diff options
Diffstat (limited to 'docs/Model-Notes')
| -rw-r--r-- | docs/Model-Notes/AireOS.md | 12 | ||||
| -rw-r--r-- | docs/Model-Notes/ArbOS.md | 12 | ||||
| -rw-r--r-- | docs/Model-Notes/Comware.md | 14 | ||||
| -rw-r--r-- | docs/Model-Notes/EOS.md | 9 | ||||
| -rw-r--r-- | docs/Model-Notes/JunOS.md | 34 | ||||
| -rw-r--r-- | docs/Model-Notes/Netgear.md | 68 | ||||
| -rw-r--r-- | docs/Model-Notes/README.md | 19 | ||||
| -rw-r--r-- | docs/Model-Notes/VRP-Huawei.md | 35 | ||||
| -rw-r--r-- | docs/Model-Notes/XGS4600-Zyxel.md | 39 | 
9 files changed, 242 insertions, 0 deletions
| diff --git a/docs/Model-Notes/AireOS.md b/docs/Model-Notes/AireOS.md new file mode 100644 index 0000000..5674ae2 --- /dev/null +++ b/docs/Model-Notes/AireOS.md @@ -0,0 +1,12 @@ +Cisco WLC Configuration +======================= + +Create a user with read-write privilege: + +```text +mgmtuser add oxidized **** read-write +``` + +Oxidized needs read-write privilege in order to execute 'config paging disable'. + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/ArbOS.md b/docs/Model-Notes/ArbOS.md new file mode 100644 index 0000000..ebac997 --- /dev/null +++ b/docs/Model-Notes/ArbOS.md @@ -0,0 +1,12 @@ +Arbor Networks ArbOS notes +========================== + +If you are running ArbOS version 7 or lower then you may need to update the model to remove `exec true`: + +```ruby +  cfg :ssh do +    pre_logout 'exit' +  end +``` + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/Comware.md b/docs/Model-Notes/Comware.md new file mode 100644 index 0000000..048f312 --- /dev/null +++ b/docs/Model-Notes/Comware.md @@ -0,0 +1,14 @@ +Comware Configuration +===================== + +If you find 3Com Comware devices aren't being backed up this may be due to prompt detection not matching because a previous login message is disabled after the first prompt. + +You can disable this on the devices themselves by running this command: + +```text +info-center source default channel 1 log state off debug state off +``` + +[Reference](https://github.com/ytti/oxidized/issues/1171) + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/EOS.md b/docs/Model-Notes/EOS.md new file mode 100644 index 0000000..66287e3 --- /dev/null +++ b/docs/Model-Notes/EOS.md @@ -0,0 +1,9 @@ +Arista EOS Configuration +======================== + +By default EOS requires keyboard-interactive to be added to your Oxidized config. You can avoid having to do this by configuring the following on the EOS device: + +``` +management ssh +   authentication mode password +``` diff --git a/docs/Model-Notes/JunOS.md b/docs/Model-Notes/JunOS.md new file mode 100644 index 0000000..8093df0 --- /dev/null +++ b/docs/Model-Notes/JunOS.md @@ -0,0 +1,34 @@ +JunOS Configuration +=================== + +Create login class cfg-view + +```text +set system login class cfg-view permissions view-configuration +set system login class cfg-view allow-commands "(show)|(set cli screen-length)|(set cli screen-width)" +set system login class cfg-view deny-commands "(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)|(set)|(start)|(test)" +set system login class cfg-view deny-configuration all +``` + +Create a user with cfg-view class + +```text +set system login user oxidized class cfg-view +set system login user oxidized authentication plain-text-password "verysecret" +``` + +The commands Oxidized executes are: + +1. set cli screen-length 0 +2. set cli screen-width 0 +3. show configuration +4. show version +5. show chassis hardware +6. show system license +7. show system license keys (ex22|ex33|ex4|ex8|qfx only) +8. show virtual-chassis (MX960 only) +9. show chassis fabric reachability + +Oxidized can now retrieve your configuration! + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/Netgear.md b/docs/Model-Notes/Netgear.md new file mode 100644 index 0000000..d82bdcc --- /dev/null +++ b/docs/Model-Notes/Netgear.md @@ -0,0 +1,68 @@ +Netgear Configuration +===================== + +There are several models available with CLI management via telnet (port 60000), but they all behave like one of the following: +- older models: +``` +Connected to 192.168.3.201. + +(GS748Tv4) +Applying Interface configuration, please wait ...admin +Password:******** +(GS748Tv4) >enable +Password: + +(GS748Tv4) #terminal length 0 + +(GS748Tv4) #show running-config +``` + +- newer models: +``` +Connected to 172.0.3.203. + +User:admin +Password:******** +(GS724Tv4) >enable + +(GS724Tv4) #terminal length 0 + +(GS724Tv4) #show running-config +``` + +The main differences are: +- the prompt for username is different (looks quite strange for older models) +- enable password +  - the older model prompts for enable password and it expects empty string +  - the newer