automated config backups for SFTOS
Christopher Morrow
morrowc.lists at gmail.com
Thu Nov 24 17:04:45 UTC 2011
On Thu, Nov 24, 2011 at 12:03 PM, Christopher Morrow
<morrowc.lists at gmail.com> wrote:
> On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr at gmail.com> wrote:
>> Second rancid.
>
> +3
>
>> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
>
> it does
>
>> limit the script account to only be able to use 'show run' and whatever
>> else it needs (even when it logs in).
>>
>
> you can
>
>> That said, if you're looking for on-the-cheap, I haven't seen a free
>> TACACS+ server that does authorization and was stable, so you'll probably
>> have to compromise and give your script more permissions than it needs just
>> to get the job done.
>
> the cisco tacplus src server is a basic example...
> shrubbery.net's tacplus server is quite workable (and heasley keeps
> the code working/clean/adding-features)
>
> a simple config for 'just permit show run' is certainly possible with
> the shrubbery.net server... if you want example config pipe up.
I should have included:
<http://www.shrubbery.net/tac_plus/>
and there are some decent example configs available (I think john
payne had some posted/updated, this query seems to show a bunch of
positive results:
<https://www.google.com/search?client=ubuntu&channel=fs&q=john+payne+tacplus&ie=utf-8&oe=utf-8>
> -chris
>
>> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason at biel-tech.com> wrote:
>>
>>> Deploy RANCID?
>>>
>>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon at smugmug.com> wrote:
>>>
>>> > Does anyone know of a method of automating config backups for force10
>>> > switches running SFTOS ? I've got an python expect script that works on
>>> our
>>> > routers running FTOS, it uses a role account that can show the running
>>> > configs without having to use the enable password. i could expand the
>>> > script to use the enable password but i'm hesitant to have it lying
>>> around
>>> > in a script
>>> >
>>> > Jon Heise
>>> >
>>>
>>>
>>>
>>> --
>>> Jason
>>>
>>
>>
>>
>> --
>> ^[:wq^M
>>
>
More information about the NANOG
mailing list