Hi John,
I'm still playing around with AAA. What I'm finding, is that the f*&^% WLC CLI
authorization mechanism is all bork bork bork. I can set a read-only role, but
that disables the ability to issue the "config pager disable" command since the
entire "config *" command tree is not available. I can set a higher role, and
perhaps the command will appear, but I'm struggling to figure out how to create
a custom role definition (I suspect it might be impossible since the Cisco WLC
is designed to be GUI-based). We can discuss another time allowing automation
to make changes to the system - I'm fighting this battle internally but it's
not going well, for now let's just say I need to demonstrate confidence that
rancid will only get data, not change anything more complicated than a "last
login" notice.
In any event - so, this leaves me with the CLI role I have, and without the
"config paging disable" to be used.
I'm running rancid 3.4.1, I notice the latest 3.8 is slightly different in
wlogin. But, they're relatively similar, and neither version (I think?)
catches the specific prompts that might appear to prompt for paging. Might
they possibly be added? See below what I did to wlogin v3.4.1 (aka my
installation), let me know if I did this wrong (I'm an accomplished network
engineer... but a poor excuse for a software engineer).
Also, wlogin uses "exit" to close the CLI when -c or -x is specified; it needs
to be "logout" instead regardless of user role. Where do I change this? I
suppose I can do this in rancid.types.base (.conf?), but I'd prefer not to
since I /do/ use *login with the -p and -u options on occasion with some simple
BASH command-line scripts to accomplish manual campus-wide pre-planned changes.
I tried grep'ing through some files, that didn't work too well.
Weylin
I modified 3.4.1 bin/wlogin on this line:
for {set i 0} {$i < $num_commands} { incr i} {
send -- "[subst -nocommands [lindex $commands $i]]\r"
expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send_user --
"$expect_out(buffer)"
exp_continue
}
-re "^--More--\[\r\n]+" { # specific match c1900 pager
send " "
exp_continue
}
-re "\[\n\r]+" { send_user --
"$expect_out(buffer)"
exp_continue
}
+ -re "^--More-- .*" { send "q" # note the
[[:space:]] between --More-- and the period
+ exp_continue
+ }
}
}}
On 7/27/18, 6:30 PM, "Piegorsch, Weylin William" <wey...@bu.edu> wrote:
This might be a tacacs issue. When I log in as a normal user, the config
paging disable command appears when I type "?". I'll play around with that
over the weekend.
Weylin
(cumm111-wism-aca05) >?
debug Manages system debug options.
exit
grep Print lines matching a pattern.
help Help
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
show Display switch options and settings.
(cumm111-wism-aca05) >
On 7/27/18, 6:29 PM, "Piegorsch, Weylin William" <wey...@bu.edu> wrote:
Ah; thanks, I see it there. Something is amiss with that. "eval... ;
cat -v" output below.
