We use a combination of RANCID and Solarwinds Cirrus Configuration Manager. Cirrus allows you to run command scripts, check Cisco router inventory, find IPs in the network, and many other things:
http://www.solarwinds.net/products/Cirrus/index.aspx If you don't have the programming experience needed for generating your own scripts, Cirrus is a great tool to use, although a bit on the pricey side. -evt > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Warren Kumari > Sent: Monday, June 18, 2007 11:17 AM > To: Kevin Oberman > Cc: juniper-nsp@puck.nether.net; phil colbourn > Subject: Re: [j-nsp] Network Configuration Management > > For config backups and revisioning I usually use RANCID > combined with > some scripts that parse the downloaded configs, pull the serial > number data out and stick it in a database somewhere -- this is > primarily to make sure that I don't redeploy a known defective card > (or a card that gets shipped back via an RMA). > > As for implementing config changes, that all depends on what the > changes are and what the situation is: > If it is a simple, non-critical change that has no logic involved > (eg: changing all of your NTP servers) I usually just throw together > a shell script that calls jlogin (from RNACID) directly, something > along the lines of: > for router in `ls` > do > jlogin -c "<Commands to be run>" $router > sleep 2 > done > > If it is a more complex change (eg: If interface description > contains > "blah" then set foo) I usually throw together something in perl / > python. > > I started writing a program at one stage that would take some > conditions to check for and commands to run if those conditions > match, but it quickly developed feature creep and ended up trying to > do to much (eg: "FIND interface WHERE neighbor_as = 123 AND DO SET > INTERFACE_DESCRIPTION TO BE "Connects to AS123" ON ALL ROUTERS LIKE > "peer*.*" STOP) -- I found myself spending so much time > debugging the > program and trying to remember the syntax that I had created that I > deleted it in disgust! > > Keep in mind that if you have been sloppy or if your current configs > are somewhat messy performing automated changes can be very > dangerous > -- I used to work at a cisco shop that used numbered access lists -- > someone decided to script pushing out a new version of the SNMP > access list, which *should* have been 161 on all routers..... Except > for the 30 or so that used that to lock down the management > interface > and the 15 or so that used that as an edge ACL.... > > Warren > www.kumari.net > > > > > On Jun 17, 2007, at 10:45 PM, Kevin Oberman wrote: > > >> From: phil colbourn <[EMAIL PROTECTED]> > >> Date: Mon, 18 Jun 2007 10:43:06 +1000 > >> Sender: [EMAIL PROTECTED] > >> > >> I would be interested in knowing what configuration management > >> systems > >> (commercial, open source or home-grown) that you use or > have used to > >> implement router/switch config changes, upload/download configs, > >> track > >> versions and track assets. > > > > I use a modified version of rancid (http://www.shrubery.net/rancid). > > Free and very widely used. > > -- > > R. Kevin Oberman, Network Engineer > > Energy Sciences Network (ESnet) > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > > E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > -- > If the bad guys have copies of your MD5 passwords, then you have way > bigger problems than the bad guys having copies of your MD5 passwords. > -- Richard A Steenbergen > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp