Mailing List Archive

Wed, Dec 06, 2023 at 06:00:08PM +0000, on@LEFerguson.com:
> I have several clients for whom I use rancid and they are all cisco.
>
> I have one who had a horrible mixture of D-Link, Cisco, Netgear, etc. Over years I modified, kludged, hacked and re-kludged rancid trying to make it workable.
>
> I'd like to bring them up to date, and honestly between legit changes from upstream and my mess I just want to start over. Also, they got rid of the 'etc' and D-Link and now just have half Netgear and half Cisco. The Netgear allows SSH and does a semi-similar show to ciscos, just... different.
>
> In some brief consultation with Google I found little, stumbled on where I had asked about this 6 years or so ago.
>
> Does anyone have workable configs for modern netgear stuff (the ones with real configs and current firmware, not all the home stuff)? My priority is that it not include changes that preclude easy upgrade of rancid, otherwise I'm going to tell them to stay on the old, or not do change control on Netgear.
>
> I just did a clean install on my home system, and I see nothing new in that regard, though more robust filters, etc. might actually make it practical with a different vendor's name.

I do not have any netgear devices. I'd make it work if I had one and I do
need a 802.3bt switch; the (bloody expensive) M4250 supports ssh, but the
docs talk more about the web intf than cli and it is not clear what is
possible in the cli. If a model supports ssh, does it support
configuration via the cli?

Also, depending on what changes you made to the previous version, it might
be possible to just use the module you changed as a different device type.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

I happen to know the answer to that! The M4250 is CLI-manageable and configurable. The key term in Netgear-ese is "Fully Managed", which means full CLI, SNMP, as well as WebUI. Doesn't mean they didn't forget to include some feature or seventeen in the CLI, but it is supposed to be fully-manageable via SSH.

Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive?
Winnipeg, MB R3T 6A8?
(204) 977-6824 or 1-800-430-6404 (MB only)?
https://www.merlin.mb.ca?


> -----Original Message-----
> From: Rancid-discuss <rancid-discuss-bounces@www.shrubbery.net> On
> Behalf Of heasley
> Sent: Wednesday, December 6, 2023 2:52 PM
> To: on@LEFerguson.com
> Cc: rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Netgear switches in 2023 (or 2024)
>
> Wed, Dec 06, 2023 at 06:00:08PM +0000, on@LEFerguson.com:
> > I have several clients for whom I use rancid and they are all cisco.
> >
> > I have one who had a horrible mixture of D-Link, Cisco, Netgear, etc. Over
> years I modified, kludged, hacked and re-kludged rancid trying to make it
> workable.
> >
> > I'd like to bring them up to date, and honestly between legit changes from
> upstream and my mess I just want to start over. Also, they got rid of the 'etc'
> and D-Link and now just have half Netgear and half Cisco. The Netgear allows
> SSH and does a semi-similar show to ciscos, just... different.
> >
> > In some brief consultation with Google I found little, stumbled on where I
> had asked about this 6 years or so ago.
> >
> > Does anyone have workable configs for modern netgear stuff (the ones with
> real configs and current firmware, not all the home stuff)? My priority is that
> it not include changes that preclude easy upgrade of rancid, otherwise I'm
> going to tell them to stay on the old, or not do change control on Netgear.
> >
> > I just did a clean install on my home system, and I see nothing new in that
> regard, though more robust filters, etc. might actually make it practical with a
> different vendor's name.
>
> I do not have any netgear devices. I'd make it work if I had one and I do
> need a 802.3bt switch; the (bloody expensive) M4250 supports ssh, but the
> docs talk more about the web intf than cli and it is not clear what is
> possible in the cli. If a model supports ssh, does it support
> configuration via the cli?
>
> Also, depending on what changes you made to the previous version, it might
> be possible to just use the module you changed as a different device type.
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Yes, Netgear seems to have odd ideas of "managed", but the fully managed switches do seem recoverable from the prior saved show command.

But I have, for example a GS728TPV2 which supports SH but is not fully managed, at least I do not think it is. It says it has "cloud management" which I do not use, but I can ssh to it and do a show run and get something that looks pretty realistic. I suspect though it is just one of many flavors for different switches (and software versions of switches).

