|
[HELP] Router BAckupsHello Everyone, I am looking to implement router backups in our environment. Unfortunately my workplace does not want to spend a dime on a backup solution, so I was thinking about sending the configs from the routers using kron command to a FTP server inside our network. I am hitting a snag right of the bet on this part. I have a local Router that is directly connected to a switch, on the switch I have a server setup with a FTP server. Gave it a userrname password and port number and a shared directory. when I try to copy the running config to it I get an error saying (incorrect login/password) on the router c881#copy running-config ftp://172.30.200.61/R1.txt
Address or name of remote host [172.30.200.61]?
Destination filename [R1.txt]?
Writing R1.txt
%Error opening ftp://172.30.200.61/R1.txt (Incorrect Login/Password)
c881#
I did a traceroute to make sure that the FTP port is ok, and it is. I have also remotely connected to the lab's FTP server from my workstation using the username and password I set up on the Server. My question is why is the router giving me the incorrect login? There is no option to specify username and password.. Also is Kron the right way of doing backups? I have almost 0 resources and I am not a scrip writer to write a batch script that will go out and grab the configurations and send it back to me. Thanks |
|
jh2010 join:2009-09-03 Brooklyn, NY |
jh2010
Member
2012-Aug-1 11:28 am
You need to embed the username and password in the FTP url(How else would the server know what username and password you are connecting with?). I found this URL (via a quick google)that may help » saturn.med.nyu.edu/book/ ··· html/820"You can even embed a username and a password in the ftp url: » ftp:// user:password@ftp.myserver.com/" |
|
|
to krock83
I've set this up for several people and it works great. You can run it in a VM. I have this running on a real server and on a VM under sun's virtual box. This setup is a must have if you have multiple admins. » www.debian-administratio ··· cles/429 |
|
|
@ jh2010 thanks I really didint know that you can specify a username and password for the ftp on a router Should I have an ACL in place for this to work remotley? @battleop Im not allowed to use a third party anything..... |
|
1 recommendation |
use SCP which uses SSH protocol and less pain.
you also need to setup your ftp to be passive if you plan on using ftp. |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
to krock83
» checkforbees.com/router-backup/There are the scripts I've used for a decade. I included the MAX TNT script as well, just for completeness. TFTP is the default protocol, and the one the scripts are designed to handle. |
|
BinkVillains... knock off all that evil join:2006-05-14 Colorado |
to Da Geek Kid
I second the use of SCP/SSH hereand you have the added benefit of everything being encrypted. |
|
TomS_Git-r-done MVM join:2002-07-19 London, UK |
TomS_
MVM
2012-Aug-1 7:05 pm
Also requires IOS with crypto features if I am not mistaken, which may not be available in some countries due to import restrictions, or maybe you dont have the right license/IOS.
There is also a way to send a couple of SNMP commands to a router and tell it to either pull in some configuration to merge with the current running configuration, then do a "wr mem", or you could also use it to tell the router to upload its configuration to a remote host.
I used this method to distribute configuration around my network, made pretty light work of it.
I considered writing my own backup solution based on this method, storing 1 daily backup of the configuration, but only on days when it actually changes.
