On Thu, Nov 24, 2011 at 04:41:01AM +0000, Jonathon Exley wrote:
Does anyone else despair at the CLIs produced by networking vendors?
Yes.
Doe this p*** off anyone else? The business part of the company says "This device is great! It's cheap and does everything." However the poor sap who is given the task to make it work has to wrestle with a badly designed user interface and illogical syntax.
Use whatever scaremongering tactics and other necessary creativity to enact a security policy that requires RANCID and anything else you need. Then only purchase equipment that meets said policy. Or just live with it and write perl to get through the worst. Disabling the web UIs completely is not out of the question, then the CLI has to work. Using a web UI without a proper SSL cert is obviously horribly insecure and completely out of the question. SSH has a different model so it is ok. (just spent a morning diffing Fortigate configs. Love their abominable configs that are not really much more useful than a binary blob. Even the interface ordering in the config seems to be random between devices...)