What I found though (and remember this was about 5 years ago) was I needed to tweak and change a lot of the code to handle spacing, premature end of files, special characters and such, I could not just string together modules in the rancid.types.conf file. And maybe I just didn't know how to do it well, and upgradably (is that a word?).

Anyway, sounds like not a lot is there out of the box, that was my main question, to make sure I wasn't missing something.

Thanks.

Linwood


-----Original Message-----
From: Adam Thompson <athompson@merlin.mb.ca>
Sent: Wednesday, December 6, 2023 3:57 PM
To: heasley <heas@shrubbery.net>; on@LEFerguson.com
Cc: rancid-discuss@shrubbery.net
Subject: RE: [rancid] Netgear switches in 2023 (or 2024)

I happen to know the answer to that! The M4250 is CLI-manageable and configurable. The key term in Netgear-ese is "Fully Managed", which means full CLI, SNMP, as well as WebUI. Doesn't mean they didn't forget to include some feature or seventeen in the CLI, but it is supposed to be fully-manageable via SSH.

Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive?
Winnipeg, MB R3T 6A8?
(204) 977-6824 or 1-800-430-6404 (MB only)?
https://www.merlin.mb.ca?


> -----Original Message-----
> From: Rancid-discuss <rancid-discuss-bounces@www.shrubbery.net> On
> Behalf Of heasley
> Sent: Wednesday, December 6, 2023 2:52 PM
> To: on@LEFerguson.com
> Cc: rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Netgear switches in 2023 (or 2024)
>
> Wed, Dec 06, 2023 at 06:00:08PM +0000, on@LEFerguson.com:
> > I have several clients for whom I use rancid and they are all cisco.
> >
> > I have one who had a horrible mixture of D-Link, Cisco, Netgear, etc. Over
> years I modified, kludged, hacked and re-kludged rancid trying to make it
> workable.
> >
> > I'd like to bring them up to date, and honestly between legit changes from
> upstream and my mess I just want to start over. Also, they got rid of the 'etc'
> and D-Link and now just have half Netgear and half Cisco. The Netgear allows
> SSH and does a semi-similar show to ciscos, just... different.
> >
> > In some brief consultation with Google I found little, stumbled on where I
> had asked about this 6 years or so ago.
> >
> > Does anyone have workable configs for modern netgear stuff (the ones with
> real configs and current firmware, not all the home stuff)? My priority is that
> it not include changes that preclude easy upgrade of rancid, otherwise I'm
> going to tell them to stay on the old, or not do change control on Netgear.
> >
> > I just did a clean install on my home system, and I see nothing new in that
> regard, though more robust filters, etc. might actually make it practical with a
> different vendor's name.
>
> I do not have any netgear devices. I'd make it work if I had one and I do
> need a 802.3bt switch; the (bloody expensive) M4250 supports ssh, but the
> docs talk more about the web intf than cli and it is not clear what is
> possible in the cli. If a model supports ssh, does it support
> configuration via the cli?
>
> Also, depending on what changes you made to the previous version, it might
> be possible to just use the module you changed as a different device type.
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Wed, Dec 06, 2023 at 08:56:55PM +0000, Adam Thompson:
> I happen to know the answer to that! The M4250 is CLI-manageable and configurable. The key term in Netgear-ese is "Fully Managed", which means full CLI, SNMP, as well as WebUI. Doesn't mean they didn't forget to include some feature or seventeen in the CLI, but it is supposed to be fully-manageable via SSH.

Well, if anyone has one to which they can give me remote access to dev a
module, lmk.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Do you need access, or output from all the show commands?

I don't personally own a "fully managed" netgear, only a "cloud managed" which may be different (well, is different, it doesn't have user ID's for one thing, just a password). A client has many but is a government facility so that's not happening, but I can probably get all the show commands from one or more (+/- redacting passwords), and then test the result. I'd have to ask, but I realize that is not idea, so will see if anyone else volunteers.

