Val:~$ whoami

I am Val Glinskiy, network engineer specializing in data center networks. TIME magazine selected me as Person of the Year in 2006.

Search This Blog

Thursday, March 29, 2007

RANCID and Netscreen firewall

I installed RANCID 2.3.1 and encountered a problem which, as far as I know, happens in previous versions of RANCID as well. It does not work with Juniper Netscreen firewalls. The error message is
Missing right curly or square bracket at
/usr/local/libexec/rancid//nrancid line 302, at end of line
syntax error at /usr/local/libexec/rancid//nrancid line 302, at EOF


Here is how I fixed it.

1.fix bin/nlogin

find following section and comment it out (it starts on line 488 in my case)
if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
close; wait
continue
}
}
}


after you are done it should look like this
#    if { $enable } {
#       if {[do_enable $enauser $enapasswd]} {
#           if { $do_command || $do_script } {
#               close; wait
#               continue
#           }
#       }
#    }


2. fix bin/nrancid
find section (around line 200)
"!set admin user $1 password  privilege $3\n"); 
next;
ProcessHistory("","","","$_");


and make it look like this
"!set admin user $1 password  privilege $3\n"); 
next;
}
ProcessHistory("","","","$_");

i.e. put curly bracket "}" (no quotes) after line "next". In my case curly bracket goes on line 200.

3. enjoy

Thursday, March 15, 2007

Cisco Cat6500 copy configuration over SNMP

Cisco has a way to copy configuration to/from TFTP server using SNMP commands. I tried to follow Cisco's documentaion, but it did not work. Here is the right way:

~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 5
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 4
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 1
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a 10.20.4.20
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s aaa
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 1


Step 1.
-------------

In the tftpboot directory (or the directory of the tftp server) create a new empty text
file and name it config.txt. Make sure everybody can read and write to the file, i.e. "chmod 666 config.txt".


Command Syntax:
snmpset -v 2c -c <> <> <> <> <>

Step 2.
-------------

First snmpset we need to make is to create a new ROW in the device within the ccCopyTable
Mib, where all the values are going to be stored in order to gather the device running configuration.
Please check ccCopyEntryRowStatus MIB

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 5

NOTE: var_type is ?i? for Interger

Value 5 is for createAndWait

The number.222 is the entry index in the table. If the row is occupied then destroy it first and try to create it again.

Step 3.
-------------

We are going to use TFTP to transfer the device configuration with the OID ccCopyProtocol.

Check ccCopyProtocol MIB for details

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1

NOTE: Value is 1 for tftp

Step 4.
-------------

We want to copy running configuration.

Please look into MIB ccCopySourceFileType

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 4

NOTE: Value is 4 for runningConfig
NOTE: Value is 3 for StartupConfig

Apparently, there is an error in the documentation.

Step 5.
-------------

Once we have specified the Source, we need to specify destination
ccCopyDestFileType MIB

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 1

NOTE: Value is 1 for networkFile

Step 6.
-------------
TFTP's server IP address is important part of the destination.

Check ccCopyServerAddress MIB for additional details

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a < Server's IP>

NOTE: var_type is "a" for IP address

Value is the TFTP server's IP address

Step 7.
-------------
Now, we need to tell the name of the file where the data is going to be sent to or stored.

Please look into MIB ccCopyFileName

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s config.txt

NOTE: var_type is "s" for Display String

Value is the file name in the TFTPboot previously created with full privileges

Step 8.
-------------
Now we activate row 222 with the following command.

Details are in ccCopyEntryRowStatus MIB

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 1

NOTE: Value is 1 for active.

Update: There is perl module to do the same thing.

Tuesday, March 13, 2007

CISCO-STACK-MIB

"tftpHost" "1.3.6.1.4.1.9.5.1.5.1"
"tftpFile" "1.3.6.1.4.1.9.5.1.5.2"
"tftpModule" "1.3.6.1.4.1.9.5.1.5.3"
"tftpAction" "1.3.6.1.4.1.9.5.1.5.4"
"tftpResult" "1.3.6.1.4.1.9.5.1.5.5"

tftpHost DESCRIPTION "Name of source/destination host for the TFTP
transfer or storage device transfer. If the name
is for the TFTP transfer, it can be the IP
address or the host name. If the name for the
storage device transfer, it will be in the format
of deviceName: (e.g. slot0:, slot1:)."


tftpFile DESCRIPTION "Name of file for the TFTP transfer or for storage device transfer."

tftpModule DESCRIPTION "Which module's code/configuration is being transferred."

tftpAction DESCRIPTION "Setting this object to one of the acceptable values initiates the requested action using the information given in tftpHost, tftpFile,

downloadConfig(2): receive configuration from host/file
uploadConfig(3) : send configuration to host/file
downloadSw(4) : receive software image from host/file
uploadSw(5) : send software image to host/file
downloadFw(6) : receive firmware image from host/file
uploadFw(7) : send firmware image to host/file
Setting this object to any other value results in an error."

tftpResult OBJECT-TYPE
SYNTAX INTEGER {
inProgress(1),
success(2),
noResponse(3),
tooManyRetries(4),
noBuffers(5),
noProcesses(6),
badChecksum(7),
badLength(8),
badFlash(9),
serverError(10),
userCanceled(11),
wrongCode(12),
fileNotFound(13),
invalidTftpHost(14),
invalidTftpModule(15),
accessViolation(16),
unknownStatus(17),
invalidStorageDevice(18),
insufficientSpaceOnStorageDevice(19),
insufficientDramSize(20),
incompatibleImage(21)
}

MAX-ACCESS read-only
DESCRIPTION "Contains result of the last tftp action request."