Really Awesome Network Config Differ Tricks we use to forget

Install Rancid

First install rancid via the repositories :

aptitude install rancid

Maybe it will not install the CVS dependency, if it is the case you can still install it later.

Most of files should be located in


. Only the config file is located in


The script files which are going to save your configs are located in the




Configure Router


On Brocade devices, I strugeled at the beginning until I found out the problem was the SSH cryptographic method, and then that I needed the “skip-page-display” option set to get full config saved :

enable read-only-password anypassword
privilege exec level 5 skip-page-display
username rancid privilege 5 password yourpassword

Check that ssh access-list grants you access to the device.


set system login class noc permissions view
set system login class noc permissions view-configuration
set system login user rancid authentication plain-text-password/encrypted-password
set system login user rancid class noc

Configure Server

First, all you need to do is edit the config file in


and search for :

# list of rancid groups
LIST_OF_GROUPS="customer-routers customer-switches"

Here you can add group labels that will represent a category of devices.

To generate the files accordingly to the groups, use :

su - rancid

NOTE: Command should be launched by rancid user.

Go to


and edit the


file which has to look like this :


There can be hostnames or IPs. If hostnames are set, /etc/hosts file has to be informed about.

The second task is creating a file that matchs options and passwords to devices :

touch /var/lib/rancid/.cloginrc
vim .cloginrc

For example :

add cyphertype  192.168.65.*     aes128-cbc
add user        *       rancid
#for the brocade devices including cers and fcxs/icxs
add password 192.168.65.* passwd enable-passwd
#for the juniper devices
add password    *       passwd
add method     *    ssh

Don’t forget to protect this critical file :

chmod 600 .cloginrc
chown rancid:rancid .cloginrc

Test & Troubleshooting

You can test it by using the script corresponding to the device brand /juniper= jlogin, cisco = clogin,etc.) :


If output looks like this, Rancid should be able to access device with correct user/passwd:

spawn ssh -c 3des -x -l admin
admin@'s password:

Now you can test if the backup works :


Check the output :

tail -n 200 /var/log/rancid/rancidxxxx.log

If it works, log should look like:

Trying to get all of the configs.
All routers sucessfully completed.

Set Cronjob

For a backup every day at 10 PM :
echo "00 22 * * * rancid nice /var/lib/rancid/bin/rancid-run > /dev/null 2>&1" >> /etc/crontab

You’re done. Now the most important part is to verifiy weekly/monthly if backups are still working. Trust me, the day (Murphy whistle’s me “night”) you need a config file with 100 route-maps and 300 peerings, you don’t want to find out the backups are not working for a month now. 🙂



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s