RANCID and Netscreen firewall

I installed RANCID 2.3.1 and encountered a problem which, as far as I know, happens in previous versions of RANCID as well. It does not work with Juniper Netscreen firewalls. The error message is
Missing right curly or square bracket at
/usr/local/libexec/rancid//nrancid line 302, at end of line
syntax error at /usr/local/libexec/rancid//nrancid line 302, at EOF

Here is how I fixed it.

1.fix bin/nlogin

find following section and comment it out (it starts on line 488 in my case)

if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
close; wait
continue
}
}
}

after you are done it should look like this

#    if { $enable } {
#       if {[do_enable $enauser $enapasswd]} {
#           if { $do_command || $do_script } {
#               close; wait
#               continue
#           }
#       }
#    }

2. fix bin/nrancid
find section (around line 200)

"!set admin user $1 password  privilege $3\n"); 
next;
ProcessHistory("","","","$_");

and make it look like this

"!set admin user $1 password  privilege $3\n"); 
next;
}
ProcessHistory("","","","$_");

i.e. put curly bracket "}" (no quotes) after line "next". In my case curly bracket goes on line 200.

3. enjoy

Cisco Cat6500 copy configuration over SNMP

Cisco has a way to copy configuration to/from TFTP server using SNMP commands. I tried to follow Cisco's documentaion, but it did not work. Here is the right way:

~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 5
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 4
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 1
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a 10.20.4.20
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s aaa
~$ snmpset -v2c -c secret cr2 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 1


Step 1.
-------------

In the tftpboot directory (or the directory of the tftp server) create a new empty text
file and name it ?config.txt?. Give it full privileges.


Command Syntax:
snmpset -v 2c -c <> <> <> <> <>

Step 2.
-------------

First snmpset we need to make is to create a new ROW in the device within the ccCopyTable
Mib, where all the values are going to be stored in order to gather the device running configuration.
Please look into MIB ccCopyEntryRowStatus

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 5

NOTE: var_type is ?i? for Interger

Value is 5 for createAndWait

In the MIB the last .222 is the entry index in the table. If the row is occupied then
please destroy it first and try to create it and wait again.

Step 3.
-------------

We are going to use TFTP to transfer the device configuration with the OID ccCopyProtocol.

Please look into MIB ccCopyProtocol

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1

NOTE: Value is 1 for tftp

Step 4.
-------------

We are going to specify that what we want to copy is the running configuration.

Please look into MIB ccCopySourceFileType

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 4

NOTE: Value is 4 for runningConfig
NOTE: Value is 3 for StartupConfig

Apparently, there is an error in the documentation.

Step 5.
-------------

Once we have specified the Source, we need to tell what would be the destination to where we are copying th
e file.
Please look into MIB ccCopyDestFileType

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 1

NOTE: Value is 1 for networkFile

Step 6.
-------------
Let?s now setup the IP address of the server where the TFTP service is currently running and where the conf
iguration is going to get copied.

Please look into MIB ccCopyServerAddress

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a < Server?
s IP>

NOTE: var_type is ?a? for IP address

Value is the TFTP server?s IP address

Step 7.
-------------
Now, we need to tell the name of the file where the data is going to be sent to or stored.

Please look into MIB ccCopyFileName

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s config.tx
t

NOTE: var_type is ?s? for Display String

Value is the file name in the TFTPboot previously created with full privileges

Step 8.
-------------
Last thing is deploying the settings so the config archive takes place. Before activating the row 222, we m
ust double-check that the TFTP service is up and running in the server.

Is the service running?
If yes, then activate the row with the following snmpset.

Please look into MIB ccCopyEntryRowStatus

snmpset -v2c -c <> <> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 1

NOTE: Value is 1 for active.

Update: There is perl module to do the same thing.

CISCO-STACK-MIB

"tftpHost" "1.3.6.1.4.1.9.5.1.5.1"
"tftpFile" "1.3.6.1.4.1.9.5.1.5.2"
"tftpModule" "1.3.6.1.4.1.9.5.1.5.3"
"tftpAction" "1.3.6.1.4.1.9.5.1.5.4"
"tftpResult" "1.3.6.1.4.1.9.5.1.5.5"

tftpHost DESCRIPTION "Name of source/destination host for the TFTP
transfer or storage device transfer. If the name
is for the TFTP transfer, it can be the IP
address or the host name. If the name for the
storage device transfer, it will be in the format
of deviceName: (e.g. slot0:, slot1:)."


tftpFile DESCRIPTION "Name of file for the TFTP transfer or for storage device transfer."

tftpModule DESCRIPTION "Which module's code/configuration is being transferred."

tftpAction DESCRIPTION "Setting this object to one of the acceptable values initiates the requested action using the information given in tftpHost, tftpFile,

downloadConfig(2): receive configuration from host/file
uploadConfig(3) : send configuration to host/file
downloadSw(4) : receive software image from host/file
uploadSw(5) : send software image to host/file
downloadFw(6) : receive firmware image from host/file
uploadFw(7) : send firmware image to host/file
Setting this object to any other value results in an error."

tftpResult OBJECT-TYPE
SYNTAX INTEGER {
inProgress(1),
success(2),
noResponse(3),
tooManyRetries(4),
noBuffers(5),
noProcesses(6),
badChecksum(7),
badLength(8),
badFlash(9),
serverError(10),
userCanceled(11),
wrongCode(12),
fileNotFound(13),
invalidTftpHost(14),
invalidTftpModule(15),
accessViolation(16),
unknownStatus(17),
invalidStorageDevice(18),
insufficientSpaceOnStorageDevice(19),
insufficientDramSize(20),
incompatibleImage(21)
}

MAX-ACCESS read-only
DESCRIPTION "Contains result of the last tftp action request."