Cisco – Rancid can’t download Cisco Configuration

Using CentOS 7 with Rancid configured.

I'm using Rancid to get my Cisco switches configuration, but seems that Rancid isn't able to get my configs. The output of my logs:

starting: Seg Out 8 18:47:17 WEST 2018

Trying to get all of the configs.
sw-it-dist-4.cbr.net: missed cmd(s): all commands
sw-it-dist-4.cbr.net: End of run not found
sw-it-dist-4.cbr.net: clogin error: Error: Couldn't login

My .cloginrc file:

add user *.net {admin}
add password *.net {PASSWORD_REMOVED} {PASSWORD_REMOVED}
add autoenable *.net            1
add method *.net ssh
add userprompt *.net  {"User Name:"}

When I tried to run /usr/local/rancid/bin/clogin sw-it-dist-4.cbr.net it looks like the enable command is missing:

rancid@it-tests logs]$ /usr/local/rancid/bin/clogin sw-it-dist-4.cbr.net
sw-it-dist-4.cbr.net
spawn ssh -x -l admin sw-it-dist-4.cbr.net
Password: 


-----------------------------------------------------------------------------
=============================================================================
==        UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED!!!              ==
==                                                                         ==
==  You must have explicit, authorized permission to access or configure   ==
==  this device. Unauthorized attempts and actions to access or use of     ==
==  this system may result in civil and/or criminal penalties.             
==  All activities performed on this device are logged and monitored.      ==
=============================================================================
-----------------------------------------------------------------------------

sw-it-dist-4>
sw-it-dist-4>

What I'm doing wrong?

For example, if I run the clogin command manually I'm able to see my configuration:

[rancid@it-tests rancid]$ /usr/local/rancid/bin/clogin -c "show runn" sw-dc-tor-1.cbr.net.wit
sw-dc-tor-1.cbr.net.wit
spawn ssh -x -l admin sw-dc-tor-1.cbr.net.wit
Password: 

sw-dc-tor-1>enable

Password required, but none set
Password: 
sw-dc-tor-1#
sw-dc-tor-1#terminal length 0
sw-dc-tor-1#terminal width 132
sw-dc-tor-1#show runn
Building configuration...

Current configuration : 10393 bytes
!
! Last configuration change at 13:56:17 UTC Thu Sep 27 2018 by admin
! NVRAM config last updated at 13:46:16 UTC Thu Sep 27 2018 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
(...)

But if I run the /usr/local/rancid/bin/rancid-run I have this error:

[rancid@it-tests logs]$ tailf Switches.20181009.114630 
=====================================
Getting missed routers: round 1.
sw-it-tor-1.cbr.net.wit: missed cmd(s): all commands
sw-it-tor-1.cbr.net.wit: End of run not found
sw-it-tor-1.cbr.net.wit clogin error: Error: Couldn't login
!
=====================================
Getting missed routers: round 2.
sw-it-tor-1.cbr.net.wit: missed cmd(s): all commands
sw-it-tor-1.cbr.net.wit: End of run not found
sw-it-tor-1.cbr.net.wit clogin error: Error: Couldn't login
!

I don't understand what I'm missing…

Edit:

Thank you for your reply.

I've changed the autoenable option, and changed the hostname to .net.wit.

My .cloginrc file:

add user *.net.wit {admin}
add password *.net.wit {PASSWORD_REMOVED} {PASSWORD_REMOVED}
add autoenable * 0
add method *.net.wit ssh
add userprompt *.net.wit  {"User Name:"}

Now if I run this command /usr/local/rancid/bin/clogin -f /home/rancid/.cloginrc sw-it-dist-4.cbr.net.wit I have this output:

[rancid@it-tests root]$ /usr/local/rancid/bin/clogin -f /home/rancid/.cloginrc sw-it-dist-4.cbr.net.wit
sw-it-dist-4.cbr.net.wit
spawn ssh -x -l admin sw-it-dist-4.cbr.net.wit
Password: 
-------------------------------------------------------------
===================================
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED!!!              
===================================
-------------------------------------------------------------
sw-it-dist-4>enable
Password: 
sw-it-dist-4#

But if run the /usr/local/rancid/bin/rancid-run in my logs I have this:

[rancid@it-tests logs]$ tailf Switches.20181012.112810 
Trying to get all of the configs.
sw-it-dist-4.cbr.net.wit: missed cmd(s): all commands
sw-it-dist-4.cbr.net.wit: End of run not found
sw-it-dist-4.cbr.net.wit clogin error: Error: Couldn't login

What I'm doing wrong this time?

Best Answer

It appears that you have autoenable switched on in your config, which indicates that the username you're using (admin) already has "enable" privilege. If you have the opposite autoenable * 0, RANCID will issue an enable command, with the password you've defined.

I believe the reason it behaves differently when you run it by hand on sw-dc-tor-1.cbr.net.wit is that this hostname ends in '.wit' and so doesn't match the *.net you have in your .cloginrc which triggers the autoenable.

See http://www.shrubbery.net/rancid/man/cloginrc.5.html

Best Answer

Related Solutions

Cisco – Privilege configuration on cisco switch

Getting rancid/clogin to work in spite of banners filled with #-marks

Related Topic