Community ForumCommunity Wiki * Blog Home  * Log in
« »

Cisco Automated Config Backup

posted in Cisco Networking, Technical
by on October 10th, 2012 tags: , ,


SNMP provides a common management interface across platforms that support the MIB OIDs. The ability to automate a process once and not having to worry about CLI syntax nuances across different platforms makes SNMP an ideal choice for network management. The CISCO-CONFIG-COPY-MIB can be used to backup configurations on devices that support this MIB.

There are many products on the market that can backup Cisco device configurations and typically require the user to make a config file that defines each IP address of the device to backup. I manage a lab infrastructure that consists of an aggregate /17 network (consists of ~700 live hosts at any one time) and devices in the lab are constantly being removed/added. Trying to track individual IP addresses in this environment is difficult. The ability to execute automatic host discovery, and once a host is discovered backup the configuration. The aforementioned challenge has to be solved post-haste and I have a budget of $0 for new products. Here is my solution for automated host discovery and config backup.

Configurations are backed up by FTP after writing to the appropriate MIB objects. Networks are scanned by NMAP using ICMP (automatic host discovery). Hosts that reply to the ICMP request are a candidate for backup. Configuration backup will succeed provided that device is using SNMPv2c write access communities or SNMPv3 write access users. Script below uses SNMPv3 as an example. Script will create a directory (named by date) under the users home directory and the backup files will appear as the IP addresses of the device.

Platform Dependencies

  1. NMAP
  2. Perl
  3. NET-SNMP
  4. FTP Server
  5. Crontab (optional)

Automated Flow Process

  1. Populate the @NET array with networks to scan
  2. Populate these 6 variables with your network credentials
  3. $snmpuser="tmev3user";
    $user = "ftpuser";
    $pass = "ftppassword";
    $auth = "tmev3user";
    $priv = "tmev3user";
    $FTPSERVER="192.168.0.125";
  4. Launch the script manually or add to crontab for automated backup
#!/usr/bin/perl

system(clear);
$date = `date +%b_%d_%Y`;
$date =~ s/\n//g;
$home = $ENV{HOME};
$dirname = "$home/$date";
$dir = `mkdir $dirname`;
print "\n nmap scanning networks ....\n";
@NET = qw(192.168.0.0/24);
  foreach $NET (@NET) {
  @IPP = `nmap -sP $NET`;

    foreach $IP (@IPP) {
      if ($IP =~ /Host (\d+\.\d+\.\d+\.\d+) is up .*/){
      push(@IP , "$1\n");
      } elsif ($IP =~ /^Nmap scan report for (\d+\.\d+\.\d+\.\d+)/) {
      $address = $1;
      push(@IP , "$address\n");
      }
    }
}
print "Host Candidates for backup:
@IP";
open(STDERR , ">> /dev/null");
print "\n\n
----------------------------------------------------------------
Backup on $date
----------------------------------------------------------------\n\n";
foreach $IP (@IP) {
$IP =~ s/\n//;
print "\nSNMP info for $IP\n";
$snmpuser="tmev3user";
$user = "ftpuser";
$pass = "ftppassword";
$auth = "tmev3user";
$priv = "tmev3user";
$FTPSERVER="192.168.0.125";
$FILENAME="$date/$IP";
$RND="10";

system("snmpset -M /dev/null -v3 -u $snmpuser -l authPriv -a md5 -A $auth -x AES -X $priv $IP 1.3.6.1.4.1.9.9.96.1.1.1.1.2.$RND i 2 1.3.6.1.4.1.9.9.96.1.1.1.1.3.$RND i 4 1.3.6.1.4.1.9.9.96.1.1.1.1.7.$RND s $user 1.3.6.1.4.1.9.9.96.1.1.1.1.8.$RND s $pass 1.3.6.1.4.1.9.9.96.1.1.1.1.4.$RND i 1 1.3.6.1.4.1.9.9.96.1.1.1.1.5.$RND a $FTPSERVER 1.3.6.1.4.1.9.9.96.1.1.1.1.6.$RND s $FILENAME 1.3.6.1.4.1.9.9.96.1.1.1.1.14.$RND i 4");
sleep 5;
system("snmpget -M /dev/null -On -v3 -u $snmpuser -l authPriv -a md5 -A $auth -x AES -X $priv $IP 1.3.6.1.4.1.9.9.96.1.1.1.1.10.$RND");
sleep 5;
system("snmpset -M /dev/null -On -v3 -u $snmpuser -l authPriv -a md5 -A $auth -x AES -X $priv $IP 1.3.6.1.4.1.9.9.96.1.1.1.1.14.$RND i 6");
}

