dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2413
krock83
join:2010-03-02

krock83

Member

[HELP] Router BAckups

Hello Everyone,

I am looking to implement router backups in our environment. Unfortunately my workplace does not want to spend a dime on a backup solution, so I was thinking about sending the configs from the routers using kron command to a FTP server inside our network. I am hitting a snag right of the bet on this part.

I have a local Router that is directly connected to a switch, on the switch I have a server setup with a FTP server. Gave it a userrname password and port number and a shared directory. when I try to copy the running config to it I get an error saying (incorrect login/password) on the router

c881#copy running-config ftp://172.30.200.61/R1.txt     
Address or name of remote host [172.30.200.61]? 
Destination filename [R1.txt]? 
Writing R1.txt 
%Error opening ftp://172.30.200.61/R1.txt (Incorrect Login/Password)
c881#
 

I did a traceroute to make sure that the FTP port is ok, and it is. I have also remotely connected to the lab's FTP server from my workstation using the username and password I set up on the Server.

My question is why is the router giving me the incorrect login? There is no option to specify username and password..

Also is Kron the right way of doing backups? I have almost 0 resources and I am not a scrip writer to write a batch script that will go out and grab the configurations and send it back to me.

Thanks
jh2010
join:2009-09-03
Brooklyn, NY

jh2010

Member

You need to embed the username and password in the FTP url(How else would the server know what username and password you are connecting with?).

I found this URL (via a quick google)that may help
»saturn.med.nyu.edu/book/ ··· html/820
"You can even embed a username and a password in the ftp url:

»ftp://user:password@ftp.myserver.com/
"

battleop
join:2005-09-28
00000

battleop to krock83

Member

to krock83
I've set this up for several people and it works great. You can run it in a VM. I have this running on a real server and on a VM under sun's virtual box. This setup is a must have if you have multiple admins.

»www.debian-administratio ··· cles/429
krock83
join:2010-03-02

krock83

Member

@ jh2010

thanks I really didint know that you can specify a username and password for the ftp on a router

Should I have an ACL in place for this to work remotley?

@battleop

Im not allowed to use a third party anything.....

Da Geek Kid
join:2003-10-11
::1

1 recommendation

Da Geek Kid

Member

use SCP which uses SSH protocol and less pain.

you also need to setup your ftp to be passive if you plan on using ftp.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer to krock83

Premium Member

to krock83
»checkforbees.com/router-backup/

There are the scripts I've used for a decade. I included the MAX TNT script as well, just for completeness. TFTP is the default protocol, and the one the scripts are designed to handle.
Bink
Villains... knock off all that evil
join:2006-05-14
Colorado

Bink to Da Geek Kid

Member

to Da Geek Kid
I second the use of SCP/SSH here—and you have the added benefit of everything being encrypted.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

Also requires IOS with crypto features if I am not mistaken, which may not be available in some countries due to import restrictions, or maybe you dont have the right license/IOS.

There is also a way to send a couple of SNMP commands to a router and tell it to either pull in some configuration to merge with the current running configuration, then do a "wr mem", or you could also use it to tell the router to upload its configuration to a remote host.

I used this method to distribute configuration around my network, made pretty light work of it.

I considered writing my own backup solution based on this method, storing 1 daily backup of the configuration, but only on days when it actually changes.

There is also "rancid" (could they not have thought of a better name??), an open source solution. Seems to be quite popular, and you dont have to try and reinvent the wheel.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer

Premium Member

There is also "rancid" (could they not have thought of a better name??), an open source solution. Seems to be quite popular, and you dont have to try and reinvent the wheel.

Some of us pre-date that wheel.
krock83
join:2010-03-02

krock83

Member

@cramer...

Thanks for the scripts I will see what I can do with them. If they work (which I know they will) I will propose this to the IT. As of right now they told me to get it working via FTP and no other way. I am not a big fan of FTP anything. At least I have somethign to work with here.

Thanks

@Tom_S...

the rancid is a linux/unix based program and we are a STRICTLY a windows SHOP I know lame right?
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer

Premium Member

The config-copy-mib supports other methods of transfer, tftp is the default. It can be changed to ftp, rcp, or scp. You'll need to add one more line to set the proto in the snmpset command.

RANCID is also rather lame... it telnets into the device, runs a series of commands, and diff's the output to the previous output. This too is a wheel I predate by a decade -- a perl script called "blaster" used to (re)program netblazers. (along with the netblazer floppy generator ) It's only selling point is having the scripts to know what commands to run on hundreds of various devices.

