Header Only - DO NOT REMOVE - Extreme Networks

Cannot archive a few Cisco devices - any way to debug?


Userlevel 5
I am running NetSight Inventory Manager 6.1.0.147. I have an archive routine which includes a bunch of Cisco switches. I have a few that fail every time with "Config file is empty". The strange this is that I have some other switches that appear to be configured the same way and are even running the same firmware. And those backup with success.

I have tried various methods of debugging on the Cisco switches to try and see what is going wrong, but I don't know of any way to log all session activity. I can do a 'debug telnet' and I can see that NetSight is indeed connecting to the switch via telnet. But beyond that I don't know what it's doing or how it's failing.

Does anyone know of a way that I can see what is failing? Or is there somewhere I can see what is being run by the archive routine? Then I could step through it myself and see what is failing.

4 replies

Userlevel 5
Okay - I figured it out.

In Inventory Manager ...
  1. Select the device
  2. In the right pane, click on the Image Information tab.
  3. Correct the Device Family Definition File Name.
In my case, these failing devices were listed as Alpine, and they were actually Cisco 3750's. Changed it to Cisco Systems TFTP, saved. Then stamped a new archive. Success!

Additionally the View button can be pressed here, and the scripts are revealed for grabbing files, and also how it recognizes a successful transfer, etc.
Userlevel 5
Steve Ballantyne wrote:

Okay - I figured it out.

In Inventory Manager ...

  1. Select the device
  2. In the right pane, click on the Image Information tab.
  3. Correct the Device Family Definition File Name.
In my case, these failing devices were listed as Alpine, and they were actually Cisco 3750's. Changed it to Cisco Systems TFTP, saved. Then stamped a new archive. Success!

Additionally the View button can be pressed here, and the scripts are revealed for grabbing files, and also how it recognizes a successful transfer, etc.

In Duke Nukem voice, "ain't got time to talk to myself". But here I am replying to my own thread.

I thought I would share some custom Device Family Definition Files. These will allow you to backup (Archive) your configuration files for some Cisco ASA devices such as the ASA 5505 and the ASA 5520. These are just slight variations on the existing Cisco Systems scripts that ship with NetSight. I came up with these after a few hours of debugging with the Archive Manager and the server.log on my NetSight server.

NOTES:
  • I have NOT tested the restore functionality, because I have not needed it yet. Use that at your own risk. 😉
  • I am enabling "same-security-traffic permit inter-interface" on the 5505 script to allow it to TFTP across a VPN tunnel. This is seen as a security weakness. So you may want to throw in a couple more lines to remove this before you 'exit'.
  • You may not need a full 60 seconds ("@receive 60") for this script to run. I have some slow devices at the end of slow links, hence I added a lot of time here. You could probably drop that to 30 and be okay.
  • As with anything Cisco ... your mileage may vary thanks to minor changes in the command behavior between firmware releases.
Put these files in your NetSite 'devicefiles' directory. In my case, that was /usr/local/Extreme_Networks/NetSight/appdata/InventoryMgr/properties/devicefiles. Your path can be found in Inventory Manager (Tools > Options > Inventory Manager > Data Storage Directory Path).

Then you will need to select them for your device. To do that, open NetSight Inventory Manager. Select your device in the left pane. In the right pane choose the Image Information tab. Change the Firmware and Configuration MIB's to "Script" and then choose the appropriate script from the Device Family Definition File Name. Remember to click Save in the upper right corner.

CiscoASA5505.txt

-- Use these scripts to manage Cisco devices name="Cisco Systems ASA 5505 - TFTP" desc="Cisco Systems ASA SSH/TFTP Scripts" -- -----BEGIN SCRIPT "Configuration Upload"----- enable %ENABLEPSWD% conf t same-security-traffic permit inter-interface tftp-server inside %TFTP_IP% %RELATIVE_TARGET_FILE_PATH% end wr net@receive 60 exit -----END SCRIPT----- -----BEGIN SUCCESS "Configuration Upload"----- [ok] -----END SUCCESS----- -----BEGIN SCRIPT "Configuration Download"----- enable %ENABLEPSWD% conf t same-security-traffic permit inter-interface tftp-server inside %TFTP_IP% %RELATIVE_TARGET_FILE_PATH% copy %TFTP_URL% system:running-config running-config@receive 120 exit -----END SCRIPT----- -----BEGIN SUCCESS "Configuration Download"----- [ok] -----END SUCCESS-----
[/code]
[/code]

Cisco ASA5520.txt

-- Use these scripts to manage Cisco devices name="Cisco Systems ASA 5520 - TFTP" desc="Cisco Systems ASA SSH/TFTP Scripts" -- -----BEGIN SCRIPT "Configuration Upload"----- enable %ENABLEPSWD% copy running-config tftp: running-config %TFTP_IP% %RELATIVE_TARGET_FILE_PATH%@receive 30 exit -----END SCRIPT----- -----BEGIN SUCCESS "Configuration Upload"----- bytes copied -----END SUCCESS----- -----BEGIN SCRIPT "Configuration Download"----- enable %ENABLEPSWD% copy tftp: running-config %TFTP_IP% %RELATIVE_TARGET_FILE_PATH% running-config@receive 60 exit -----END SCRIPT----- -----BEGIN SUCCESS "Configuration Download"----- bytes copied -----END SUCCESS-----
[/code]
Userlevel 5
Steve Ballantyne wrote:

Okay - I figured it out.

In Inventory Manager ...

  1. Select the device
  2. In the right pane, click on the Image Information tab.
  3. Correct the Device Family Definition File Name.
In my case, these failing devices were listed as Alpine, and they were actually Cisco 3750's. Changed it to Cisco Systems TFTP, saved. Then stamped a new archive. Success!

Additionally the View button can be pressed here, and the scripts are revealed for grabbing files, and also how it recognizes a successful transfer, etc.

Update! Not sure how relevant this is, because this hardware is obsolete. The example code might help others create their own scripts. So here is a script that will backup the configs on a Cisco 4402 WLAN Controller.

-- Use these scripts to manage Cisco Wireless Controllers
name="Cisco WLAN 4402 Controller - TFTP"
desc="Cisco WLAN 4402 SSH/TFTP Scripts"
--
-----BEGIN SCRIPT "Configuration Upload"-----
@sleep 3
transfer upload mode tftp
transfer upload datatype config
transfer upload serverip %TFTP_IP%
transfer upload path %RELATIVE_SERVER_DIR_PATH%
transfer upload filename %TARGET_FILE_NAME%
transfer upload start
Y
@receive 60
logout
N
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
File transfer operation completed successfully
-----END SUCCESS-----[/code]
Userlevel 7
Thanks for sharing I'll try it on my ASA.

Reply