Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
catos on cat5500 issues
jason.ornstein at sybase
Feb 18, 2004, 5:10 PM
Post #1 of 6 (1833 views)
Permalink
I've just started to play with Rancid and am still learning on how
to do the tuning part of it. The issue that I'm currently having
appears to have been around for awhile based on past email on this
list, but I didn't see a solution posted, so I thought I'd bring it
up again.

This is using the rancid 2.2.2 against a Cisco Catalyst 5500 running
CatOS 6.3.5.

The first issue is that it appears that some of the commands from
clogin aren't being sent when cat5rancid is being run. Part of
the diff that is sent to me is:

+ 2004 Feb 18 16:06:58 MST -07:00 %PAGP-5-PORTFROMSTP:Port 11/15 left
bridge port 11/15

So, while rancid was grabbing the config, someone disconnected their
machine and it got logged to the telnet session. From clogin, around
line 751 there is this section of code:

# If the prompt is (enable), then we are on a switch and the
# command is "set length 0"; otherwise its "term length
# 0".
if [ regexp -- ".*> .*enable" "$prompt" ] {
send "set length 0\r"
send "set logging session disable\r"

And when I run 'cat5rancid -d boulder-cat3' and look at the raw file,
I never see the second line above being output.

It could be that this section of code is never being hit as I'm not
sure if the $do_script is valid coming right above this section of
code.

It could be taht the second logging line needs to be inserted in the
run_commands code at line 487. Has anyone done this or does it break
other platforms?


And the second, and maybe easier issue, is that after people disconnect
from the switch other lines in the config change which cause email to be
sent. Some of those lines would look like this in the diff output:

- set spantree portcost
2/1,2/3,2/5,2/11,2/14,2/16-19,2/21,2/26-27,2/34,2/38,2/40-42,2/46-48
200000 mst
+ set spantree portcost
2/1-2,2/4,2/6-10,2/12-13,2/15,2/20,2/22-25,2/28-33,2/35-37,2/39,2/43-45
2000000 mst

This is on the same Catalyst above. Is there a way to filter this not
being sent and/or being collected as a diff?

Thanks.

-jason ornstein
catos on cat5500 issues [ In reply to ]
heas at shrubbery
Feb 19, 2004, 9:47 PM
Post #2 of 6 (1801 views)
Permalink
Wed, Feb 18, 2004 at 06:10:21PM -0700, Jason Ornstein:
> I've just started to play with Rancid and am still learning on how
> to do the tuning part of it. The issue that I'm currently having
> appears to have been around for awhile based on past email on this
> list, but I didn't see a solution posted, so I thought I'd bring it
> up again.
>
> This is using the rancid 2.2.2 against a Cisco Catalyst 5500 running
> CatOS 6.3.5.
>
> The first issue is that it appears that some of the commands from
> clogin aren't being sent when cat5rancid is being run. Part of
> the diff that is sent to me is:
>
> + 2004 Feb 18 16:06:58 MST -07:00 %PAGP-5-PORTFROMSTP:Port 11/15 left
> bridge port 11/15

the "set logging session disable" from below would get rid of messages
like this one.

> So, while rancid was grabbing the config, someone disconnected their
> machine and it got logged to the telnet session. From clogin, around
> line 751 there is this section of code:
>
> # If the prompt is (enable), then we are on a switch and the
> # command is "set length 0"; otherwise its "term length
> # 0".
> if [ regexp -- ".*> .*enable" "$prompt" ] {
> send "set length 0\r"
> send "set logging session disable\r"
>
> And when I run 'cat5rancid -d boulder-cat3' and look at the raw file,
> I never see the second line above being output.

what follows that is an expect clause. expect will buffer the output
(input) trying to match the prompt, so you may not see them if it is
never getting a prompt back and times-out.

> It could be that this section of code is never being hit as I'm not
> sure if the $do_script is valid coming right above this section of
> code.

Correct, that would be the path for -s

> It could be taht the second logging line needs to be inserted in the
> run_commands code at line 487. Has anyone done this or does it break
> other platforms?

That is a bug; it should appear there. thanks.

do those commands work on whatever catos flavour of the month you are
running? does your prompt look something like "switch> (enable)"? do
you get a usable login with 'clogin swtich'? my WAG would be that the
prompt just isnt being matched properly.

> And the second, and maybe easier issue, is that after people disconnect
> from the switch other lines in the config change which cause email to be
> sent. Some of those lines would look like this in the diff output:
>
> - set spantree portcost
> 2/1,2/3,2/5,2/11,2/14,2/16-19,2/21,2/26-27,2/34,2/38,2/40-42,2/46-48
> 200000 mst
> + set spantree portcost
> 2/1-2,2/4,2/6-10,2/12-13,2/15,2/20,2/22-25,2/28-33,2/35-37,2/39,2/43-45
> 2000000 mst
>
> This is on the same Catalyst above. Is there a way to filter this not
> being sent and/or being collected as a diff?

it would have to be filtered in cat5rancid, though it is not clear to me
that it should be. why would spanning tree be enabled on a user interface?
catos on cat5500 issues [ In reply to ]
jason.ornstein at sybase
Feb 20, 2004, 9:02 AM
Post #3 of 6 (1802 views)
Permalink
* john heasley <heas at shrubbery.net> [2004-02-19 21:47:32 -0800]:

> the "set logging session disable" from below would get rid of messages
> like this one.