GM85
Click, Click
join:2002-07-02
Canada

GM85 to krock83

Member

to krock83
You can configure the router to use a specific ftp username and password by using the commands ip ftp username and ip ftp password. I have those commands configured on all my cisco devices

battleop
join:2005-09-28
00000

battleop to krock83

Member

to krock83
"we are a STRICTLY a windows SHOP"

Does your IT director have a picture of Bill in his Cube? I don't understand the concept of being strictly a MS or Apple or *nix shop. We use what's best for the job even if it's MS.
krock83
join:2010-03-02

krock83

Member

Lol. No he does not, but at the same time the bussiness runs everything. All
+ users have admin rights on their work stations. Also the onternet is wide open, meaning if google goes down for a minute and one of the dumb users sees that
, it automaticly brcomes the networks problem. I have to deal with a ticket now that says "autotrader.com" not reaponding. I dont know how this is my problem to look into!!!!!
cramer
Premium Member
join:2007-04-10
Raleigh, NC

cramer

Premium Member

Easy answer: "WTF does autotrader.com have to do with your job?" (I wouldn't be very well liked there.)

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

TomS_

MVM

said by cramer:

Easy answer: "WTF does autotrader.com have to do with your job?" (I wouldn't be very well liked there.)

lol

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to krock83

Member

to krock83
When you are a network engineer, every network related issue is your problem such as autotrader.com not responding. You'd need to find out whether the issue is within the network you control or outside of your network. When you do, you would than explain the issue you have discovered, such as, "The servers @ autotrader.com are being DDoS'ed"

We deal with these all the time, so much so that we bought an expensive cool tool from Riverbed. It's called Cascades. It captures Flows and monitors network traffic inside the network we manage. All you do is pull the report for the particular user and attach it to the ticket they open up saying the network RTT (round trip time) is 5ms the app delay is 500ms, hence server issue.

battleop
join:2005-09-28
00000

battleop to cramer

Member

to cramer
I've had internal tickets before where the End User has complained that they could not get to Facebook. In the past I have replied to their ticket sounding like I am eager to help and given our CEO's extension as the number to call for help.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to krock83

Member

to krock83
Nothing beats calling 1800-IBM-HELP

battleop
join:2005-09-28
00000

battleop to Da Geek Kid

Member

to Da Geek Kid
"When you are a network engineer, every network related issue is your problem such as autotrader.com not responding."

When you are in sales your job is to sell, when your are in customer service it's to provide customer service, and when you are in accounting your job is to pay the bills and collect money. Your job does not have anything to do with Autotrader, Farcebook, or any other recreational site. So if you can't get to a site that does not have anything to do with your job it's not really my job to make sure you can screw off at work. I have a very high expectation of coworkers to pull their weight just like I do. So I am going to file complaints about such sites under not my problem.

Oh and not a rant at you.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to krock83

MVM

to krock83
Da Geek Kid, can you give me the name and # of your sales rep for Cascades... I think I may want to drop it over
the heads of a few people at work the next time they scream "network problem."

And I'm firmly in the "I am doing my job here, the rest of you are just dead weight" category...

Regards
aryoba
MVM
join:2002-08-22

aryoba

MVM

HELLFIRE See Profile, you may also want to consider OPNET »www.opnet.com/ and look for appropriate solution. I've heard OPNET is better than Cascades in regards of expectation and performance. Just to throw another alternative
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Heard of it, love to learn it, unfortunately it's considered a "performance testing" tool rather than a troubleshooting
tool by TPTB, so whenever the client inevitably screams "network issue" they ALWAYS say "get sniffers set up" -- just
because us break/fix guys are easier to beat up.

Regards

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to aryoba

Member

to aryoba
Opnet is bloatware... Cascades family suite with Shark Appliance yup that's wireshark all you folks use appliance is far more cost efficient and more network detailed. Opnet is for net mgmt centers and not tier 3 network engineers...
aryoba
MVM
join:2002-08-22

aryoba to HELLFIRE

MVM

to HELLFIRE
said by HELLFIRE:

Heard of it, love to learn it, unfortunately it's considered a "performance testing" tool rather than a troubleshooting
tool by TPTB, so whenever the client inevitably screams "network issue" they ALWAYS say "get sniffers set up" -- just
because us break/fix guys are easier to beat up.

Regards

Sounds like your boss needs some education. Hopefully some senior engineer with enough string pull is able to deliver the education
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

@aryoba
We're outsourced technical help while the "engineering" / implementation side of things remained inhouse -- for which
I can see the pros and cons of this -- and they CLAIM "knowledge transfer sessions" on a bunch of technologies they
want us to support for them.

...I've learned to live with it the last 5 years of my life

Regards