Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rating: Thread Rating: 2 votes, 3.00 average. Display Modes
  #1  
Old 12-20-2004, 08:35 AM
adeshotel adeshotel is offline
Registered User
 
Join Date: Dec 2004
Location: Houston, TX
Posts: 14
Cool Backing up Cisco Configs via TFTP free scripts.

I had a need to backup config files and have given up on other options such as Ciscoworks, HP Openview and their ilk. Using a scrip file I can log into each device and issue a TFTP command to copy the config to a TFTP server. At the present time it is a manually initiated process. I've got an icon on my desktop that starts it up.

Due to differences in logins and TFTP commands I've handled the different OSes as separate groups. IOS, CatOS and PIX. Each group of devices is stored in a separate config file, one IP address per line. A 4th config file contains the username, login and target of the TFTP server IP address. Since I'm using TACACS the logins are all easily handled. If you don't have TACACS or RADIUS running then just make all devices take an identical login, you can do this either by standarizing your logins or by using AAA and setting up local user databases.

If a device isn't answering, the login is incorrect, the login mechanism doesn't work, the TFTP path is messed up and it can't TFTP to the host then the terminal session timeout will eventually take effect. Once timed out the script proceeds onwards to the next device. So you can just compare your TFTP target directory with your config file IP addresses and see what is missing to determine which devices you need to look into. The file names are constructed using the IP address with periods replaced as underscores, the host name and .cfg extensions. This makes it easy to read for both people that have meaningful host names and for those net geeks who tend to memorize IP addresses. It will overwrite if you run it repeatedly, which is ok as generally you just need the latest config file anyway. It is grabbing the running config, very useful if you have a bunch of net techs who change configs and forget to save them -- my original purpose in this endeavor.

Notes in the comments of the script how to set up the icon to auto-launch the script.
Attached Files
File Type: zip MultiHostCopyLog.zip (3.2 KB, 2993 views)
Reply With Quote
  #2  
Old 01-06-2005, 02:50 PM
sveillon's Avatar
sveillon sveillon is offline
Registered User
 
Join Date: Dec 2004
Location: Los Angeles
Posts: 3
Unhappy standard passwords?

In your notes you said it might have to time out if the password isn't a standar password (I may be paraphrasing, sorry). What would throw this off? I seem to be having this issue. It seems to send the password and CR, but then does nothing - the prompt is still password: - eventually timing out. The password has a @ in it. Could this be throwing it off?

This is on a Cisco 1721 (we have over 100 of these all over the place and I'd REALLY LOVE for this to work - its a GREAT idea!)
Reply With Quote
  #3  
Old 01-07-2005, 08:17 AM
adeshotel adeshotel is offline
Registered User
 
Join Date: Dec 2004
Location: Houston, TX
Posts: 14
I never tried it with an @ in the password. Actually never had a router password that has been anything other than alphanumeric. The @ sign is a delimiter for email addresses so it might be possible that they are parsing somewhere although I would be surprised if they were.

When I was testing and debugging this code if I had an invalid password, i.e. I was sending a password other than what the router wanted it would time out and then move on -- eventually. Slowed the script up by a minute or two while the timeout was occuring.
Reply With Quote
  #4  
Old 01-25-2005, 01:34 PM
adeshotel adeshotel is offline
Registered User
 
Join Date: Dec 2004
Location: Houston, TX
Posts: 14
Works with 4.1.9

I just ran it with 4.1.9 and it is running good so far. Just as an fyi I use this to backup router, switch & firewall configs for about 80 devices. It is also one of the Sarbanes-Oxley 404 compliance bullet points that you backup your configs on a regular basis.
Reply With Quote
  #5  
Old 01-25-2005, 05:52 PM
kelli.burki's Avatar
kelli.burki kelli.burki is offline
Registered User
 
