Backup Brocade Router config with Rancid

Rancid is a great tool to regularly save configs of network devices in SVN such as routers and switches.

There are many how-tos for installing and configuring this tool
(so I don't have to re-invent the wheel):

With this links it should be possible to get a running Rancid installation which saves the config of a normal Cisco device. Now we want it a bit fancier, so here is a How-to for installing Rancid with Puppet and save the configs of a Brocade Router with a special read-only user.


To install and configure Rancid with Puppet, I've created a simple Puppet Module (Github). Here is an example on how it can be used:

    # install and configure rancid
    class { ::rancid:
        groups => [ 'router', 'switches' ],
    # create needed mail aliases
    mailalias {
        [ 'rancid-router', 'rancid-switches' ]:
            ensure    => present,
            notify    => Exec['newaliases'],
            recipient => '';
        [ 'rancid-admin-router', 'rancid-admin-switches' ]:
            ensure    => present,
            notify    => Exec['newaliases'],
            recipient => '';
    # create cron job
    cron {
        'Rancid run':
            command => '/usr/bin/rancid-run',
            user    => 'rancid',
            minute  => '15',
            hour    => [6, 12, 15, 18, 23],
        'Rancid cleanup':
            command => '/usr/bin/find /var/log/rancid -type f -mtime +2 -exec rm {} \;',
            user    => 'rancid',
            minute  => '50',
            hour    => '23';

This installs Rancid, configures two Rancid groups (router and switches) and initializes the configured RCS (in this example: SVN). The Cron definition runs Rancid 5 times a day: 6:15, 12:15, 15:15, 18:15 and 23:25.

Brocade Router configuration

We want to have a special user on the Brocade devices, which has read-only rights. It's possible to have several user privilege levels:

  • 0 - Full access (super-user)
  • 4 - Port-configuration access
  • 5 - Read-only access

Here's how to create a read-only user called rancid with the password testtest:

username rancid privilege 5 password testtest
enable read-only-password testtest
privilege exec level 5 skip-page-display

Rancid configuration

Add the following lines to .cloginrc, this is needed to login to the Brocade Router:

add password    router*     {testtest}        {testtest}
add user        router*     rancid
add method      router*     ssh
add cyphertype  router*     aes128-cbc</pre>

To test if it works, you can use bin/flogin router1 as user rancid (su - rancid). This should end up in the enable mode of router1.

The last thing which needs to be done is to add the router to the router.db:


Now you can run Rancid: su - rancid rancid-run router

Rancid tweaks

The Brocade MLXe router always reports it's uptime in the output of show version (Switch Fabric Module 1 Up Time is …).
To remove that line from the diff, Rancid needs a small patch (Credits: heasly from Shrubbery Networks):

Index: bin/
--- bin/	(revision 2658)
+++ bin/	(working copy)
@@ -179,7 +179,7 @@

 	next if (/^(The system |Crash time)/);
 	next if (/^(System|(Active|Standby) Management|LP Slot \d+|Switch Fabric
- Module \d+) uptime is/);
+ Module \d+) (uptime|Up Time) is/);
 	# remove uptime on newer switches
 	s/(STACKID \d+)\s+system uptime is.*$/$1/;</pre>


It's very easy to install and configure Rancid and brings a great view on what's going on in larger networks. If you have any problems, the mailing list of Rancid is just great!

You've successfully subscribed to Tobias Brunner aka tobru
Great! Next, complete checkout to get full access to all premium content.
Error! Could not sign up. invalid link.
Welcome back! You've successfully signed in.
Error! Could not sign in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.