Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2907
Views
0
Helpful
2
Replies

Auto Backup Startup Config with SFTP/SCP

JohnJin85368
Level 1
Level 1

‎07-11-2020 06:16 AM

Hello Everyone,

 

I'm recently given a bunch of cisco devices including 2 C1113 ISR and a C9200L Switch to build a network for the company. All running recent versions of IOS XE.

I finished the setup, config, now it's time to backup.

The environment has security requirements. Thus, I guess normal FTP and TFTP won't be considered.

I do have an OpenSSH Server at IP address A and all other network devices at IP addresses B,C and D. The connection is up and running.

 

My first thought about this, would be to run the scripts on those routers and switches, make them SSH clients. Generate a public/private key pairs, save the public key onto the server, and script those devices to upload configuration using the key pair. Since the script runs on the devices rather than the server, I don't have to 'remember to delete the scripts when the devices retires eventually'.

 

The question is, A: is it possible? B: If yes, how do I do it? if no, what's my alternative?

 

Thanks all,

John Jin

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎07-11-2020 02:11 PM

2 Options I consider here :

 

Option 1: user EEM script to send the configuration to the server automatically, 

Options 2. From the server run a script and copy the configuration from the device in the middle of the night or early hours.

 

With EEM script you can also do back up as soon as the configuration modified based on the log message.

I will not worried about setting public and private keys for this kind of back up since you are authenticated any AAA system the audit already in place for a security audit.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JohnJin85368
Level 1
Level 1
In response to balaji.bandi

‎07-14-2020 11:24 AM

Hello Balaji,

 

Thank you so much for the reply.

I'd like to clarify that you're saying: As long as the EEM script is setup to access the server under AAA environment, even it is using FTP/TFTP to transfer config file, it's fine and won't be much of a concern when doing security audit?

 

Just want to know how you'd think in a security auditing point of view.

 

Regards,

John Jin

0 Helpful
Customers Also Viewed These Support Documents