Join Date: Jan 2004
Location: VanDyke Software
Posts: 33
Quote:
Originally Posted by adeshotel
I just ran it with 4.1.9 and it is running good so far. Just as an fyi I use this to backup router, switch & firewall configs for about 80 devices. It is also one of the Sarbanes-Oxley 404 compliance bullet points that you backup your configs on a regular basis.
So now I'm curious about the SOX aspect of this. What you do with the configs on a regular basis? Is it a requirement from an auditing aspect, where you might find deltas from backup to backup, or just back them up for recovery procedures. What objective drives the requirement to back them up?
Reply With Quote
  #6  
Old 04-05-2005, 05:33 PM
adeshotel adeshotel is offline
Registered User
 
Join Date: Dec 2004
Location: Houston, TX
Posts: 14
SOX - or what I was told of it

The project that I was contracted on the SOX team was using CoBIT framework. One of the things in there is to back up configs of network equipment. We interpreted the 'network equipment' to mean routers, switches, hubs, firewalls. It makes sense from a best practice standpoint too. If a device fries itself sometime or other and no one has made changes on it there is a very good chance that you won't be able to get it up enough to pull the config. On many smaller switches this isn't a huge issue, set up the default VLAN, IP it and go. On large stuff like a 6509 you might be looking at a thousand lines of configuration. That would be a real pain to have to reconfigure. Most network engineers I've know for the past 15 years always keep router configs after they have settled out. Most of us just keep a .txt file. However in a large shop with multiple people changing configurations daily what you thought you had might change and hence the benefit of the automated backup.

The way I understood the SOX consultants was that it could be based on two different frameworks, CoBIT being one. I don't remember the other. Since not too many people have been through a SOX audit yet the industry best practice is very ill defined at this point. With the recent extension to the deadlines I suspect this will stretch out even more. Most firms regulated by SEC have already completed the requirments, the public traded stuff is next and the remainder that will fall under SOX will have to be some distant relation type thing. The place I was working wasn't publicly traded but was majority owned by a company that was public and hence the need for the SOX implementation.

Anyone out there dealing with HIPPA <sp?> will most likely also have to deal with the issue of backing up router configs.

My recommendation at this point would be to take the configs that are copied to your server running your TFTP and make sure they get backed up to tape. I manually went in once a month and copied the automated stuff to a separate directory with the date on it and kept it on file. The last implementation of this I did I had 3 network engineers so we opted for an every other day backup done at 02:00. Since we were 8x5 and all the engineers were in the same time zone this was deemed the least likely time and also the lowest net traffic period. The thing was running on some old junky server and even at that ran about 5 router configs per minute.

It did save one guy a lot of work too. He replaced a router that was hit by lightening and just went to the TFTP server and copied the file over to the new router that was the exact same model and shipped it to the site. Normal router config on a new site is about 1-2 hours to get everything set right.

Cisco Works can copy the configs as do a great many other packages.

While your SOX compliancy project may not require you to do the config backup it adds another line item of something that is easy to do, easy to document and shows that you are on top of things.
Reply With Quote
  #7  
Old 07-01-2005, 01:44 AM
gwlad1999 gwlad1999 is offline
Registered User
 
Join Date: Apr 2005
Posts: 1
Unhappy great script - got a question

Thanks for the great script. I have tried to modify and use it to amend parameters on routers - it works until I write the config then it logs out correctly. Problem now comes whereby the next loop to read the next ip address + login information has been lost so the commands repeat without being connected. I have tried waiting for a character, sleep - just can't seem to fix it. I am not that skilled in VBs so I am trying to work it out as I go.

Any help/ guidance would be greatly appreciated.

Thanks
Reply With Quote
  #8  
Old 07-01-2005, 02:10 PM
adeshotel adeshotel is offline
Registered User
 
Join Date: Dec 2004
Location: Houston, TX
Posts: 14
Are you closing the session out after the write? I.E. before you go to get the next address for the next device?
Reply With Quote
  #9  
Old 07-14-2005, 05:54 AM
Marcus Marcus is offline
Registered User
 
Join Date: Jul 2005
Posts: 7
Adjust IOSHost file

Thank you very much. I've learned so much from this file.

In my hosts file, I have ip addresses per line, but I'd like to put a hostname after the line as well. Is there a way to get it to skip over the hostname?

If someone can suggest ideas, I'll experiment with them and report back.

Thanks.
Reply With Quote
  #10  
Old 07-14-2005, 12:41 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 990
Use InStr or Regular Expression...

Here's a couple of examples that you might play around with.

Code:
' Example #1
'192.168.0.1 myHostname
'
' If it is one or more spaces separating the IP address
' from the hostname, and there are not any leading spaces
' before the IP address, the following should do the trick.
'
    'szCATOSHost = fileCATOSHosts.ReadLine
    szCATOSHost = "192.168.0.1 myHostname"
    nPos = Instr(szCATOSHost, " ")
    if nPos > 0 then szCATOSHost = Trim(Left(szCATOSHost, nPos))
    MsgBox "Example 1 result: " & szCATOSHost
    ' ... Continue work...


' Example #2
' 192.168.0.1       myHostname    # This is just a comment about myHostname
'
' If it's more than just a hostname, you may want to just
' use a regular expression that includes a () capture to
' parse out the IP address easily.  This provides a lot more flexibility
' in allowing you to put all sorts of stuff on each line of the file:
'
    ' szCATOSHost = fileCATOSHosts.ReadLine
    szCATOSHost = "192.168.1.100       myHostname    # This is just a comment about myHostname"
    Dim re, Matches, Match
    Set re = New RegExp
    re.Pattern = "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"

    if Not re.Test(szCATOSHost) then
        ' Skip line? throw an error?
        MsgBox "No IPAddress on line"
    else
        Set Matches = re.Execute(szCATOSHost)
        For each Match in Matches
            szCATOSHost = match.submatches(0)
            exit for
        Next

        ' Do work with szCATOSHost...
        MsgBox "Example 2 result: " & szCATOSHost
     end if
Does this help?
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #11  
Old 07-14-2005, 07:22 PM
Marcus Marcus is offline
Registered User
 
Join Date: Jul 2005
Posts: 7
This has saved me hours of work. Excellent support, thanks!
Reply With Quote
  #12  
Old 08-04-2005, 12:59 AM
Anneman Anneman is offline
Registered User
 
Join Date: Jul 2005
Posts: 2
Ssh

Hi

Thanks for a great script. Is there anyway to modify it so that it can support SSH logins?
Reply With Quote
  #13  
Old 08-05-2005, 01:31 PM
jcrkelly jcrkelly is offline
Registered User
 
Join Date: Jul 2005
Posts: 1
Quote:
Originally Posted by Anneman
Hi

Thanks for a great script. Is there anyway to modify it so that it can support SSH logins?
He actually just wrote this update for PIX specifically the other week...
see post:
http://forums.vandyke.com/showthread.php?t=932
Reply With Quote
  #14  
Old 08-23-2005, 12:06 AM
Anneman Anneman is offline
Registered User
 
Join Date: Jul 2005
Posts: 2
Thanks

THanks, that is great. I am still struggling to get the script running for Routers which are ssh enabled and running 3des encryption. I take it that the SSH script is PIX specific then?
Reply With Quote
  #15  
Old 09-14-2005, 11:27 AM
mekanik mekanik is offline
Registered User
 
Join Date: Jul 2005
Posts: 46
Quote:
Originally Posted by Anneman
Thanks, that is great. I am still struggling to get the script running for Routers which are ssh enabled and running 3des encryption. I take it that the SSH script is PIX specific then?
The problem is the cipher flag is using "/c DES", you should try "/c 3DES". And if you want to connect using AES, use "/c AES-128" since the latest IOS revs support SSHv2 with AES.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 11:50 PM.