SNMPv3 Example for Cisco IOS Devices

snmp-server user tmev3user WriteTest v3 auth md5 tmev3user priv aes 128 tmev3user
snmp-server group WriteTest v3 auth read ViewTest write WriteTest
snmp-server view ViewTest iso included
snmp-server view WriteTest iso included

Example

  1. Populate @NET array and 6 variables for your network
  2. Launch script
  3. $ ./backupv3.pl 
     nmap scanning networks ....
    Host Candidates for backup:
    192.168.0.1
     192.168.0.250
     192.168.0.251
    
    ----------------------------------------------------------------
    Backup on Sep_10_2012
    ----------------------------------------------------------------
    
    
    SNMP info for 192.168.0.1
    iso.3.6.1.4.1.9.9.96.1.1.1.1.2.10 = INTEGER: 2
    iso.3.6.1.4.1.9.9.96.1.1.1.1.3.10 = INTEGER: 4
    iso.3.6.1.4.1.9.9.96.1.1.1.1.7.10 = STRING: "ftpuser"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.8.10 = STRING: "ftppassword"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.4.10 = INTEGER: 1
    iso.3.6.1.4.1.9.9.96.1.1.1.1.5.10 = IpAddress: 192.168.0.125
    iso.3.6.1.4.1.9.9.96.1.1.1.1.6.10 = STRING: "Sep_10_2012/192.168.0.1"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 4
    .1.3.6.1.4.1.9.9.96.1.1.1.1.10.10 = INTEGER: 3
    .1.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 6
    
    SNMP info for 192.168.0.250
    iso.3.6.1.4.1.9.9.96.1.1.1.1.2.10 = INTEGER: 2
    iso.3.6.1.4.1.9.9.96.1.1.1.1.3.10 = INTEGER: 4
    iso.3.6.1.4.1.9.9.96.1.1.1.1.7.10 = STRING: "ftpuser"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.8.10 = STRING: "ftppassword"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.4.10 = INTEGER: 1
    iso.3.6.1.4.1.9.9.96.1.1.1.1.5.10 = IpAddress: 192.168.0.125
    iso.3.6.1.4.1.9.9.96.1.1.1.1.6.10 = STRING: "Sep_10_2012/192.168.0.250"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 4
    .1.3.6.1.4.1.9.9.96.1.1.1.1.10.10 = INTEGER: 3
    .1.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 6
    
    SNMP info for 192.168.0.251
    iso.3.6.1.4.1.9.9.96.1.1.1.1.2.10 = INTEGER: 2
    iso.3.6.1.4.1.9.9.96.1.1.1.1.3.10 = INTEGER: 4
    iso.3.6.1.4.1.9.9.96.1.1.1.1.7.10 = STRING: "ftpuser"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.8.10 = STRING: "ftppassword"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.4.10 = INTEGER: 1
    iso.3.6.1.4.1.9.9.96.1.1.1.1.5.10 = IpAddress: 192.168.0.125
    iso.3.6.1.4.1.9.9.96.1.1.1.1.6.10 = STRING: "Sep_10_2012/192.168.0.251"
    iso.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 4
    .1.3.6.1.4.1.9.9.96.1.1.1.1.10.10 = INTEGER: 3
    .1.3.6.1.4.1.9.9.96.1.1.1.1.14.10 = INTEGER: 6
  4. Verify configuration files are present
  5. $ cd Sep_10_2012/
    Sep_10_2012]$ ls -1
    192.168.0.1
    192.168.0.250
    192.168.0.251

Comments

A thread has been created on the site forum specifically for commenting on this blog post.