You Are Here: Home » Switch » -Switch Cisco » cisco backup configuration

cisco backup configuration

One simple method to backup Cisco’s configuration using SNMP and PERL. Download manually  from search.cpan.org  PERL library Cisco::CopyConfig  . Another way of installing:

perl -MCPAN -e 'install Cisco::CopyConfig'

Cisco::CopyConfig provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP. This module is essentially a wrapper for Net::SNMP and the CISCO-CONFIG-COPY-MIB-V1SMI.my MIB schema.
It’s a good idea to store switch’s ip address ( if you have more switches ) in database like MySQL. The following perl script uses MySQL database. In MySQL database we store switch’s ip and snmp community.
MySQL table:

 CREATE TABLE `sw_backup`.`switches` (
`id` BIGINT( 128 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`description` VARCHAR( 128 ) NOT NULL ,
`ip_address` VARCHAR( 128 ) NOT NULL ,
`community` VARCHAR( 128 ) NOT NULL
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_bin

insert into switches values('','core-switch','192.168.200.251','SNMPconfigCommunity1');
insert into switches values('','access-switch','192.168.200.252','SNMPconfigCommunity2');

mysql> select * from switches;
+----+---------------+-----------------+----------------------+
| id | description   | ip_address      | community            |
+----+---------------+-----------------+----------------------+
|  1 | core-switch   | 192.168.200.251 | SNMPconfigCommunity1 |
|  2 | access-switch | 192.168.200.252 | SNMPconfigCommunity2 |
+----+---------------+-----------------+----------------------+
2 rows in set (0.00 sec)

We need to istall TFTP server:

on Debian: apt-get install atftp

TFTP config file (/etc/default/atftpd):

USE_INETD=true
OPTIONS="--tftpd-timeout 300 --retry-timeout 5  --maxthread 100 --verbose=5 /backup_switch"

TFTP working directory is /backup_switch
Configuring Cisco switch ( tested on C2960G, C3750G, 3400G ):
A read-write SNMP community needs to be defined on each device, which allows the setting of parameters to copy or merge a running-config. Below is an example configuration that attempts to restrict read-write access to only the 192.168.200.10 (tftp server) host :

access-list 70 remark tft-server-list
access-list 70 permit 192.168.200.10
access-list 70 deny   any

SNMP configuration:

snmp-server tftp-server-list 70
snmp-server view backup ciscoMgmt.96.1.1.1.1 included
snmp-server community SNMPconfigCommunity1 view backup RW 70

Variables used in cisco backup script:
/backup_switch – tftp root directory
/storage/backup/daily/switches/ – backup directory
Backup script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/perl
use DBI;
use Cisco::CopyConfig;
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$year+=1900;
$mon  = sprintf("%02d",$mon+1);
$mday = sprintf("%02d",$mday);
$hour = sprintf("%02d",$hour);
$min  = sprintf("%02d",$min);
$sec  = sprintf("%02d",$sec);
$date_format="$mday.$mon.$year";
$sql="select ip_address,community,description from switches order by inet_aton(ip_address) asc";
$dbh = DBI->connect("dbi:mysql:sw_backup:xxx.xxx.xxx.xxx","username","password") or die "Can't connect to MySQL: $DBI::errstr\n";
$sth = $dbh->prepare($sql);
$sth->execute();
$tftp_address   = '192.168.200.10';
while (@row=$sth->fetchrow_array) {
 $config     = Cisco::CopyConfig->new(
 Host => $row[0],   # host
 Comm => $row[1], # community
 Tmout => '10',       # timeout
 Retry => '2'           # retry
 );
 $tftp_file = "$row[2].$date_format.conf";
 if ($config->copy($tftp_address, $tftp_file) ) {
 print "OK -> switch ip: $row[0], file: $tftp_file\n"; }
 else {
 print "ERROR -> switch ip: $row[0], no backup file\n";
 }
}
system("mkdir /storage/backup/daily/switches/$date_format");
system("cp /backup_switch/cisco-* /storage/backup/daily/switches/$date_format");

Result:

sns ~ # perl cisco-backup.pl
OK -> switch ip: 192.168.200.251, file: core-switch.19.01.2010.conf
OK -> switch ip: 192.168.200.252, file: access-switch.19.01.2010.conf

sns ~ # tail -n 100 /var/log/syslog | grep tftp
Jan 19 15:56:53 sns atftpd[7848]: Fetching from 192.168.200.251 to core-switch.19.01.2010.conf
Jan 19 15:56:55 sns atftpd[7848]: Fetching from 192.168.200.252 to access-switch.19.01.2010.conf

About The Author

harrychanputra.web.id

Number of Entries : 295

Leave a Comment

© 2011 Powered By Wordpress, Goodnews Theme By Geeks Docuementation

Scroll to top