There is also "rancid" (could they not have thought of a better name??), an open source solution. Seems to be quite popular, and you dont have to try and reinvent the wheel. |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2012-Aug-1 8:51 pm
There is also "rancid" (could they not have thought of a better name??), an open source solution. Seems to be quite popular, and you dont have to try and reinvent the wheel. Some of us pre-date that wheel. |
|
|
@cramer... Thanks for the scripts I will see what I can do with them. If they work (which I know they will) I will propose this to the IT. As of right now they told me to get it working via FTP and no other way. I am not a big fan of FTP anything. At least I have somethign to work with here. Thanks @Tom_S... the rancid is a linux/unix based program and we are a STRICTLY a windows SHOP I know lame right? |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
cramer
Premium Member
2012-Aug-2 2:49 pm
The config-copy-mib supports other methods of transfer, tftp is the default. It can be changed to ftp, rcp, or scp. You'll need to add one more line to set the proto in the snmpset command. RANCID is also rather lame... it telnets into the device, runs a series of commands, and diff's the output to the previous output. This too is a wheel I predate by a decade -- a perl script called "blaster" used to (re)program netblazers. (along with the netblazer floppy generator ) It's only selling point is having the scripts to know what commands to run on hundreds of various devices. |
|
GM85Click, Click join:2002-07-02 Canada |
to krock83
You can configure the router to use a specific ftp username and password by using the commands ip ftp username and ip ftp password. I have those commands configured on all my cisco devices |
|
|
to krock83
"we are a STRICTLY a windows SHOP"
Does your IT director have a picture of Bill in his Cube? I don't understand the concept of being strictly a MS or Apple or *nix shop. We use what's best for the job even if it's MS. |
|
|
Lol. No he does not, but at the same time the bussiness runs everything. All + users have admin rights on their work stations. Also the onternet is wide open, meaning if google goes down for a minute and one of the dumb users sees that , it automaticly brcomes the networks problem. I have to deal with a ticket now that says "autotrader.com" not reaponding. I dont know how this is my problem to look into!!!!! |
|
cramer Premium Member join:2007-04-10 Raleigh, NC |
cramer
Premium Member
2012-Aug-3 12:21 am
Easy answer: "WTF does autotrader.com have to do with your job?" (I wouldn't be very well liked there.) |
|
|
TomS_Git-r-done MVM join:2002-07-19 London, UK |
TomS_
MVM
2012-Aug-3 2:50 am
said by cramer:Easy answer: "WTF does autotrader.com have to do with your job?" (I wouldn't be very well liked there.) lol |
|
|
to krock83
When you are a network engineer, every network related issue is your problem such as autotrader.com not responding. You'd need to find out whether the issue is within the network you control or outside of your network. When you do, you would than explain the issue you have discovered, such as, "The servers @ autotrader.com are being DDoS'ed"
We deal with these all the time, so much so that we bought an expensive cool tool from Riverbed. It's called Cascades. It captures Flows and monitors network traffic inside the network we manage. All you do is pull the report for the particular user and attach it to the ticket they open up saying the network RTT (round trip time) is 5ms the app delay is 500ms, hence server issue. |
|
|
to cramer
I've had internal tickets before where the End User has complained that they could not get to Facebook. In the past I have replied to their ticket sounding like I am eager to help and given our CEO's extension as the number to call for help. |
|
|
to krock83
Nothing beats calling 1800-IBM-HELP |
|
|
to Da Geek Kid
"When you are a network engineer, every network related issue is your problem such as autotrader.com not responding."
When you are in sales your job is to sell, when your are in customer service it's to provide customer service, and when you are in accounting your job is to pay the bills and collect money. Your job does not have anything to do with Autotrader, Farcebook, or any other recreational site. So if you can't get to a site that does not have anything to do with your job it's not really my job to make sure you can screw off at work. I have a very high expectation of coworkers to pull their weight just like I do. So I am going to file complaints about such sites under not my problem.
Oh and not a rant at you. |
|
|
to krock83
Da Geek Kid, can you give me the name and # of your sales rep for Cascades... I think I may want to drop it over the heads of a few people at work the next time they scream "network problem."
And I'm firmly in the "I am doing my job here, the rest of you are just dead weight" category...
Regards |
|
|
aryoba
MVM
2012-Aug-16 2:41 pm
HELLFIRE , you may also want to consider OPNET » www.opnet.com/ and look for appropriate solution. I've heard OPNET is better than Cascades in regards of expectation and performance. Just to throw another alternative |
|
|
Heard of it, love to learn it, unfortunately it's considered a "performance testing" tool rather than a troubleshooting tool by TPTB, so whenever the client inevitably screams "network issue" they ALWAYS say "get sniffers set up" -- just because us break/fix guys are easier to beat up.
Regards |
|
|
to aryoba
Opnet is bloatware... Cascades family suite with Shark Appliance yup that's wireshark all you folks use appliance is far more cost efficient and more network detailed. Opnet is for net mgmt centers and not tier 3 network engineers... |
|
|
to HELLFIRE
said by HELLFIRE:Heard of it, love to learn it, unfortunately it's considered a "performance testing" tool rather than a troubleshooting tool by TPTB, so whenever the client inevitably screams "network issue" they ALWAYS say "get sniffers set up" -- just because us break/fix guys are easier to beat up.
Regards Sounds like your boss needs some education. Hopefully some senior engineer with enough string pull is able to deliver the education |
|
|
@aryoba We're outsourced technical help while the "engineering" / implementation side of things remained inhouse -- for which I can see the pros and cons of this -- and they CLAIM "knowledge transfer sessions" on a bunch of technologies they want us to support for them. ...I've learned to live with it the last 5 years of my life Regards |
|