NeDi Community

NeDi Software Specific => Discovery => Topic started by: ToddMurray on August 07, 2011, 04:26:02 PM

Title: Backup problems with Avaya 5698T when I secure the switch.
Post by: ToddMurray on August 07, 2011, 04:26:02 PM
I have an Avaya 5698T.
I have the "cmd-interface cli" added to this switch, and set Telnet/WEB Switch password Type to "none"
This just lets anyone login by control/Y when I telnet to the device.
This allows backups to work when I run ./nedi.pl -vb -a 10.0.0.3
See attached 5698T_no_passwords.txt
Now when I enable the local security on this this switch as follows (This config requires me to press control/Y, then add username "RO", password "user".)

telnet-access login-timeout 1
telnet-access retry 99
telnet-access inactive-timeout 15
telnet-access logging all
cli password switch telnet local
username "RO" "user" ro
username "RW" "secure" rw

Add this config to the nedi.conf
usr RO user

Now if I run ./nedi.pl -vb -a 10.0.0.8, It fails to login to perform the show run for backup.
See the attached log called 5698T_backup_failed.txt


Any ideas as how to resolve this one?
Thanks in advance.
ToddMurray - Ajax,Ontario,Canada
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: rickli on August 07, 2011, 08:21:43 PM
Moved to discovery...

This points to a wrong pw, since it matches username prompt after entering it:

CLI3:Matched Username: , login failed


But could also be something else. If you use -d (debug), you can tail -f on input and output.log to ecactly see, what's going on...
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: ToddMurray on August 08, 2011, 05:44:03 PM
Update.
I've changed the authentication on the switch to tacacs the following command was run:
./nedi.pl -vbBda 172.20.43.68

The login works, however when the "show run" command is run,  I get the following error:
Use of uninitialized value $misc::curcfg[0] in concatenation (.) or string at ./inc/libcli-iopty.pm line 697.
Attached is my output from ./nedi.pl -vbBda 172.20.43.68

I did login to the switch using my tacacs account, typef "enable", "terminal length 0", "show run", to verify I actually see a running config and it displayed the full configuration.
Thanks
Todd
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: rickli on August 09, 2011, 12:05:22 AM
Run nedi -vbda 172.20.43.68 with 2 more terminals open. Do tail -f input.log and tail -f output.log to exactly follow the communication. I'll try to reproduce with the Baystack I have...
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: ToddMurray on August 09, 2011, 03:35:56 AM
Cool, I did a quick test at home and I see what you mean about the following commands in separate windows:
tail -f input.log
tail -f output.log

I will try this when I get to work on a switch that has tacacs enabled.
Thanks
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: ToddMurray on August 12, 2011, 03:08:26 PM
I have re-run this test on Nortel 5520 with the following switch software  ***************************************************************
  *** Ethernet Routing Switch 5520-48T-PWR                    ***
  *** Nortel                                                  ***
  *** Copyright (c) 1996-2010,  All Rights Reserved           ***
  *** BOSS 6.0 SSH                                            ***
  *** HW:35       FW:6.0.0.9   SW:v6.1.3.025                  ***
  ***************************************************************
SNMP RO string:public
Local Read only username:  RO
Local Read only password:  user


From the  input.log file, I see the prompt stuck at username. Perhaps this is the problem.
The output suggests it does send the password however.
Login still fails.See attached logs.
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: rickli on August 14, 2011, 02:23:11 PM
Hmm, I wasn't aware that they use ESC sequences as well. This is a problem with the ProCurve switches too. Can this device be configured to use vt100 only?
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: ToddMurray on August 15, 2011, 12:48:05 AM
I looked for a possible VT100 Setting and found only a terminal command via the command line.
#terminal ?
  length  Set number of lines on a screen
  speed   Set the transmit and receive speeds
  width   Set width of the display terminal
Title: Re: Backup problems with Avaya 5698T when I secure the switch.
Post by: rickli on September 10, 2011, 01:16:15 AM
Since I had my Baystack470 up and running for working on NDP, I also looked at the login stuff. You're absolutely right with the line wrap problem! Also since the whole login screen is being rebuilt, after one enters the password, it matches "Username:" again, which results in an error, even thought login would have actually worked. Unfortunately this logic is required, since some other switches only come back with this prompt upon entering wrong credentials (no other indicators)...