Terminal Emulation vs. TFTP

Unanswered Question
Jul 18th, 2007
User Badges:

Need some input here. I am working in a network environment in which we have been using a Unix/Linux proprietary software product for network management. Historically, we have used the terminal emulator built into the software with which to load configs. Now, a newly formed "group" has been tasked with writing configurations, and is telling the community that we must cease using terminal emulation and start using TFTP because ""terminal emulation is unreliable and does not ensure data integrity" We've been using T-E since the year 2000 and now it is a problem. Also, apparently something has changed in the SNMP string written into the software that is no longer compatible with monitoring devices loaded with these new configs. Sounds like a bunch of Hooey to me. Can anyone give me some insight here? It sounds like the config group is trying to snow folks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 07/18/2007 - 16:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


I suspect they are referring to the problem of pasting a large amount of lines into a terminal emulator which can overrun the buffer on the network device and hence some lines do not get copied into the config. You can usually sort this out by adjusting some of the settings on your terminal emulator to pause between sending lines to the device.


I have been bitten by this in the past but it is a relatively easy thing to workaround. A lot depends on how big the config is. If you're system has worked from 2000 and been totally reliable then i would think that is a good enough reason to stay with it.


HTH


Jon

IMHO from a CISSP


It might a regulatory requirement that they haven't explained very well. From my own experience playing with PCI and SOX audits there is a requirement for configuration standardization as well as having the startup-config match the running config. Maintaining a comprehensive list of who is making what change when is also a big thing with the auditors. They like to see industry standard tools employed because they know how they operate, what limitations exist, and have a list of compensating controls already developed.


To directly address ""terminal emulation is unreliable and does not ensure data integrity" , well yes and no. There's no CRC check on commands issued in a terminal session either interactive or automated, but TFTP doesn't have them either.

Data integrity is the condition in which data is identically maintained during any operation, such as transfer, storage, and retrieval. TFTP isn't a method to do this as it has no authentication or encryption mechanism.


To address this correctly you need a authoriziation, authentication, and accounting system (either on the device with local passwords and or ACLs or off of the device with an AAA server such as CiscoSecure ACS); A system for configuration revision control (like Ciscoworks RME); and a method of transport (FTP, SCP, SFTP) that uses CRC's or hashes to check group of packets for integrity as they are transferred.



Texasshutterbug Thu, 07/19/2007 - 05:36
User Badges:

Thanks for taking the time to reply to my query. I'm conspiracy theorist, but overall I am smelling a dead fish with this issue. There is another company for which this new "configuration group" is doing a similar job in an identical environement. The other company uses the Cisco terminal emulation software within SolarWinds to load configs. However, there is no requirement for them to cease using terminal emulation and no comment of it being "unreliable". So, I'm wondering if a problem that is specific to our software. If so, then the software vendor should fix it vs. giving the end user a more labor-intensive work-around.


Again, I appreciate the input from the community.

Actions

This Discussion