Weylin
[rancid@nsgv-prod-59 ~]$ eval `rancid -t cisco-wlc5 -C
cumm111-wism-aca05.bu.edu` &> output
[rancid@nsgv-prod-59 ~]$ cat -v output
cumm111-wism-aca05.bu.edu
spawn ssh -2 -c
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x
-l rancid cumm111-wism-aca05.bu.edu^M
^M
Access to this system is permitted for authorized persons only. All
connections are logged and monitored. By accessing this system, you
acknowledge that use of this and any other technology at Boston University is
subject to the terms of the Boston University Conditions of Use and Policy on
Computing Ethics; please see: http://www.bu.edu/computing/ethics for details.^M
(cumm111-wism-aca05) ^M
User: rancid^M
Password:*******^M
(cumm111-wism-aca05) >^M
(cumm111-wism-aca05) >config paging disable^M
^M
Incorrect usage. Use the '?' or <TAB> key to list commands.^M
^M
(cumm111-wism-aca05) >show udi^M
^MNAME: "Chassis" , DESCR: "Cisco Wireless Services Module 2"
^MPID: WS-SVC-WISM2-K9, VID: V01, SN: SAL172893FZ^M
^M
(cumm111-wism-aca05) >show sysinfo^M
^M
Manufacturer's Name.............................. Cisco Systems Inc.^M
Product Name..................................... Cisco Controller^M
Product Version.................................. 8.2.166.0^M
Bootloader Version............................... 1.0.20^M
Field Recovery Image Version..................... 7.6.101.1^M
Firmware Version................................. FPGA 1.7, Env 0.0,
USB console 2.2^M
Build Type....................................... DATA + WPS
^M
System Name...................................... cumm111-wism-aca05^M
System Location.................................. 111 Cummington St.,
Room B05^M
System Contact................................... Network Operations
Center^M
System ObjectID.................................. 1.3.6.1.4.1.9.1.1293^M
Redundancy Mode.................................. SSO^M
IP Address....................................... 10.123.18.234^M
IPv6 Address..................................... ::^M
Last Reset....................................... Software reset^M
System Up Time................................... 98 days 3 hrs 47 mins
5 secs^M
System Timezone Location......................... (GMT -5:00) Eastern
Time (US and Canada)^M
System Stats Realtime Interval................... 5^M
System Stats Normal Interval..................... 180
^M
^M
Error: TIMEOUT reached
[rancid@nsgv-prod-59 ~]$
On 7/27/18, 11:16 AM, "heasley" <h...@shrubbery.net> wrote:
Fri, Jul 27, 2018 at 12:08:37PM +0000, Piegorsch, Weylin William:
> I did some experimenting, issuing the "config paging disable" CLI
command on initial login seems to eliminate the paging issue, similar to the
ASA "terminal pager 0" or the IOS "terminal length 0".
> weylin
wlogin should have sent this command at the beginning. please look
at
the beginning of the transcript with the device.
> On 7/27/18, 8:01 AM, "Piegorsch, Weylin William" <wey...@bu.edu>
wrote:
>
> When I login as myself and run the "show sysinfo" command, I
get the below output. I notice that rancid (wlogin) gets stuck on the prompt
at the end there. When expect sees the prompt, a <space> would be the
appropriate response. I'm not sure how to disable paging, unfortunately.
>
> Weylin
>
> (cumm111-wism-aca05) >show sysinfo
>
> Manufacturer's Name.............................. Cisco
Systems Inc.
> Product Name..................................... Cisco
Controller
> Product Version.................................. 8.2.166.0
> Bootloader Version............................... 1.0.20
> Field Recovery Image Version..................... 7.6.101.1
> Firmware Version................................. FPGA 1.7,
Env 0.0, USB console 2.2
> Build Type....................................... DATA + WPS
>
> System Name......................................
cumm111-wism-aca05
> System Location.................................. 111
Cummington St., Room B05
> System Contact................................... Network
Operations Center
> System ObjectID..................................
1.3.6.1.4.1.9.1.1293
> Redundancy Mode.................................. SSO
> IP Address.......................................
10.123.18.234
> IPv6 Address..................................... ::
> Last Reset....................................... Software
reset
> System Up Time................................... 97 days 17
hrs 26 mins 34 secs
> System Timezone Location......................... (GMT -5:00)
Eastern Time (US and Canada)
> System Stats Realtime Interval................... 5
> System Stats Normal Interval..................... 180
>
>
> --More-- or (q)uit
>
>
>
>
>
> On 7/26/18, 6:43 PM, "heasley" <h...@shrubbery.net> wrote:
>
> Thu, Jul 26, 2018 at 09:20:42PM +0000, Piegorsch, Weylin
William:
> > I should note that using the NOPIPE=yes thing causes
the "controller wlogin error: Error: Connection closed (ssh): controller"
message that I show below. If I omit the NOPIPE environment variable on the
CLI, I get the output I showed in the other email, where it hangs in the middle
of output.
> >
> > weylin
>
> i dont see the problem in what you've provided; you'll
have to share more
> output with me.
>
> eval `rancid -t cisco-wlc8 -C hostname` &> output
>
>
>
>
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
