > # > # Done configuration/variable setting. Now run with it... > # > > # Sets Xterm title if interactive...if its an xterm and the user cares > proc label { host } { > global env > # if CLOGIN has an 'x' in it, don't set the xterm name/banner > if [info exists env(CLOGIN)] { > if {[string first "x" $env(CLOGIN)] != -1} { return } > } > # take host from ENV(TERM) > if [info exists env(TERM)] { > if [regexp \^(xterm|vs) $env(TERM) ignore ] { > send_user "\033]1;[lindex [split $host "."] 0]\a" > send_user "\033]2;$host\a" > } > } > } > > # This is a helper function to make the password file easier to > # maintain. Using this the password file has the form: > # add password sl* pete cow > # add password at* steve > # add password * hanky-pie > proc add {var args} { global int_$var ; lappend int_$var $args} > proc include {args} { > global env > regsub -all "(^{|}$)" $args {} args > if { [ regexp "^/" $args ignore ] == 0 } { > set args $env(HOME)/$args > } > source_password_file $args > } > > proc find {var router} { > upvar int_$var list > if { [info exists list] } { > foreach line $list { > if { [string match [lindex $line 0] $router ] } { > return [lrange $line 1 end] > } > } > } > return {} > } > > # Loads the password file. Note that as this file is tcl, and that > # it is sourced, the user better know what to put in there, as it > # could install more than just password info... I will assume however, > # that a "bad guy" could just as easy put such code in the clogin > # script, so I will leave .cloginrc as just an extention of that script > proc source_password_file { password_file } { > global env > if { ! [file exists $password_file] } { > send_user "\nError: password file ($password_file) does not exist\n" > exit 1 > } > file stat $password_file fileinfo > if { [expr ($fileinfo(mode) & 007)] != 0000 } { > send_user "\nError: $password_file must not be world readable/writable\n" > exit 1 > } > if [ catch {source $password_file} reason ] { > send_user "\nError: $reason\n" > exit 1 > } > } > > # Log into the router. > proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { > global spawn_id in_proc do_command do_script > global u_prompt p_prompt e_prompt > set in_proc 1 > > # try each of the connection methods in $cmethod until one is successful > set progs [llength $cmethod] > foreach prog [lrange $cmethod 0 end] { > if [string match "telnet*" $prog] { > regexp {telnet(:([^[:space:]]+))*} $prog command suffix port > if {"$port" == ""} { > set retval [ catch {spawn telnet $router} reason ] > } else { > set retval [ catch {spawn telnet $router $port} reason ] > } > if { $retval } { > send_user "\nError: telnet failed: $reason\n" > exit 1 > } > } elseif ![string compare $prog "ssh"] { > if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { > send_user "\nError: ssh failed: $reason\n" > exit 1 > } > } elseif ![string compare $prog "rsh"] { > if [ catch {spawn rsh -l $user $router} reason ] { > send_user "\nError: rsh failed: $reason\n" > exit 1 > } > } else { > puts "\nError: unknown connection method: $prog" > return 1 > } > incr progs -1 > sleep 0.3 > > # This helps cleanup each expect clause. > expect_after { > timeout { > send_user "\nError: TIMEOUT reached\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } eof { > send_user "\nError: EOF received\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } > } > > # Here we get a little tricky. There are several possibilities: > # the router can ask for a username and passwd and then > # talk to the TACACS server to authenticate you, or if the > # TACACS server is not working, then it will use the enable > # passwd. Or, the router might not have TACACS turned on, > # then it will just send the passwd. > # if telnet fails with connection refused, try ssh > expect { > -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { > catch {close}; wait > if !$progs { > send_user "\nError: Connection Refused ($prog)\n"; return 1 > } > } eof { send_user "\nError: Couldn't login\n"; wait; return 1 > } -nocase "unknown host\r" { > catch {close}; > send_user "\nError: Unknown host\n"; wait; return 1 > } "Host is unreachable" { > catch {close}; > send_user "\nError: Host Unreachable!\n"; wait; return 1 > } "No address associated with name" { > catch {close}; > send_user "\nError: Unknown host\n"; wait; return 1 > } > -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { > send "yes\r" > send_user "\nHost $router added to the list of known hosts.\n" > exp_continue } > -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" > return 1 } > -re "Offending key for .* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" > return 1 } > -re "$u_prompt" { send "$user\r" > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > "Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 } > -re "$p_prompt" { send "$userpswd\r" } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > -re "$p_prompt" { > if ![string compare $prog "ssh"] { > send "$userpswd\r" > } else { > send "$passwd\r" > } > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -re "$e_prompt" { send "$enapasswd\r" } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > "$prompt" { break; } > denied { send_user "\nError: Check your passwd for $router\n" > catch {close}; wait; return 1 > } > "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } > } > } > set in_proc 0 > return 0 > } > > # Enable > proc do_enable { enauser enapasswd } { > global prompt in_proc > global u_prompt e_prompt > set in_proc 1 > > send "enable\r" > expect { > -re "$u_prompt" { send "$enauser\r"; exp_continue} > -re "$e_prompt" { send "$enapasswd\r"; exp_continue} > "#" { set prompt "#" } > "(enable)" { set prompt "> (enable) " } > denied { send_user "\nError: Check your Enable passwd\n"; return 1} > "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" > return 1 > } > } > # We set the prompt