model does not prompt for enable password at all + +Configuration for older/newer models: make sure you have defined variable 'enable': +- `'true'` for newer models +- `''` empty string: for older models + +One possible configuration: +- oxidized config +```yaml +source: +  default: csv +  csv: +    file: "/home/oxidized/.config/oxidized/router.db" +    delimiter: !ruby/regexp /:/ +    map: +      name: 0 +      model: 1 +      username: 2 +      password: 3 +    vars_map: +      enable: 4 +      telnet_port: 5 +``` +- router.db +``` +switchOldFW:netgear:admin:adminpw::60000 +switchNewFW:netgear:admin:adminpw:true:60000 +``` + +[Reference](https://github.com/ytti/oxidized/pull/1268) + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/README.md b/docs/Model-Notes/README.md new file mode 100644 index 0000000..993eb77 --- /dev/null +++ b/docs/Model-Notes/README.md @@ -0,0 +1,19 @@ +Model Notes +=========== + +This directory contains implementation notes and caveats to assist you in your oxidized deployment. + +Use the table below for more information on the Vendor/Model caveats. + +Vendor          | Model           |Updated +----------------|-----------------|---------------- +3COM|[Comware](Comware.md)|15 Feb 2018 +AireOS|[AireOS](AireOS.md)|29 Nov 2017 +Arbor Networks|[ArbOS](ArbOS.md)|27 Feb 2018 +Arista|[EOS](EOS.md)|05 Feb 2018 +Huawei|[VRP](VRP-Huawei.md)|17 Nov 2017 +Juniper|[MX/QFX/EX/SRX/J Series](JunOS.md)|18 Jan 2018 +Netgear|[Netgear](Netgear.md)|11 Apr 2018 +Zyxel|[XGS4600 Series](XGS4600-Zyxel.md)|1 Feb 2018 + +If you discover additional caveats or problems please make sure to consult the [GitHub issues for oxidized](https://github.com/ytti/oxidized/issues) known issues. diff --git a/docs/Model-Notes/VRP-Huawei.md b/docs/Model-Notes/VRP-Huawei.md new file mode 100644 index 0000000..ff5426e --- /dev/null +++ b/docs/Model-Notes/VRP-Huawei.md @@ -0,0 +1,35 @@ +Huawei VRP Configuration +======================== + +Create a user with no privileges + +```text +    <HUAWEI> system-view +    [~HUAWEI] aaa +    [~HUAWEI-aaa] local-user oxidized password irreversible-cipher verysecret +    [*HUAWEI-aaa] local-user oxidized level 1 +    [*HUAWEI-aaa] local-user oxidized service-type terminal ssh +    [*HUAWEI-aaa] commit +``` + +The commands Oxidized executes are: + +1. screen-length 0 temporary +2. display version +3. display device +4. display current-configuration all + +Command 2 and 3 can be executed without issues, but 1 and 4 are only available for higher level users. Instead of making Oxidized a read/write user on your device, lower the privilege-level for commands 1 and 4: + +```text +    <HUAWEI> system-view +    [~HUAWEI] command-privilege level 1 view global display current-configuration all +    [*HUAWEI] command-privilege level 1 view shell screen-length +    [*HUAWEI] commit +``` + +Oxidized can now retrieve your configuration! + +Caveat: Some versions of VRP default to appending a timestamp prior to the output of each `display` command, which will lead to superfluous updates. The configuration statement `timestamp disable` can be used to disable this functionality. (Issue #1218) + +Back to [Model-Notes](README.md) diff --git a/docs/Model-Notes/XGS4600-Zyxel.md b/docs/Model-Notes/XGS4600-Zyxel.md new file mode 100644 index 0000000..8b58ed8 --- /dev/null +++ b/docs/Model-Notes/XGS4600-Zyxel.md @@ -0,0 +1,39 @@ +ZynOS Configuration +=================== + +## FTP + +FTP access is only possible as admin, other users can login but cannot pull the files. +For the XGS4600 series the config file is _config_ and not _config-0_ + +The following line in _oxidized/lib/oxidized/model/zynos.rb_ will need changing + +```text +  cmd 'config-0' +``` + +The inclusion of an extra ftp option is also require. Within _input_ add the following + +```yaml +input: +  ftp: +    passive: false +``` + + +## SSH/TelNet + +Below is the table from the XGS4600 CLI Reference Guide (Version 3.79~4.50 Edition 1, 07/2017) +Take this table with a pinch of salt, level 3 will not allow _show running-config_! + +Privilege Level | Types of commands at this privilege level +----------------|------------------------------------------- +0|Display basic system information. +3|Display configuration or status. +13|Configure features except for login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, administrator and enable passwords, and configuration information display. +14|Configure login accounts, SNMP user accounts, the authentication method sequence and authorization settings, multiple logins, and administrator and enable passwords, and display configuration information. + + +Oxidized can now retrieve your configuration! + +Back to [Model-Notes](README.md) | 
