[j-nsp] ERX1440, how to limit login to be able to "show conf" only
Scott Weeks
surfer at mauigateway.com
Tue Jul 1 20:39:25 EDT 2008
--- sj_hznm at yahoo.com.cn wrote:
From: Joe Shen <sj_hznm at yahoo.com.cn>
Or, is it possible to fetch configuation file by RO
SNMP community?
----------------------------------------------------
You could always use the Net::Telnet PERL module and download it to a directory on a server and control access using permissions. The way I do it is to put a current .scr and .cnf on the flash card and then copy them to the UNIX server each night during low traffic using a crontab entry. My router in this case is called HNLLHIMN16W.
bash-3.00$ crontab -l
0 0 * * * /export/home/router/backup-programs/16w-backup.pl
>less /export/home/router/backup-programs/16w-backup.pl
#! /usr/bin/perl
use POSIX qw(strftime);
$today = strftime "%m-%d-%Y", localtime;
use Net::Telnet;
$telnet = new Net::Telnet (Timeout => 2000, input_log => "/usr/router-backups/juniper/16W-log.txt", Errmode => 'die');
$telnet->open('IP_HERE');
$telnet->waitfor('/password:/');
$telnet->print('PASSWD_HERE');
$telnet->waitfor('/HNLLHIMN.*>$/');
$telnet->print('en');
$telnet->waitfor('/Password: $/');
$telnet->print('PASSWD_HERE');
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print('del 16W.cnf');
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print('del 16W.scr');
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print('copy running-configuration 16W.cnf');
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print('show config > 16W.scr');
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print("copy 16W.cnf erx:/usr/router-backups/juniper/16W_$today.cnf");
$telnet->waitfor('/HNLLHIMN.*#$/');
$telnet->print("copy 16W.scr erx:/usr/router-backups/juniper/16W_$today.scr");
$telnet->waitfor('/HNLLHIMN.*#$/');
scott
More information about the juniper-nsp
mailing list