Wired

last person joined: 19 minutes ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

"show run" (Orion vs enhanced secure-mode)

  • 1.  "show run" (Orion vs enhanced secure-mode)

    Posted Sep 18, 2019 10:40 AM

    I'm using SolarWinds Orion to manage several devices, including Aruba switches. (Specifically, the JL557A 2930F, but I think this issue applies to any device running ArubaOS.)

     

    Orion can download the running config for a switch; there are templates that supply the relevant command for each platform. When an Aruba switch uses standard secure-mode, that works fine. However, if I put an Aruba switch into enhanced secure-mode, Orion can't download the config anymore.

     

    If I log into the Aruba switch directly and type "show running-config", the response is "Do you want to show sensitive information (y/n)?" As an interactive user, I can press "y" to display the running config. However, Orion just gets stuck at that point, then it discards that single line of output as being too short for a config file.

     

    So, my question. Is there a way to bypass that extra prompt? E.g. in MS-DOS, you could often specify a "/Y" parameter to stop if from asking you whether you were sure. I can't find a way to do that on an Aruba, but maybe I've missed something? Or maybe this could be added in a future version? I'm not fussed about the sensitive information, so if there's a way to suppress the second question by answering "no", that would be good enough for my purposes. (In actual fact, I've compared the output when I answer yes or no, and it seems to be identical, but maybe that's because I haven't used certain commands in the config.)

     

    For now, the only way to get the config into Orion is to go back to standard secure-mode, which seems like a shame.



  • 2.  RE: "show run" (Orion vs enhanced secure-mode)

    Posted Sep 19, 2019 11:41 AM

    I don't know anything about Solarwinds Orion. However, I have two ideas. Maybe this helps maybe not.

     

    You said that there are templates in the software to download the configs. Can't you just change the template so that it issues the show command, presses enter and types 'y' afterwards?

     

    The other idea is that you can also copy a configuration via TFTP/SCP/... with the copy command. To be honest I don't know if this works in enhanced secure mode but I guess so.

    Maybe your software has an integrated TFTP server or similar.



  • 3.  RE: "show run" (Orion vs enhanced secure-mode)

    Posted Sep 26, 2019 10:34 AM

    Thanks for the idea. I couldn't edit the built-in Orion template, but I've created a new template specifically for this Aruba model.

     

     

    <Configuration-Management Device="Aruba Switch" SystemOID="1.3.6.1.4.1.14823" AutoDetectType="BySystemOid">
      <Commands>
        <Command Name="RESET" Value="terminal length 1000" />
        <Command Name="Reboot" Value="reload${CRLF}Yes" />
        <Command Name="RebootAt" Value="reload at ${HH}:${NN}${CRLF}Yes" />
        <Command Name="EnterConfigMode" Value="config" />
        <Command Name="ExitConfigMode" Value="end" />
        <Command Name="Startup" Value="startup-config" />
        <Command Name="Running" Value="running-config" />
        <Command Name="DownloadConfig" Value="show ${ConfigType}${CRLF}y" />
        <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}" />
        <Command Name="DownloadConfigIndirect" Value="copy ${ConfigType} ${TransferProtocol}://${StorageAddress}/${StorageFilename}" />
        <Command Name="UploadConfigIndirect" Value="copy ${TransferProtocol}://${StorageAddress}/${StorageFilename}  ${ConfigType}" />
        <Command Name="EraseConfig" Value="write erase${CRLF}Yes" />
        <Command Name="SaveConfig" Value="write memory" />
        <Command Name="Version" Value="show version" />
      </Commands>
    </Configuration-Management>

     

    The built-in template had these lines:

     

    		<Command Name="Startup" Value="startup-config"/>
    		<Command Name="Running" Value="running-config"/>
    		<Command Name="DownloadConfig" Value="Show ${ConfigType}"/>

    In other words, it would normally do "show running-config", but I've changed it to do "show running-config" (carriage return) then "y".

     

    Unfortunately, we still get the same error. Orion doesn't show the output, so I can only guess at what it's seeing.

     

    Orion does support scp and tftp, so I'll investigate those options and report back.



  • 4.  RE: "show run" (Orion vs enhanced secure-mode)

    Posted Sep 24, 2019 06:46 PM

    It is not posible to use API with your Orion ?