Send Netdot-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-users digest..."
Today's Topics:
1. FETCH_DEVICE_INFO_VIA_CLI match and problems with cisco asa
CLI access (Nico)
----------------------------------------------------------------------
Message: 1
Date: Wed, 21 Jun 2017 12:50:49 +0200
From: Nico <[email protected]>
Subject: [Netdot-users] FETCH_DEVICE_INFO_VIA_CLI match and problems
with cisco asa CLI access
To: "[email protected]" <[email protected]>
Message-ID:
<cakxqfmsqqlzpefvadzb7sdk6wndgfbysl4jpb5pmbyeyo_q...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hello,
I'm trying to get Netdot to fetch a cisco 4510's and Cisco 2801 FWT
from the CLI.
Against what does Netdot match the values on FETCH_DEVICE_INFO_VIA_CLI
(in etc/Site.conf) to determine if a device information should be
obtained via CLI?.
The System Description of my 4510 is:
Cisco IOS Software, Catalyst 4500 L3 Switch Software
(cat4500-ENTSERVICESK9-M), Version 12.2(53)SG4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport Copyright (c)
1986-2011 by Cisco Systems, Inc. Compiled Fri 25-Feb-11 14:17
Product
Name: 4510
Manufacturer: Cisco
Description: Cisco Systems, Inc. WS-C4510R 10 slot switch
System ID: 1.3.6.1.4.1.9.1.537
Part Number: WS-C4510R
I've tried with this values to no avail:
'^C4000' => 'CiscoIOS',
'^WS-C4510R' => 'CiscoIOS',
'^Cisco 4510' => 'CiscoIOS',
Debug follows...
SNMP::Info::specify() - Changed Class to SNMP::Info::Layer3::C4000.
DEBUG - Device::get_snmp_session: 10.97.0.50 is: SNMP::Info::Layer3::C4000
A different matter, i'm having problems to obtain ARP table via CLI
from ASA firewalls running version "Cisco Adaptive Security Appliance
Version 9.1(6)" it was working, but ceased to do so some time ago.
I've checked that credentials are ok (login and enable). I've updated
Net::Appliance::Session to latest version (4.200003).
In tests i've made connecting manually to the device, the pager
command should be execute on a privileged and configure terminal
prompt.
I can't figure out what's wrong, debug follows (by the way: Is it
possible to expand the debug so that it shows the information send to
the device (for example the password), i think it will help me debug
the problem?.
DEBUG - asa.mycompany.com: issuing CLI command: 'show arp' over SSH
[ 0.015279] pr finding prompt
[ 0.019376] tr creating Net::Telnet wrapper for ssh
[ 0.021470] tr connecting with: ssh -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null -o CheckHostIP=no -o ConnectTimeout=30 -o
CheckHostIP=no -l username asa.mycompany.com
[ 0.164384] du SEEN:
Warning: Permanently added 'asa.mycompany.com' (RSA) to the list of known hosts.
[ 0.184003] ph reading phrasebook
/usr/lib/perl5/site_perl/5.10.0/Net/CLI/Interact/phrasebook/cisco/pb
[ 0.185189] ph reading phrasebook
/usr/lib/perl5/site_perl/5.10.0/Net/CLI/Interact/phrasebook/cisco/pixos/pb
[ 0.185828] ph storing prompt generic
[ 0.191572] ph storing prompt basic
[ 0.192088] ph storing prompt privileged
[ 0.192599] ph storing prompt configure
[ 0.193087] ph storing prompt user
[ 0.193567] ph storing prompt pass
[ 0.194046] ph storing prompt prompt
[ 0.194530] ph storing prompt err_string
[ 0.195048] ph storing macro begin_privileged
[ 0.196195] ph storing macro end_privileged
[ 0.196765] ph storing macro begin_configure
[ 0.197364] ph storing macro end_configure
[ 0.197943] ph storing macro disconnect
[ 0.198525] ph storing macro paging
[ 0.199145] pr nope, doesn't (yet) match basic
[ 0.199422] pr nope, doesn't (yet) match pass
[ 0.199683] pr nope, doesn't (yet) match privileged
[ 0.200003] pr nope, doesn't (yet) match err_string
[ 0.200310] pr nope, doesn't (yet) match prompt
[ 0.200623] pr nope, doesn't (yet) match generic
[ 0.200883] pr nope, doesn't (yet) match configure
[ 0.201156] pr nope, doesn't (yet) match user
[ 0.201364] pr no match so far, more data?
