[c-nsp] 12.2SXH 'archive' / Configuration Management
Alex Howells
alex at bytemark.co.uk
Sun Jun 8 11:14:33 EDT 2008
Aloha :)
What is the collective opinion on the best way to do change monitoring /
management with router and switch configurations?
http://www.cymru.com/Documents/secure-ios-template.html
That template makes fairly extensive use of the 'archive' command but
some older IOS doesn't include that functionality; I've also seen/heard
RANCID being deployed and would like something which "Just works".
We're a small ISP in the United Kingdom who're just transitioning from
having one network engineer to a few people being involved - it
therefore seems worthwhile to try and track changes for later fault
diagnosis if someone is off on holiday, and for security/sanity reasons.
Ideally it'd be able to cope with most/all of the follow devices:
18xx and 28xx ISRs
26xx (Console Servers)
7600s (Core / Edge)
2950/2960 Switches
3550/3560 Switches
837/857/877 ADSL (Home Equipment)
..random other stuff.. (Network Lab)
Real-world battle stories appreciated, custom hacks also considered ;)
Something capable of stripping out sensitive information like passwords
from the downloaded configurations would be nice, integration with a
half-decent system like Subversion too... Perhaps something which pulls
the configuration(s) via SNMP - is that going to be easy to secure?
Definitely something which doesn't put undue load on the
routers/switches as we've got some older kit deployed :)
What's the collective opinion on how often you should poll devices?
Obviously if not often enough you lose granularity for lots of small
changes being implemented, if too often, things go boom?
Thanks, as always,
Alex
More information about the cisco-nsp
mailing list