One of the most tedious tasks any network admin faces is replicating changes across multiple devices. I recently stood up new RADIUS servers, and needed to tell all of my routers and switches about it. Rather than logging into each router by hand and pasting in the new configuration, I decided to try RANCID‘s ability to run arbitrary commands on your routers.
Using this method requires that the commands you run don’t generate interactive output. A reload command won’t work, because it prompts you for confirmation. But adding configurations to a Cisco router doesn’t.
I assume you have a working RANCID install.
Start by creating a text file containing your commands. RANCID expects to log on and log off of the router. All you need to provide is what happens between those two points.
conf t
radius-server host 192.0.2.2 auth-port 1812 acct-port 1813 key BuyBooksFromLucas
radius-server host 192.0.2.14 auth-port 1812 acct-port 1813 key BuyBooksFromLucas
exit
wr
Now use the device-specific login command, specify the file containing your commands with -x, and list every router you want to run the commands on.
# clogin -x newradius.conf router-1 router-2 router-3
RANCID logs into each device and add the new configuration. You can watch the process in action, and catch any problems.
I found that the Mikrotik login script had problems when the script changed the prompt. I’ve reported this to the RANCID mailing list, and expect it will be patched shortly. But fortunately, that’s pretty easy to work around in a Mikrotik, by giving the entire command in one line, as shown below.
/radius add accounting-backup=no accounting-port=1813 address=192.0.2.2 authentication-port=1812 called-id="" disabled=no domain="" realm="" secret=BuyBooksFromLucas service=login timeout=300ms
/radius add accounting-backup=no accounting-port=1813 address=192.0.2.14 authentication-port=1812 called-id="" disabled=no domain="" realm="" secret=BuyBooksFromLucas service=login timeout=300ms
Having RANCID run commands for you is much more accurate and less tedious than doing it yourself. And this way, if you make a mistake in your commands, at least it’ll be consistent across all your devices.