Switch and Router Configurations Backup

  1. The configurations are stored in Syslog server at /root/Switch_Config_Backups
  2. In order to download the configuration of a switch we need a TFTP server and also open the incoming connections to TFTP port (UDP port 69) in firewall if necessary.
  3. Then we need to log into the switch and first save the running configuration and then download the startup configuration. These are some examples:

    HP
    Switch# wr mem
    Switch# copy startup-config tftp 208.x.x.x SwitchX_Config
    Dell
    Switch# copy running-config startup-config
    Switch# copy startup-config tftp://208.x.x.x/SwitchX_Config

    Brocade
    Switch# wr mem
    Switch# copy startup-config tftp 208.x.x.x Core0_Config

     

  4. We backup startup-config weekly by putting the scripts in /etc/cron.weekly and into the directory /root/Switch_Startup_BackupsWe also backup running-config using crontab and in the directory /root/Switch_Running_Backups
    The scripts are located in the folder /root/Scripts# crontab -e*/10 * * * *  /root/Scripts/Cores_Backup_Running.sh; /root/Scripts/Dell_Switch_Backup_Running.sh; /root/Scripts/HP_Switch_Backup_Running.sh

    This can be verified using

    # crontab -l

  5. If SCP is enabled this can be easily done from a Linux server.

    HP
    Linux# scp -P xxxx  admin@199.x.x.xx:/cfg/startup-config   /root/Switch_Config_Backups/Switchxx_Config
    Brocade
    Linux# scp  -P xxxx
    a    dmin@199.x.x.x:startConfig  /root/Switch_Config_Backups/Corex_Config

    It seems this method is not available for our model of Dell PowerConnect, so the method described in no. 3 must be used.

  6. For routers we can login to the servers If SCP is enabled we can login to them via SSH and grab the config files from /config/config.boot  or from the Linux server we can use SCP

    Linux# scp  -P xxxx      vyatta@199.x.x.x:/config/config.boot    /root/Switch_Config_Backups/Routerx_Config

    For switches that public-key authentication is enabled and client key uploaded to switch, we can automate the backing up of the switch configurations. The configurations are saved in the folder /root/Switch_Config_Backups and the script is in /etc/cron.weekly on Syslog server.Running-Config backup script:

    #!/bin/bash
    PATH1=”/root/Switch_Running_Backups”
    scp -P xxxx  admin@208.x.x.x:/cfg/running-config   $PATH1/Switchxx_Running   &>/dev/null

    #!/bin/bash
    PATH1=”/root/Switch_Startup_Backups”
    scp -P xxxx  admin@208.x.x.x:/cfg/startup-config   $PATH1/Switchxx_Startup   &>/dev/null

     

  7. If SSH public authentication is configured the following script works for router configuration backup. The user admin_ro is a user with privilege level of “operator” for security purposes. For SSH public key authentication refer to corresponding KB.
    #!/bin/bash

    #scp  -P xxxx  admin_ro@199.x.x.x:/config/config.boot    /root/Switch_Config_Backups/Router0_Config &> /dev/null

    #scp  -P xxxx  admin_ro@199.x.x.x:/config/config.boot    /root/Switch_Config_Backups/Router1_Config &> /dev/null

     

  8. Since for Brocade switches SSH public key authentication didn’t work we use an alternative method: 1- Create a user with lowest privilege 2- Create a Linux script using “expect” and pass the password to the switch.

    #!/usr/bin/expect -f
    log_user 0
    set PATH1 “/root/Switch_Startup_Backups”
    spawn  scp  -P xxxx   admin2@199.x.x.x:startConfig    $PATH1/Core1-Startup
    expect -exact “Password:”
    send — “xxxxxxxx\r”
    expect eof
    #!/usr/bin/expect -f
    log_user 0
    set PATH1 “/root/Switch_Running_Backups”
    spawn  scp  -P xxxx   admin2@199.x.x.x:runConfig    $PATH1/Core1-Running
    expect -exact “Password:”
    send — “xxxxxxxxx\r”
    expect eof

     

  9. For Dell switches since SSH public key authentication didn’t work and also the configuration file is not addressable in Linux, we SSH to the switch and run the command from within the switch. The scp client in switch only works with default SSH port (22). Since Dell switches don’t allow the read-only user to run the “copy” command we use the privileged admin for this purpose.