[ 0.201769] du SEEN:
Warning: Permanently added 'asa.mycompany.com' (RSA) to the list of known hosts.
[email protected]'s password:
[ 0.202061] pr nope, doesn't (yet) match basic
[ 0.202329] pr hit, matches prompt pass
[ 0.203128] pr prompt has been set to (?-xism:[Pp]assword: ?$)
[ 0.205982] pr output matching prompt was
"[email protected]'s password: "
[ 0.206439] di trimmed command response:
Warning: Permanently added 'asa.mycompany.com' (RSA) to the list of known hosts.
[ 0.207989] pr finding prompt
[ 0.208414] du SEEN:
[ 0.208691] pr nope, doesn't (yet) match basic
[ 0.208954] pr nope, doesn't (yet) match pass
[ 0.209271] pr nope, doesn't (yet) match privileged
[ 0.209534] pr nope, doesn't (yet) match err_string
[ 0.209793] pr nope, doesn't (yet) match prompt
[ 0.210104] pr nope, doesn't (yet) match generic
[ 0.210369] pr nope, doesn't (yet) match configure
[ 0.210628] pr nope, doesn't (yet) match user
[ 0.210836] pr no match so far, more data?
[ 0.211348] du SEEN:
Type help or '?' for a list of available commands.
[ 0.211655] pr nope, doesn't (yet) match basic
[ 0.211947] pr nope, doesn't (yet) match pass
[ 0.212206] pr nope, doesn't (yet) match privileged
[ 0.212463] pr hit, matches prompt err_string
[ 0.212732] pr prompt has been set to (?-xism:(?:Type
help|(?:Error|ERROR|Usage|usage):|not allowed))
[ 0.213463] pr output matching prompt was "Type help or '?' for a
list of available commands."
[ 0.213768] di trimmed command response:
ERROR: Device::CLI::_get_arp_from_cli: asa.mycompany.com: login failed
to remote host - prompt does not match at
/usr/lib/perl5/site_perl/5.10.0/Net/Appliance/Session/Transport.pm
line 78.
If i connect manually to the device this is what i see:
Using username "username".
username@asamordor's password:
Type help or '?' for a list of available commands.
OV01FRW018> login
Username: username
Password: *************
OV01FRW018# conf t
OV01FRW018(config)# pager
OV01FRW018(config)# pager lines 0
OV01FRW018(config)#
OV01FRW018 matches the System Name asigned to the device (System Name:
OV01FRW018.mycompany.com) which is different from the name we use
(Name: asa.mycompany.com), and in reality (i've changed names for
privacy) is of course based on Tolkien's Lore, and contains nothing
but letters (no underscores or other characters). But that was not a
problem before. Anyway i tried changing the Name to match System Name
to no avail.
A last bit of information, i have not touched the pb as far as I remember.
cat /usr/lib/perl5/site_perl/5.10.0/Net/CLI/Interact/phrasebook/cisco/pb
prompt generic
match /[\/a-zA-Z0-9._\[\]-]+ ?(?:\(config[^)]*\))? ?[#>] ?$/
prompt basic
match /> ?$/
prompt privileged
match /# ?$/
prompt configure
match /\(config[^)]*\)# ?$/
prompt user
match /[Uu]sername/
prompt pass
match /[Pp]assword: ?$/
# MACROS
macro begin_privileged
send enable
match user or pass or privileged
macro end_privileged
send disable
match basic
macro begin_configure
send configure terminal
match configure
macro end_configure
send exit
match privileged
macro disconnect
send exit
match generic
# macro completion
# send ?
# legacy support
prompt prompt
match /[\/a-zA-Z0-9._\[\]-]+ ?(?:\(config[^)]*\))? ?[#>] ?$/
cat /usr/lib/perl5/site_perl/5.10.0/Net/CLI/Interact/phrasebook/cisco/pixos/pb
prompt err_string
match /(?:Type help|(?:Error|ERROR|Usage|usage):|not allowed)/
macro paging
send pager lines %s
Thank you very much and greetings.
--
Nico
------------------------------
_______________________________________________
Netdot-users mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-users
End of Netdot-users Digest, Vol 98, Issue 2
*******************************************
