Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
1
Replies

How to download and decrypt archived configurations via CCC API

Lars Jakobsen
Level 1
Level 1

‎12-20-2024 12:11 AM - last edited on ‎12-21-2024 08:51 PM by Community Manager

Hi everybody,
 
I am trying to download all archived configurations for my network devices (switches) from CCC ver. 2.3.7.7.
To do that, I am using a Python script connecting to the CCC API and I follow this approach:
  1. I list all the network devices using the API endpoint XXX/dna/intent/api/v1/network-device-config
  2. I build a list of fileId's for each configuration file for each device in the response
  3. I download the files using the API endpoint XXX/dna/intent/api/v1/file/${fileId}

This approach works fine and I get a number of running and startup configs as well as vlan.dat files for each device. Testing with Postman shows the same result.

The problem is that the running and startup configs looks like they are encrypted but the vlan.dat is not (I can see the correct VLAN names in the binary file) and I can confirm this by listing the files with the API endpoint XXXk/dna/intent/api/v1/file/namespace/${nameSpace} where you can see the difference below with no"encrypted": true or restrictedAccess": true under the VLAN.dat file:

{
"nameSpace": "ca-25",
"name": "xxx_RUNNINGCONFIG",
"downloadPath": "/file/f476afa7-xxxx-xxxx-8b2f-06504c095d69",
"fileSize": "45838",
"fileFormat": "application/octet-stream",
"md5Checksum": "xxx",
"sha1Checksum": "xxx"",
"sha2Checksum": "xxx",
"restrictedAccess": true,
"sftpServerList": [
{
sftp-details
}
],
"encrypted": true,
"id": "xxx"
},
{
"nameSpace": "ca-25",
"name": "xxx"_vlan.dat",
"downloadPath": "/file/acb05b06-xxxx-xxxx-9014-b24385d004b7",
"fileSize": "3384",
"md5Checksum": "xxx",
"sha1Checksum": "xxx",
"sftpServerList": [
{
sftp-details
}
],
"id": "acb05b06-xxxx-xxxx-9014-b24385d004b7"
}

I cannot find any documentation or details about the encryption or file format of the running and startup configs so I have no way of decrypting the files. Can anybody help me with details about this so I can actually use the files?

 

Regards

Lars Jakobsen

Labels:
0 Helpful
1 Reply 1

Preston Chilcote
Cisco Employee
Cisco Employee

‎12-23-2024 09:08 AM - edited ‎12-23-2024 09:09 AM

I don't think you'll be able to decrypt that content.  Depending on what you're trying to accomplish there might be easier ways to do it:

1) External Configuration Archive: https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/220644-configure-and-troubleshoot-external-conf.html

This feature seems mostly to accommodate compliance requirements, but last time I looked at the results, finding a specific device configuration in the repository was challenging because the organization of the filesystem is based on site ids rather than obvious names.

2) Have the devices themselves backup the configs.  This is a pretty popular feature:

https://learningnetwork.cisco.com/s/blogs/a0D3i000002SKKbEAO/understanding-cisco-auto-archive-feature-to-backup-configuration-file

Also, keep in mind, that Catalyst Center has a RMA Workflow that eliminates the need to manually transfer old config to new device. 

 

 

0 Helpful
Customers Also Viewed These Support Documents