[146880] in North American Network Operators' Group
Re: automated config backups for SFTOS
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Nov 24 12:05:01 2011
In-Reply-To: <CAEAFGYjgw-MUkJW2XZw2Y2vyx9B04GnJyZwZypUuN6koF1P+HA@mail.gmail.com>
Date: Thu, 24 Nov 2011 12:03:25 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: James Harr <james.harr@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr@gmail.com> wrote:
> Second rancid.
+3
> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
it does
> limit the script account to only be able to use 'show run' and whatever
> else it needs (even when it logs in).
>
you can
> That said, if you're looking for on-the-cheap, I haven't seen a free
> TACACS+ server that does authorization and was stable, so you'll probably
> have to compromise and give your script more permissions than it needs ju=
st
> to get the job done.
the cisco tacplus src server is a basic example...
shrubbery.net's tacplus server is quite workable (and heasley keeps
the code working/clean/adding-features)
a simple config for 'just permit show run' is certainly possible with
the shrubbery.net server... if you want example config pipe up.
-chris
> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason@biel-tech.com> wrote:
>
>> Deploy RANCID?
>>
>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
>>
>> > Does anyone know of a method of automating config backups for force10
>> > switches running SFTOS ? I've got an python expect script that works o=
n
>> our
>> > routers running FTOS, it uses a role account that can show the running
>> > configs without having to use the enable password. =A0i could expand t=
he
>> > script to use the enable password but i'm hesitant to have it lying
>> around
>> > in a script
>> >
>> > Jon =A0Heise
>> >
>>
>>
>>
>> --
>> Jason
>>
>
>
>
> --
> ^[:wq^M
>