Linwood



-----Original Message-----
From: heasley <heas@shrubbery.net>
Sent: Friday, December 8, 2023 8:52 AM
To: Adam Thompson <athompson@merlin.mb.ca>
Cc: heasley <heas@shrubbery.net>; on@LEFerguson.com; rancid-discuss@shrubbery.net
Subject: Re: [rancid] Netgear switches in 2023 (or 2024)

Wed, Dec 06, 2023 at 08:56:55PM +0000, Adam Thompson:
> I happen to know the answer to that! The M4250 is CLI-manageable and configurable. The key term in Netgear-ese is "Fully Managed", which means full CLI, SNMP, as well as WebUI. Doesn't mean they didn't forget to include some feature or seventeen in the CLI, but it is supposed to be fully-manageable via SSH.

Well, if anyone has one to which they can give me remote access to dev a
module, lmk.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Fri, Dec 08, 2023 at 02:50:41PM +0000, on@LEFerguson.com:
> Do you need access, or output from all the show commands?
>
> I don't personally own a "fully managed" netgear, only a "cloud managed" which may be different (well, is different, it doesn't have user ID's for one thing, just a password). A client has many but is a government facility so that's not happening, but I can probably get all the show commands from one or more (+/- redacting passwords), and then test the result. I'd have to ask, but I realize that is not idea, so will see if anyone else volunteers.

Best if I could access it myself, but if the login script was well tested,
then just the complete transcript of the login might be enough.

> Linwood
>
>
>
> -----Original Message-----
> From: heasley <heas@shrubbery.net>
> Sent: Friday, December 8, 2023 8:52 AM
> To: Adam Thompson <athompson@merlin.mb.ca>
> Cc: heasley <heas@shrubbery.net>; on@LEFerguson.com; rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Netgear switches in 2023 (or 2024)
>
> Wed, Dec 06, 2023 at 08:56:55PM +0000, Adam Thompson:
> > I happen to know the answer to that! The M4250 is CLI-manageable and configurable. The key term in Netgear-ese is "Fully Managed", which means full CLI, SNMP, as well as WebUI. Doesn't mean they didn't forget to include some feature or seventeen in the CLI, but it is supposed to be fully-manageable via SSH.
>
> Well, if anyone has one to which they can give me remote access to dev a
> module, lmk.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

> Best if I could access it myself, but if the login script was well tested,
> then just the complete transcript of the login might be enough.

Of course, fairly easy if I had one myself. Governments are kind of inflexible on security, especially today.

I am unclear on terminology, and sure you don't mean just a login, but the output of a bunch of show commands? Is there a sequence I feed it or something that might give you what you want? (I can guess and just give the output of each show command it supports, but it sounds like you have something specific in mind).

Linwood

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Fri, Dec 08, 2023 at 03:34:46PM +0000, on@LEFerguson.com:
> I am unclear on terminology, and sure you don't mean just a login, but the output of a bunch of show commands? Is there a sequence I feed it or something that might give you what you want? (I can guess and just give the output of each show command it supports, but it sounds like you have something specific in mind).

Right, so that I can see its behavior, the complete output from:
loginscript -c 'cmd;cmd;...' hostname > output 2>&1

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

> Right, so that I can see its behavior, the complete output from:
> loginscript -c 'cmd;cmd;...' hostname > output 2>&1

Perfect. And cmd are each show. Let me clear it with my contact there, but I think that will be OK.

Linwood

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

Fri, Dec 08, 2023 at 03:42:42PM +0000, on@LEFerguson.com:
>
> > Right, so that I can see its behavior, the complete output from:
> > loginscript -c 'cmd;cmd;...' hostname > output 2>&1
>
> Perfect. And cmd are each show. Let me clear it with my contact there, but I think that will be OK.

I have never used one of these, but yes, the commands would be a list of
show or show-like commands.

show version
show license
show bootimage
show admin
show vlans
show hardware/chassis
show optics
show storage/disk
show otherthingsofinterest
somecommandthatdoesnotexit andgeneratesanerror
show running-config

Also need to know how to disable the pager at login (eg: term len 0) and
disable syslog to the terminal (if that is a thing for that NOS) and which
login script works with the device to login and become enabled.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss