[c-nsp] Automatically Synchronize IOS Router Configurations?
Adam Armstrong
lists at memetic.org
Wed Apr 22 19:16:03 EDT 2009
Graham Wooden wrote:
> Sync between each other? Yeah, you will have to look at something external,
> something that would have write perms (like through SNMP or AAA). Maybe a
> tacacs+ system can do this? I know there are products/scripts that can tftp
> off / snmp read the config and store them off. There maybe a push mechanism
> as well?
>
> But you are correct - just because they are in a HSRP standby group, doesn't
> mean that they can replicate. And with good reason too - there are
> somethings you *don't* want to replicate, and a blanket copy-over would be
> bad....
>
Not to mention that unlike a firewall, there should be relatively few
changes to a router. Assuming it's not doing filtering/NAT or other
things requiring lots of changes, of course.
If it's just a case of adding a new VLAN/Subinterface and putting an IP
in it and the VLAN/Subif/IP scheme is predictable, I guess it could be
easily scripted via snmp/tftp or telnet/ssh(+clogin?)
We do something similar for blanket config changes like ACLs and BGP
peers. It works quite well, but if we had time to do it by hand to so
many devices we'd probably prefer to...
adam.
More information about the cisco-nsp
mailing list