[c-nsp] 12.2SXH 'archive' / Configuration Management

Alex Moya alexmoya at bellsouth.net
Sun Jun 8 14:02:06 EDT 2008 

Try kiwi cattools works well and will send you a detailed list of  
changes.not very expensive

Sent from my iPhone

On Jun 8, 2008, at 11:14 AM, Alex Howells <alex at bytemark.co.uk> wrote:

> Aloha :)
>
> What is the collective opinion on the best way to do change  
> monitoring / management with router and switch configurations?
>
>   http://www.cymru.com/Documents/secure-ios-template.html
>
> That template makes fairly extensive use of the 'archive' command  
> but some older IOS doesn't include that functionality; I've also  
> seen/heard RANCID being deployed and would like something which  
> "Just works".
>
> We're a small ISP in the United Kingdom who're just transitioning  
> from having one network engineer to a few people being involved - it  
> therefore seems worthwhile to try and track changes for later fault  
> diagnosis if someone is off on holiday, and for security/sanity  
> reasons.  Ideally it'd be able to cope with most/all of the follow  
> devices:
>
>    18xx and 28xx ISRs
>    26xx (Console Servers)
>    7600s (Core / Edge)
>    2950/2960 Switches
>    3550/3560 Switches
>    837/857/877 ADSL (Home Equipment)
>    ..random other stuff.. (Network Lab)
>
> Real-world battle stories appreciated, custom hacks also  
> considered ;) Something capable of stripping out sensitive  
> information like passwords from the downloaded configurations would  
> be nice, integration with a half-decent system like Subversion  
> too... Perhaps something which pulls the configuration(s) via SNMP -  
> is that going to be easy to secure? Definitely something which  
> doesn't put undue load on the routers/switches as we've got some  
> older kit deployed :)
>
> What's the collective opinion on how often you should poll devices?  
> Obviously if not often enough you lose granularity for lots of small  
> changes being implemented, if too often, things go boom?
>
> Thanks, as always,
> Alex
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list