Right. This line works for the 3 Catalysts that I tested:

4506 CatOS 7.6(3)
4006 CatOS 6.3(7)
5500 CatOS 6.3(5)

> That is a bug; it should appear there. thanks.

I'll add it locally as well, thanks.

> do those commands work on whatever catos flavour of the month you are
> running? does your prompt look something like "switch> (enable)"? do
> you get a usable login with 'clogin swtich'? my WAG would be that the
> prompt just isnt being matched properly.

Yes, those commands to work on my three Catalysts. And the prompt looks
like this

boulder-cat1> (enable)
boulder-cat2> (enable)
boulder-cat3> (enable)

And 'clogin switchname' works for all three hosts w/o a problem. I
think it is matching the prompts okay. Here is part of the raw file:

boulder-cat1> (enable)
boulder-cat1> (enable) set length 0
Screen length for this session set to 0.
boulder-cat1> (enable) show version
WS-C4506 Software, Version NmpSW: 7.6(3)
Copyright (c) 1995-2003 by Cisco Systems, Inc.
NMP S/W compiled on Aug 22 2003, 03:17:00
GSP S/W compiled on Aug 22 2003, 00:32:33

> > This is on the same Catalyst above. Is there a way to filter this not
> > being sent and/or being collected as a diff?

> it would have to be filtered in cat5rancid, though it is not clear to me
> that it should be. why would spanning tree be enabled on a user interface?

Well, the switch is running spanning tree as it has dual uplinks, but
you're right there is no reason that the fast ethernet ports need to
be running spanning tree. I'm unaware of a way to disable spanning
tree on a port level though. I do have portfast enabled, but that is
not the same. Are you thinking of something else?

-jason
catos on cat5500 issues [ In reply to ]
heas at shrubbery
Feb 20, 2004, 9:33 AM
Post #4 of 6 (1812 views)
Permalink
Fri, Feb 20, 2004 at 10:02:09AM -0700, Jason Ornstein:
> And 'clogin switchname' works for all three hosts w/o a problem. I
> think it is matching the prompts okay. Here is part of the raw file:
>
> boulder-cat1> (enable)
> boulder-cat1> (enable) set length 0
> Screen length for this session set to 0.
> boulder-cat1> (enable) show version
> WS-C4506 Software, Version NmpSW: 7.6(3)
> Copyright (c) 1995-2003 by Cisco Systems, Inc.
> NMP S/W compiled on Aug 22 2003, 03:17:00
> GSP S/W compiled on Aug 22 2003, 00:32:33
ah, so it getting some portion of the output. can you give me the entire
raw file (privately)?

> > > This is on the same Catalyst above. Is there a way to filter this not
> > > being sent and/or being collected as a diff?
>
> > it would have to be filtered in cat5rancid, though it is not clear to me
> > that it should be. why would spanning tree be enabled on a user interface?
>
> Well, the switch is running spanning tree as it has dual uplinks, but
> you're right there is no reason that the fast ethernet ports need to
> be running spanning tree. I'm unaware of a way to disable spanning
> tree on a port level though. I do have portfast enabled, but that is
> not the same. Are you thinking of something else?

hmm, looks like you're right. seems dangerous to me; it is a wonder no one
has complained to cisco.

Does that config command not get set for backbone links? ie: if it is just
filtered by cat5rancid, actual useful configuration information would be
lost.
catos on cat5500 issues [ In reply to ]
yuvalba at netvision
Feb 20, 2004, 12:42 PM
Post #5 of 6 (1814 views)
Permalink
a late reply to this discussion.

I already reported the missing "set logging session disable\r" while
clogin is in 'run_commands' mode (-c) but could not find where it was
missing. Just now added it to run_commands as well, I do see one minor
things now if I run clogin -c to cat5500 switch it will send the command
twice, this is output from clogin -c 'sh alias' cat55:

cat55-u-a> (enable)
cat55-u-a> (enable) set length 0
Screen length for this session set to 0.
cat55-u-a> (enable) set logging session disable
System logging messages will not be sent to the current login session.
cat55-u-a> (enable) set logging session disable
System logging messages will not be sent to the current login session.
cat55-u-a> (enable)sh alias
No command aliases configured.
cat55-u-a> (enable) exit
Connection closed by foreign host.

