automated config backups for SFTOS

Christopher Morrow morrowc.lists at gmail.com
Thu Nov 24 11:03:25 CST 2011


On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr at gmail.com> wrote:
> Second rancid.

+3

> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can

it does

> limit the script account to only be able to use 'show run' and whatever
> else it needs (even when it logs in).
>

you can

> That said, if you're looking for on-the-cheap, I haven't seen a free
> TACACS+ server that does authorization and was stable, so you'll probably
> have to compromise and give your script more permissions than it needs just
> to get the job done.

the cisco tacplus src server is a basic example...
shrubbery.net's tacplus server is quite workable (and heasley keeps
the code working/clean/adding-features)

a simple config for 'just permit show run' is certainly possible with
the shrubbery.net server... if you want example config pipe up.

-chris

> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason at biel-tech.com> wrote:
>
>> Deploy RANCID?
>>
>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon at smugmug.com> wrote:
>>
>> > Does anyone know of a method of automating config backups for force10
>> > switches running SFTOS ? I've got an python expect script that works on
>> our
>> > routers running FTOS, it uses a role account that can show the running
>> > configs without having to use the enable password.  i could expand the
>> > script to use the enable password but i'm hesitant to have it lying
>> around
>> > in a script
>> >
>> > Jon  Heise
>> >
>>
>>
>>
>> --
>> Jason
>>
>
>
>
> --
> ^[:wq^M
>



More information about the NANOG mailing list