[nsp] Cisco/Router Management Tool

Chris Bissell cbissell at frii.com
Tue Nov 25 15:08:52 EST 2003

	I was wondering if a tool had been already created that did the 
following.  It would be nice if we could have a daemon running on one of 
our management servers that kept a ssh/telnet connection open to the 
majority of our routers (currently Cisco, but a few other brands as 
well).  You could have users send commands to this daemon which would then 
send the command to the router and reply back with the output, using any 
authentication scheme you wrote into the daemon.
	The reason for this is as follows, we could use this program to repeatedly 
run certain commands from a script for troubleshooting purposes (for things 
that you can't get via SNMP).  Since the connection to the router is kept 
open, you could then reduce the overhead connection setup and teardown.  We 
could also, through a bit of coding create a way for low privilege techs to 
access particular commands without having to know the passwords to the 
router. (I know that can also be accomplished a few different ways with 
TACACS+ and privilege levels as well).  Does anybody know of a tool that 
accomplishes this?
	I could see a tool like this being the only way the majority of people 
would access the routers, which would give us full flexibility to write 
dynamic access rules and such.  We run mostly FreeBSD here so a tool that 
worked on that system would be easiest, but any platform would do.

More information about the cisco-nsp mailing list