ExtremeSwitching (EXOS)

Expand all | Collapse all

How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

  • 1.  How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-21-2017 14:11
    I am looking to archive the configuration of our summit switches every night to our SCP server designed to store backups which is hosted in Amazon (that's why I don't want to use TFTP).
    I see many articles with usage of TFTP server, for example: https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/CLI_Scripting/autofsbackup
    or
    https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/autofsbackuppy
    but I didn't found solution to do it using SCP.

    Is it possibie?


  • 2.  RE: How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-21-2017 14:13
    Welcome to The Hub, Lukasz!


  • 3.  RE: How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-22-2017 14:51
    Hi Lukasz,

    that should be possible, but I would connect from a server to the switch, because the manual states that:
    Only password-based authentication is supported for SSH/SCP client.
    You can put SSH keys on the switch and use public key based authentication with SSH/SCP for accessing the switch.

    You should at least restrict access to just your Amazon server, not allow all Amazon servers (or everybody) access to the switch, but it would be better to use local server for communicating with the switch.

    I would suggest to use a local server to collect backups from the switches, and then securely copy them from the local server to the cloud server, without allowing access to the local server from the cloud server (e.g. using a stateful firewall).

    Thanks,
    Erik


  • 4.  RE: How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-22-2017 18:00
    Hi Erik, thanks for reply.

    I was trying to initiate this task from server but we have configured radius authentication and cannot use local account with rsa key to login when radius server is available (https://gtacknowledge.extremenetworks.com/articles/Q_A/RADIUS-and-local-user-Authentication)

    When I set readonly account on radius then I can log into switch but cannot access any files. I don't want to create rw account on radius and use it for this scp because it will be some kind of security gap.

    I think that script on switch would be the best solution. On other devices from different vendors we have configured and working solution like this (junos - system archival configuration transfer-on-commit / ios - archive write-memory).



  • 5.  RE: How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-25-2017 07:48
    Hi Lukasz,

    Just trying to understand here, as per below link IOS is using TFTP for transfer back up from router.

    could you share the working solution script here ?

    https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive...

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/transfer-...

    Thanks,
    Suresh.B




  • 6.  RE: How to run automated back up on all scripts, including configuration, policy and scripts to a SCP server at regular intervals?

    Posted 12-27-2017 09:04
    Hi Suresh,

    I don't have to use script because there are internal commands to do this:

    IOS:
    archive
    path scp://user:pass@ip_address/$h-$t
    write-memory

    JUNOS:
    set system archival configuration transfer-on-commit
    set system archival configuration archive-sites "scp://username@ip_address:/" password "***"

    But I didn't found related command in ExtremeXOS.

    Thanks,
    Lukasz