[c-nsp] Rancid use without level 15 access?

Nick Hilliard nick at foobar.org
Fri Jul 6 11:47:16 EDT 2012


On 06/07/2012 15:50, Steven Raymond wrote:
> Is it possible to make use RANCID for Cisco config archiving without
> having to grant it full level 15 access?  So far we've found "no", but
> wondered if anyone has a trick or two?

You can use tacacs+ authorization, and create a big long list of commands
that rancid expects to be able to use.  I've personally found this more
trouble than it's worth, because the command list changes from IOS device
to device and from one rancid version to another.  And it's a pain in the
ass to debug when stuff goes wrong because rancid doesn't detect this and
gripe - it fails silently.

Nick


More information about the cisco-nsp mailing list