automated config backups for SFTOS
morrowc.lists at gmail.com
Thu Nov 24 11:03:25 CST 2011
On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr at gmail.com> wrote:
> Second rancid.
> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
> limit the script account to only be able to use 'show run' and whatever
> else it needs (even when it logs in).
> That said, if you're looking for on-the-cheap, I haven't seen a free
> TACACS+ server that does authorization and was stable, so you'll probably
> have to compromise and give your script more permissions than it needs just
> to get the job done.
the cisco tacplus src server is a basic example...
shrubbery.net's tacplus server is quite workable (and heasley keeps
the code working/clean/adding-features)
a simple config for 'just permit show run' is certainly possible with
the shrubbery.net server... if you want example config pipe up.
> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason at biel-tech.com> wrote:
>> Deploy RANCID?
>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon at smugmug.com> wrote:
>> > Does anyone know of a method of automating config backups for force10
>> > switches running SFTOS ? I've got an python expect script that works on
>> > routers running FTOS, it uses a role account that can show the running
>> > configs without having to use the enable password. i could expand the
>> > script to use the enable password but i'm hesitant to have it lying
>> > in a script
>> > Jon Heise
More information about the NANOG