Advanced Troubleshooting Techniques

When the basic checks pass but backups still fail, the root cause is usually one of: a timeout misconfiguration, a stalled interactive prompt the script can’t answer, or a protocol/vendor-specific quirk.

Analyzing Timeout Issues

Timeouts occur when rConfig doesn’t receive the expected prompt within the timeout period (default 60 seconds):

Diagnosis approach:

Run the debug command (CLI or Live Debug Console) and observe where the timeout occurs:
- During connection: Network or service availability issue
- During authentication: Slow authentication provider (TACACS, RADIUS, LDAP)
- During prompt detection: Prompt mismatch or device not displaying prompt
- During command execution: Command takes longer than timeout allows
Identify the timeout cause from debug output timing:
- Connection takes 30+ seconds: Network latency or routing issues
- Authentication takes 20+ seconds: External authentication provider slow
- Prompt detection never completes: Prompt configuration incorrect
- Command execution exceeds timeout: Large configuration or slow device

Resolution strategies:

Increase timeout (for legitimately slow devices):

Edit device connection settings to increase the timeout from the default 60 seconds to 120 or 180 seconds for devices with large configurations or slow processors.

Optimize commands (for command-specific timeouts):

Some commands return excessive output causing timeouts. Replace verbose commands with more specific alternatives:

Instead of show tech-support, use show running-config
Instead of show log, use show running-config only
Remove diagnostic commands from command sets

Fix prompt configuration (for prompt detection timeouts):

If timeout occurs waiting for a prompt that never appears, the prompt configuration is incorrect. Capture the actual prompt from an interactive session and update the device configuration.

Reduce authentication latency (for authentication timeouts):

If external authentication (TACACS+, RADIUS) is slow:

Use local device accounts for rConfig instead of centralized authentication
Configure fallback to local authentication on devices
Optimize authentication server performance and network connectivity

Handling Stalled Connections

Connections stall when protocol interaction stops without timeout or error:

Symptom: Debug output shows the connection progressing normally, then stops producing output without a timeout error.

Common causes:

Interactive prompts: Device displays a prompt requiring user input:

The system has detected that you are logging in for the first time.
Would you like to enter basic configuration? [yes/no]:

rConfig waits for this prompt to match the configured prompt, but the device expects different input.

Resolution: Disable initial configuration prompts on the device or configure the device to suppress them for automated sessions.

Banner or MOTD requiring acknowledgment:

*** WARNING: Unauthorized access prohibited ***
Press any key to continue...

Device expects a keypress before displaying the prompt, but rConfig cannot detect this requirement.

Resolution: Remove interactive banners from device configuration or configure banners that don’t require acknowledgment.

Privilege escalation prompts: Device requires additional authentication for privileged mode, but credentials not configured:

Password:

Resolution: Configure the enable password in the device credentials, or use credentials with adequate privilege level not requiring escalation.

Protocol-Specific Issues

Different protocols exhibit different failure modes.

SSH-specific issues

Host key verification failures: When connecting to a device for the first time, SSH requires accepting the host key. rConfig automatically accepts unknown host keys, but strict host key checking or a corrupted known_hosts file can cause failures.

Resolution: Remove the device entry from known_hosts file:

ssh-keygen -R 192.168.1.1

Cipher negotiation failures: Some devices support only legacy SSH ciphers not enabled in modern SSH clients.

Resolution: Configure the SSH client to allow legacy ciphers, or upgrade device firmware to support modern ciphers. Consult device documentation for supported cipher suites.

Key exchange algorithm incompatibility: Older devices may not support the key exchange algorithms in modern SSH clients.

Resolution: Configure SSH to allow legacy key exchange algorithms or upgrade device firmware.

Telnet-specific issues

Telnet negotiation failures: Telnet protocol negotiation can fail with some device implementations causing connection hangs or garbled output.

Resolution: Telnet is inherently less reliable than SSH. Migrate to SSH whenever possible for better reliability and security.

Character encoding issues: Telnet may misinterpret special characters or control codes in device output.

Resolution: Review command output for special characters causing parsing issues. Modify commands to avoid problematic characters.

Vendor-Specific Behaviors

Different vendors implement management protocols differently.

Cisco IOS:

Typically reliable SSH and Telnet implementations
Watch for privilege level issues requiring enable password
VTY line configuration affects concurrent session limits

Juniper Junos:

Default CLI is shell-style, may require configuration for operational mode
Prompts change based on hierarchy level in configuration mode
Use | display set format for consistent configuration output

Palo Alto Networks:

API access preferred over SSH for configuration retrieval
SSH sessions may time out on large configurations
Commit operations affect configuration download timing

Fortinet FortiGate:

Configuration output format varies by FortiOS version
Prompts include spaces and special formatting requiring careful regex
Some commands require confirmation or interactive input

Arista EOS:

Generally excellent SSH compatibility
JSON output format available for some commands
Prompt customization common, requiring flexible regex patterns

Consult vendor-specific documentation and rConfig’s vendor configuration guides for detailed troubleshooting of vendor-specific issues.