Any idea why it is being sent twice ? (before I added it to run_commands
it would not be sent at all)

Regarding the spanning tree changes.
I was having similar problem with constant "set spantree portvlancost"
config changes.
I had to filter on cat5rancind by adding following line inside sub
WriteTerm:
/^set spantree portvlancost/ && next;


In any case I don't think you want to disable spanning tree anywhere.
It is there to protect the network from loops.
What if someone in your network will manage to loop 2 ports ? if stp
will be off it could melt down the network.
The real problem is why port cost config keeps changing when ports go
down and up which should probably be a question to Cisco.

Yuval

> -----Original Message-----
> From: owner-rancid-discuss at shrubbery.net
> [mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of
> Jason Ornstein
> Sent: Thursday, February 19, 2004 03:10
> To: rancid-discuss at shrubbery.net
> Subject: catos on cat5500 issues
>
>
> I've just started to play with Rancid and am still learning on how
> to do the tuning part of it. The issue that I'm currently having
> appears to have been around for awhile based on past email on this
> list, but I didn't see a solution posted, so I thought I'd bring it
> up again.
>
> This is using the rancid 2.2.2 against a Cisco Catalyst 5500 running
> CatOS 6.3.5.
>
> The first issue is that it appears that some of the commands from
> clogin aren't being sent when cat5rancid is being run. Part of
> the diff that is sent to me is:
>
> + 2004 Feb 18 16:06:58 MST -07:00 %PAGP-5-PORTFROMSTP:Port 11/15 left
> bridge port 11/15
>
> So, while rancid was grabbing the config, someone disconnected their
> machine and it got logged to the telnet session. From clogin, around
> line 751 there is this section of code:
>
> # If the prompt is (enable), then we are on a switch and the
> # command is "set length 0"; otherwise its "term length
> # 0".
> if [ regexp -- ".*> .*enable" "$prompt" ] {
> send "set length 0\r"
> send "set logging session disable\r"
>
> And when I run 'cat5rancid -d boulder-cat3' and look at the raw file,
> I never see the second line above being output.
>
> It could be that this section of code is never being hit as I'm not
> sure if the $do_script is valid coming right above this section of
> code.
>
> It could be taht the second logging line needs to be inserted in the
> run_commands code at line 487. Has anyone done this or does it break
> other platforms?
>
>
> And the second, and maybe easier issue, is that after people
> disconnect
> from the switch other lines in the config change which cause
> email to be
> sent. Some of those lines would look like this in the diff output:
>
> - set spantree portcost
> 2/1,2/3,2/5,2/11,2/14,2/16-19,2/21,2/26-27,2/34,2/38,2/40-42,2/46-48
> 200000 mst
> + set spantree portcost
>
> 2/1-2,2/4,2/6-10,2/12-13,2/15,2/20,2/22-25,2/28-33,2/35-37,2/3
9,2/43-45
> 2000000 mst
>
> This is on the same Catalyst above. Is there a way to filter
> this not
> being sent and/or being collected as a diff?
>
> Thanks.
>
> -jason ornstein
>
>
>
catos on cat5500 issues [ In reply to ]
jason.ornstein at sybase
Feb 26, 2004, 3:34 PM
Post #6 of 6 (1810 views)
Permalink
* Yuval Ben-Ari <yuvalba at netvision.net.il> [2004-02-20 22:42:36 +0200]:

> a late reply to this discussion.
>
> I already reported the missing "set logging session disable\r" while
> clogin is in 'run_commands' mode (-c) but could not find where it was
> missing. Just now added it to run_commands as well, I do see one minor
> things now if I run clogin -c to cat5500 switch it will send the command
> twice, this is output from clogin -c 'sh alias' cat55:
>
> cat55-u-a> (enable)
> cat55-u-a> (enable) set length 0
> Screen length for this session set to 0.
> cat55-u-a> (enable) set logging session disable
> System logging messages will not be sent to the current login session.
> cat55-u-a> (enable) set logging session disable
> System logging messages will not be sent to the current login session.
> cat55-u-a> (enable)sh alias
> No command aliases configured.
> cat55-u-a> (enable) exit
> Connection closed by foreign host.
>
> Any idea why it is being sent twice ? (before I added it to run_commands
> it would not be sent at all)

I don't know why it is doing this either, but I see the exact same thing
and it causes the collection of the config files to fail.

I don't see how a second 'send' command in an if statement would cause
the commands to be sent twice.

I don't know very much expect, so I haven't tried to debug this in
depth.

> Regarding the spanning tree changes.
> I was having similar problem with constant "set spantree portvlancost"
> config changes.
> I had to filter on cat5rancind by adding following line inside sub
> WriteTerm:
> /^set spantree portvlancost/ && next;

I think that I'll give this a try.

> In any case I don't think you want to disable spanning tree anywhere.
> It is there to protect the network from loops.
> What if someone in your network will manage to loop 2 ports ? if stp
> will be off it could melt down the network.
> The real problem is why port cost config keeps changing when ports go
> down and up which should probably be a question to Cisco.

Agreed. It might be version of code or platform. I'll investigate
this.


-jason

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal