Cisco device configuration files are backed up regularly

Cisco device configuration files are backed up regularly

I. Needs and coping strategies

IDC machine Room Several switches and firewall equipment, because of business needs, often on the switch or firewall to modify the configuration file, although the Cisco device stability is good, but do backup, can just in case.

There are many articles on the web that are regularly backed up by Cisco devices, and individuals have written a backup script based on the company's actual situation.

The individual uses the auto-interactive expect to obtain the Cisco device's configuration file, which is then uploaded to the FTP server via FTP.

The script is placed on the Centos6.5 server and executed every Saturday night 23:00.

Second, the online script

1. Description of the script directory

[Email protected] cisco_bak]# pwd/usr/local/scripts/cisco_bak[[email protected] cisco_bak]# lscfg cisco_bak.sh Ip_asa . txt ip_switch.txt telnet_asa.exp telnet_switch.expup_cfg.sh

2. Introduction of documents and catalogues

CFG is the configuration file for the Cisco device that holds the backup.

Telnet_switch.exp is the configuration file for Cisco switches through expect.

[[email protected] cisco_bak]# Cat telnet_switch.exp #!/usr/bin/expect#this script is get switch cfg.set timeout 60set IP [lindex $argv 0]set Password [lindex $argv 1]spawn/usr/kerberos/bin/telnet $ipexpect "Password:" send "$password \ r"  Expect ">" send "enable\r" expect "Password:" Send "$password \ r" expect "#" send "show running-config\r" while {1} {sleep 1 Expect {"*more--" {Send ""} "*#" {break}}}send "exit\r" expect EOF

Telnet_asa.exp is the configuration file for the Cisco firewall through expect.

[[email protected] cisco_bak]# Cat telnet_asa.exp #!/usr/bin/expect#this script is get switch cfg.set timeout 60set IP [li Ndex $argv 0]set Password [lindex $argv 1]spawn/usr/kerberos/bin/telnet $ipexpect "*assword:" Send "$password \ r" expect "& gt; " Send "enable\r" expect "Password:" Send "$password \ r" expect "#" send "show running-config\r" while {1} {Sleep 1 expect {"*more--->" {send ""} "*#" {Break}}} Send "exit\r" expect EOF

Ip_switch.txt store the IP and password of the switch. (I changed it, I can't use the company's real IP and password.) ）

[email protected] cisco_bak]# cat Ip_switch.txt 10.10.10.1 12310.10.20.1 123

Ip_asa.txt store the IP and password of the firewall. (I changed it, I can't use the company's real IP and password.) ）

[email protected] cisco_bak]# cat ip_asa.txt 10.10.10.254 12310.10.20.254 123

The cat up_cfg.sh is to upload the backup configuration file to the FTP backup. (You can also back up to the storage server by other means.) ）

[email protected] cisco_bak]# Cat up_cfg.sh #!/bin/bash#this script is upload cfg to Remote computer.today= '/bin/date +%f ' #Local pathl_path=/usr/local/scripts/cisco_bak#date pathdate_path= '/bin/date +%y%m%d%h%m%s ' CD ${L_PATH}#$1 Ip,$2 User,$3 passwd,$4 remote_path/usr/kerberos/bin/ftp-i-n-v <<!open $1user $ $3binpassivecd $4lcd ${L_PATH}/CFGM Put *${today}.cfgbye!

Cisco_bak.sh is the main program that consolidates Telnet_asa.exp, Telnet_switch.exp, and up_cfg.sh into a single script.

[[email protected] cisco_bak]# cat cisco_bak.sh #!/bin/bash#today= ' Date +%F ' PATH =/usr/local/scripts/cisco_bak[ -d ${path}/cfg/ ] | |  /bin/mkdir -p ${path}/cfg/cd ${path}# #ip .txt is stored in the  User name and password. #switch_bakwhile  read ipdo  #IP_NAME  is IP  Ip_name= ' echo  ' $ip  | /bin/awk  ' {print $1} '/usr/bin/expect telnet_switch.exp   $IP  > ${path}/cfg/switch_${ip_name}_${today}.cfgdone < ip_switch.txt#asa_ bakwhile read ipdo  #IP_NAME  is IP  #IP_NAME = ' echo  ' $ip " | /bin/awk   ' {print $1} '/usr/bin/expect telnet_asa.exp  $ip  > ${path}/cfg/asa_${ip_name} _${today}.cfgdone < ip_asa.txt# #upload  cfg to ftp##/bin/bash ${path}/up_ Cfg.sh ftp_ip ftp_user ftp_passwd ftp_path/bIn/bash ${path}/up_cfg.sh 10.10.10.200 abc 123 /home/abc/cisco_devices 

3. Regular execution on Linux

[Email protected] cisco_bak]# crontab-l00 * 6/bin/bash/usr/local/scripts/cisco_bak/cisco_bak.sh >>/dev/nu ll 2>&1

Three, Summary:

1.telnet_switch.exp and Telnet_asa.exp are very similar, but there are differences in the while loop, "*more--" {Send "}" and "*more--->" {send "} are not the same.

2. Some firewalls require a user name and password to log in, can be modified slightly telnet_asa.exp, passed three parameters: IP, name and passwd

3. Extensible: Notify administrators when backup fails.

This article from "Small operations, Big dreams" blog, please be sure to keep this source http://hunkz.blog.51cto.com/6157447/1759138

Cisco device configuration files are backed up regularly