cisco backup configuration
One simple method to backup Cisco’s configuration using SNMP and PERL. Download manually from search.cpan.org PERL library Cisco::CopyConfig . Another way of installing:
perl -MCPAN -e 'install Cisco::CopyConfig'
Cisco::CopyConfig provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP. This module is essentially a wrapper for Net::SNMP and the CISCO-CONFIG-COPY-MIB-V1SMI.my MIB schema.
It’s a good idea to store switch’s ip address ( if you have more switches ) in database like MySQL. The following perl script uses MySQL database. In MySQL database we store switch’s ip and snmp community.
MySQL table:
CREATE TABLE `sw_backup`.`switches` (
`id` BIGINT( 128 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`description` VARCHAR( 128 ) NOT NULL ,
`ip_address` VARCHAR( 128 ) NOT NULL ,
`community` VARCHAR( 128 ) NOT NULL
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_bin
insert into switches values('','core-switch','192.168.200.251','SNMPconfigCommunity1');
insert into switches values('','access-switch','192.168.200.252','SNMPconfigCommunity2');
mysql> select * from switches;
+----+---------------+-----------------+----------------------+
| id | description | ip_address | community |
+----+---------------+-----------------+----------------------+
| 1 | core-switch | 192.168.200.251 | SNMPconfigCommunity1 |
| 2 | access-switch | 192.168.200.252 | SNMPconfigCommunity2 |
+----+---------------+-----------------+----------------------+
2 rows in set (0.00 sec)
We need to istall TFTP server:
on Debian: apt-get install atftp
TFTP config file (/etc/default/atftpd):
USE_INETD=true OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --maxthread 100 --verbose=5 /backup_switch"
TFTP working directory is /backup_switch
Configuring Cisco switch ( tested on C2960G, C3750G, 3400G ):
A read-write SNMP community needs to be defined on each device, which allows the setting of parameters to copy or merge a running-config. Below is an example configuration that attempts to restrict read-write access to only the 192.168.200.10 (tftp server) host :
access-list 70 remark tft-server-list access-list 70 permit 192.168.200.10 access-list 70 deny any
SNMP configuration:
snmp-server tftp-server-list 70 snmp-server view backup ciscoMgmt.96.1.1.1.1 included snmp-server community SNMPconfigCommunity1 view backup RW 70
Variables used in cisco backup script:
/backup_switch – tftp root directory
/storage/backup/daily/switches/ – backup directory
Backup script:
#!/usr/bin/perl
use DBI;
use Cisco::CopyConfig;
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$year+=1900;
$mon = sprintf("%02d",$mon+1);
$mday = sprintf("%02d",$mday);
$hour = sprintf("%02d",$hour);
$min = sprintf("%02d",$min);
$sec = sprintf("%02d",$sec);
$date_format="$mday.$mon.$year";
$sql="select ip_address,community,description from switches order by inet_aton(ip_address) asc";
$dbh = DBI->connect("dbi:mysql:sw_backup:xxx.xxx.xxx.xxx","username","password") or die "Can't connect to MySQL: $DBI::errstr\n";
$sth = $dbh->prepare($sql);
$sth->execute();
$tftp_address = '192.168.200.10';
while (@row=$sth->fetchrow_array) {
$config = Cisco::CopyConfig->new(
Host => $row[0], # host
Comm => $row[1], # community
Tmout => '10', # timeout
Retry => '2' # retry
);
$tftp_file = "$row[2].$date_format.conf";
if ($config->copy($tftp_address, $tftp_file) ) {
print "OK -> switch ip: $row[0], file: $tftp_file\n"; }
else {
print "ERROR -> switch ip: $row[0], no backup file\n";
}
}
system("mkdir /storage/backup/daily/switches/$date_format");
system("cp /backup_switch/cisco-* /storage/backup/daily/switches/$date_format");
Result:
sns ~ # perl cisco-backup.pl OK -> switch ip: 192.168.200.251, file: core-switch.19.01.2010.conf OK -> switch ip: 192.168.200.252, file: access-switch.19.01.2010.conf sns ~ # tail -n 100 /var/log/syslog | grep tftp Jan 19 15:56:53 sns atftpd[7848]: Fetching from 192.168.200.251 to core-switch.19.01.2010.conf Jan 19 15:56:55 sns atftpd[7848]: Fetching from 192.168.200.252 to access-switch.19.01.2010.conf
