[j-nsp] ERX1440, how to limit login to be able to "show conf" only
Scott Weeks
surfer at mauigateway.com
Wed Jul 2 13:58:27 EDT 2008
I mistyped the below. s/test/text/
One thing I want to point out (from past experience of MUCH pain) is there is a .scr file that's text and a .cnf file that's a binary file. My configs are really big. For example:
> wc -l 16W_07-02-2008.scr
213321 16W_07-02-2008.scr
It takes WAY, WAY too long to put in a 213,321 line conf in the router as a text file. I found this out when another guy did not do a maintenance correctly and I only had text backups on a Unix server... >:-( The .cnf file is a binary that squirts into the router very quickly compared the text file. This PERL program puts a text file and a binary file on the flash (after erasing the previous night's) and transfers both off router to a Unix server in case the flash is corrupted.
The main concern for some folks will be that the password is in clear text on the Unix server where the PERL programs reside (since most folks here are Micro$loth people, I don't have to worry too much... :-) If that's a concern, be sure to lock down the directory where the .pl programs reside very well.
scott
----------------------------------
2. why does the script run two command
copy running-config 16w.cnf
sh configure > 16.scr
what's the difference between content of 16w.cnf
and 16.scr?
could we just use “copy running-config 16w.cnf" ?
---------------------------------
.scr is a test file that can be looked at on the UNIX box and the permissions can be used to control who looks at it. The .cnf file is a binary file to be used in case the ERX needs rebooting. It takes too long for the ERX to be reconfigured from the text file.
----------------------------
More information about the juniper-nsp
mailing list