variable (above) so script files don't need > # to know what it is. > set in_proc 0 > return 0 > } > > # Run commands given on the command line. > proc run_commands { prompt command } { > global in_proc > set in_proc 1 > > send "more off\r" > > expect $prompt {} > > regsub -all "\[)(]" $prompt {\\&} reprompt > > # Is this a multi-command? > if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > > for {set i 0} {$i < $num_commands} { incr i} { > send "[subst -nocommands [lindex $commands $i]]\r" > expect { > -re "^\[^\n\r *]*$reprompt" {} > -re "^\[^\n\r]*$reprompt." { exp_continue } > -re "\[\n\r]" { exp_continue } > } > } > } else { > send "[subst -nocommands $command]\r" > expect { > -re "^\[^\n\r *]*$reprompt" {} > -re "^\[^\n\r]*$reprompt." { exp_continue } > -re "\[\n\r]" { exp_continue } > } > } > send "logout\r" > expect { > "\n" { exp_continue } > timeout { return 0 } > eof { return 0 } > } > set in_proc 0 > } > > # > # For each router... (this is main loop) > # > source_password_file $password_file > set in_proc 0 > foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoenable is off by default, if we have it defined, it > # was done on the command line. If it is not specifically set on the > # command line, check the password file. > if $autoenable { > set prompt "#" > } else { > set ae [find autoenable $router] > if { "$ae" == "1" } { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set autoenable 0 > set prompt ">" > } > } > > # look for noenable option in .cloginrc > if { [find noenable $router] != "" } { > set enable 0 > } > > # Figure out passwords > if { $do_passwd || $do_enapasswd } { > set pswd [find password $router] > if { [llength $pswd] == 0 } { > send_user "Error - no password for $router in $password_file.\n" > continue > } > if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { > send_user "Error - no enable password for $router in $password_file.\n" > continue > } > set passwd [lindex $pswd 0] > set enapasswd [lindex $pswd 1] > } > > # Figure out username > if {[info exists username]} { > # command line username > set ruser $username > } else { > set ruser [find user $router] > if { "$ruser" == "" } { set ruser $default_user } > } > > # Figure out username's password (if different from the vty password) > if {[info exists userpasswd]} { > # command line username > set userpswd $userpasswd > } else { > set userpswd [find userpassword $router] > if { "$userpswd" == "" } { set userpswd $passwd } > } > > # Figure out enable username > if {[info exists enausername]} { > # command line enausername > set enauser $enausername > } else { > set enauser [find enauser $router] > if { "$enauser" == "" } { set enauser $ruser } > } > > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } > set p_prompt [find passprompt $router] > if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } > set e_prompt [find enableprompt $router] > if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } > > # Figure out cypher type > if {[info exists cypher]} { > # command line cypher type > set cyphertype $cypher > } else { > set cyphertype [find cyphertype $router] > if { "$cyphertype" == "" } { set cyphertype "3des" } > } > > # Figure out connection method > set cmethod [find method $router] > if { "$cmethod" == "" } { set cmethod {{telnet}} } > > # Login to the router > if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { > continue > } > if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > close; wait > continue > } > } > } > > if { $do_command } { > if {[run_commands $prompt $command]} { > continue > } > } elseif { $do_script } { > send "more off\r" > expect $prompt {} > source $sfile > close > } else { > label $router > log_user 1 > interact > } > > # End of for each router > wait > sleep 0.3 > } > exit 0 From owner-rancid-discuss@shrubbery.net Tue Apr 30 22:48:26 2002 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id g3UMmQp23589 for ; Tue, 30 Apr 2002 22:48:26 GMT Received: (from majordom@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMPUV23003 for rancid-discuss-outgoing; Tue, 30 Apr 2002 22:25:30 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id g3UMPNB22998; Tue, 30 Apr 2002 22:25:23 GMT Date: Tue, 30 Apr 2002 22:25:23 +0000 From: john heasley To: "Pierotti, Phil" Cc: "'rancid-discuss@shrubbery.net'" Subject: Re: RANCID and Cisco Catalyst Switches Message-ID: <20020430222523.M20617@shrubbery.net> References: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <724B645DF3DD8446AAEABE26EBEE4F830159B266@sjc-exm-17.corp.ebay.com>; from phil.pierotti@ebay.com on Mon, Apr 15, 2002 at 09:33:04AM -0700 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Apr 15, 2002 at 09:33:04AM -0700, Pierotti, Phil: > Cisco Catalyst Switches effectively modify the configuration every time a > port changes link state - by tweaking the active "spantree portcost" and > "spantree portvlancost". this is considered (by me anyway) to extremely bad form. cisco should be forced to correct this _bug_. extreme does this crap as well. anyway, the reason we do no filter this is because in theory its an administrative knob. thus, if the config rancid saves is to be a candidate to recover a config.... > Does anyone know/have a hack/tweak to make RANCID ignore these "differences" > in the configurations? you could add a line like this around line 816 of cat5rancid within sub WriteTerm: /^spantree portcost: / && next; > On a switch with end-users connecting/disconnecting/rebooting (ie working > normally) you'll see a change every single time RANCID runs. > > Thanks, > Phil P > > ---------------------------------------------------------------------------- > -- > Phil.Pierotti@eBay.com > ---------------------------------------------------------------------------- > -- > Phil Pierotti Ph: 408 376 5820 > Senior Network Engineer Cell: 408 410 1818 > eBay, Inc.