Home Linux Support for Cisco Small Business in RANCID

Support for Cisco Small Business in RANCID

Posted on by Morten Nielsen No Comments ↓

I’ve installed RANCID and actually thought it would support my Small Business switches from Cisco, the SG300 as they do have Ios like ssh login, but it didn’t.

After searching Google, I found a nice project and am going to use it in my Rancid installation – as it turns out it was for an older version of Rancid, and Later found an updated version. I’ve linked to both as sources in the buttom of this post.

Downloading the new files.

First we need the new files, and based on our earlier RANCID installation we put them into: /usr/local/rancid/bin by issuing the following commands:

wget 'http://www.itnotes.eu/mdnwp-content/uploads/2013/06/csbrancid.txt' && cp csbrancid.txt /usr/local/rancid/bin/csbrancid
wget 'http://www.itnotes.eu/mdnwp-content/uploads/2013/06/csblogin.txt' && cp csbrancid.txt /usr/local/rancid/bin/csblogin

Make the two files execuateable and set permissions to rancid:netadm.

chown -R rancid:netadm /usr/local/rancid/
chmod +x csblogin && chmod +x csbrancid

 Installation – edit the rancid-fe

We need to edit the rancid-fe file, where we insert a new item in the %vendortable dictionary. It’s basically a list of aliases definitions. You can’t miss it when you scroll down a bit.

root@ubuntu:/usr/local/rancid/bin# nano rancid-fe
'cisco-sb'        => 'csbrancid',

Usage

Add one of the now-supported switches to your setup. I’m going to add a SG300 switch, which is the second line shown below.
Notice the cisco-sb definition.

rancid@ubuntu:/usr/local/rancid# nano var/networking/router.db
sg300-10p.domain.local:cisco-sb:up

Now we need to modify our .clogin file to support these new devices.

rancid@ubuntu:/usr/local/rancid# nano .cloginrc

I’m adding the following to my .clogin. All my switches are named sg-something, which is shown as sg*. I could stop at that, but in order to support multiple domains, I write out the domain name as well.
Notice the {} around username, which are not used for our ASA firewall.

edit: I couldn’t get it to Work consistently with ssh (yet), so ended up using telnet. It’s not perfect, but I’m in a LAB, so have to do for now. That is why I’ve added telnet to the method used.

# Switches asks for a username and password. 
add method sg*.domain.local          ssh telnet
add user sg*.domain local                {username}
add password sg*.domain.local       {password}
add autoenable sg*.domain.local      1
add userprompt sg*.domain.local   {"User Name:"}

Lets test it:

Notice I do it as user rancid while standing in: /usr/local/rancid dir.

rancid@ubuntu:~$ bin/csblogin sg300-10p.domain.local
sg300-10p.domain.local
spawn ssh -c 3des -x -l username sg300-10p.domain.local
username@nullsg300-10p.domain.local password:
SG300-10P# 
SG300-10P#exit

After a second I get the following mail:

Routers changed to up:
sg300-10p.domain.local:cisco-sb
Added routers:
sg300-10p.domain.local:cisco-sb

And then

Index: router.db
===================================================================
retrieving revision 1.14
diff -u -4 -r1.14 router.db
@@ -1,2 +1,2 @@
asa5505.domain.local:cisco:up
+ sg300-10p.domain.local:cisco-sb:up

And finally:
sg300

The rest of this post is hunting Down the errors I had to figure out, in order for the above to happen.

After router.db but before the readout:

… nothing, hmm, start to view logs

rancid@ubuntu:~$ less var/logs/networking.20130629.104103
Trying to get all of the configs.
exec failed router manufacturer cisco-sb: Permission denied

Aha, turns out it is a filepermission error in /usr/local/rancid/bin#

-rwxr-xr-x 1 rancid netadm 14210 Jun 26 12:06 control_rancid
-rw-r--r-- 1 root   root   86159 Jun 29 09:53 csblogin
-rw-r--r-- 1 root   root   70164 Jun 29 09:53 csbrancid
-rwxr-xr-x 1 rancid netadm 23192 Jun 26 12:06 cssrancid
chown -R rancid:netadm /usr/local/rancid/
chmod +x csblogin && chmod +x csbrancid
-rwxr-xr-x 1 rancid netadm 14210 Jun 26 12:06 control_rancid
-rwxr-xr-x 1 rancid netadm 16289 Jun 29 12:20 csblogin
-rwxr-xr-x 1 rancid netadm 12277 Jun 29 12:09 csbrancid
-rwxr-xr-x 1 rancid netadm 23192 Jun 26 12:06 cssrancid

 If it fails for no particular resons: Check your log files.

hourly config diffs failed: /tmp/.networking.run.lock exists
-rw-r----- 1 rancid netadm 0 Jun 30 13:55 /tmp/.networking.run.Lock

If this shows, you need to delete the file in the /tmp/ dir.

rancid@ubuntu:~$ sudo rm -f /tmp/.networking.run.lock

Final issue I had:

It just doesn’t work consistently with ssh, so ended up using telnet for now. Try this if you can’t get it to work otherwise.

 

Sources:

Original Cisco Small Business Project Source: Support for Cisco Small Business in RANCID

Updated files Source: http://www.gossamer-threads.com/lists/rancid/users/6910

 

Files

csblogin csbrancid

Posted in Linux, Rancid
0 comments on “Support for Cisco Small Business in RANCID
1 Pings/Trackbacks for "Support for Cisco Small Business in RANCID"
  1. Installing and configuring Rancid | IT-Notes says:
    July 3, 2013 at 08:28

    […] I have later made a post about how to add Support for Cisco Small Business in RANCID. […]

Leave a Reply