    #!/usr/bin/expect -f
    log_user 0
    set PATH1 “Switch_Running_Backups”
    spawn ssh -p8212     admin@199.x.x.x
    expect -exact “admin@199.x.x.x’s password:”
    send — “xxxxxxxxx\r”
    expect -exact “switch18>”
    send — “en\r”
    expect -exact “switch18#”
    send — “copy running-config scp://root@208.x.x.x/$PATH1/Switch18_Running\r”
    expect -exact “Remote Password:”
    send — “xxxxxxxxxxxxx\r”
    expect -exact “Are you sure you want to start? (y/n)”
    send — “y\r”
    send — “exit\r”
    send — “quit\r”
    expect eof
    #!/usr/bin/expect -f
    log_user 0
    set PATH1 “Switch_Startup_Backups”
    spawn ssh -p8212 admin@199.x.x.x
    expect -exact “admin@199.x.x.x’s password:”
    send — “xxxxxxxx\r”
    expect -exact “switch18>”
    send — “en\r”
    expect -exact “switch18#”
    send — “copy startup-config scp://root@208.x.x.x/$PATH1/Switch18_Startup\r”
    expect -exact “Remote Password:”
    send — “xxxxxxxxxxxxx\r”
    expect -exact “Are you sure you want to start? (y/n)”
    send — “y\r”
    send — “exit\r”
    send — “quit\r”
    expect eof

  10. We also create a remote backup. First we use tar to compress and zip the backup folder and then we use scp to copy it to the remote Xen server at other data center.

    #!/bin/bash
    #
    tar -zcvf /tmp/Remote_Switch_Backup.tar.gz  /root/Switch_Config_Backups &> /dev/null scp -P xxxx /tmp/Remote_Switch_Backup.tar.gz     root@208.x.x.x:/root/ &> /dev/null rm -f /tmp/Remote_Switch_Backup.tar.gz

    Exporting the public key to the remote server

    Syslog# cat ~/.ssh/id_rsa.pub | ssh -p8212 root@208.x.x.x “cat >> ~/.ssh/authorized_keys”

     

  11. For backing up Vyatta running-config the easiest way would be to use “save scp://Remote-server-IP” but this didn’t work so we devised the following procedure:1- A cron job running an script in configuration mode in Vyatta that saves the running-config to local storage(every 9 minutes)vyatta@Router0:~$ nano /home/vyatta/Scripts/Running-Config-Backup.sh

    #!/usr/bin/expect
    # set timeout 1
    spawn $env(SHELL)
    send “configure\r”
    expect -re  “.*# $”
    sleep 5
    send “save /home/vyatta/Scripts/Router0-Running\r”
    expect -re  “.*# $”
    send “exit\r”
    exit
    expect eof

    vyatta@vyatta:~$ crontab -e
    SHELL=/bin/vbash
    */9 * * * * /home/vyatta/Scripts/Running-Config-Backup.sh > /tmp/backup-out

    2- A cron job on remote server that copies the running-config that was saved locally on Vyatta to remote server

    (every 10 mintes)

    [root@syslog ~]# crontab -l
    */10 * * * *   /root/Scripts/Routers_Backup_Running.sh

    [root@syslog ~]# cat /root/Scripts/Routers_Backup_Running.sh
    PATH1=/root/Switch_Running_Backups
    #
    scp  -P xxxx  admin_ro@199.x.x.x:/home/vyatta/Scripts/Router0-Running    $PATH1/Router0-Running &> /dev/null
    #
    scp  -P xxxx  admin_ro@199.x.x.x:/home/vyatta/Scripts/Router1-Running    $PATH1/Router1-Running &> /dev/null
    #