automated config backups for SFTOS
Christopher Morrow
morrowc.lists at gmail.com
Thu Nov 24 17:03:25 UTC 2011
On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr at gmail.com> wrote:
> Second rancid.
+3
> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
it does
> limit the script account to only be able to use 'show run' and whatever
> else it needs (even when it logs in).
>
you can
> That said, if you're looking for on-the-cheap, I haven't seen a free
> TACACS+ server that does authorization and was stable, so you'll probably
> have to compromise and give your script more permissions than it needs just
> to get the job done.
the cisco tacplus src server is a basic example...
shrubbery.net's tacplus server is quite workable (and heasley keeps
the code working/clean/adding-features)
a simple config for 'just permit show run' is certainly possible with
the shrubbery.net server... if you want example config pipe up.
-chris
> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason at biel-tech.com> wrote:
>
>> Deploy RANCID?
>>
>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon at smugmug.com> wrote:
>>
>> > Does anyone know of a method of automating config backups for force10
>> > switches running SFTOS ? I've got an python expect script that works on
>> our
>> > routers running FTOS, it uses a role account that can show the running
>> > configs without having to use the enable password. i could expand the
>> > script to use the enable password but i'm hesitant to have it lying
>> around
>> > in a script
>> >
>> > Jon Heise
>> >
>>
>>
>>
>> --
>> Jason
>>
>
>
>
> --
> ^[:wq^M
>
More information about the NANOG
mailing list