Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4395
Views
10
Helpful
2
Replies

Automated Config Backups Using to SCP server from Management Interface

pat.mchenry
Level 1
Level 1

‎03-06-2020 06:01 AM

Hello,

 

is it possible to automate configuration backups to an SCP server using the Archive command sourced from the Management VRF and Management interface?

 

Trying to accomplish this using an ASR, 4948, and ASA, and Nexus 5K.

 

So far I've been able to accomplish this using a managed IP (not a management interface or management VRF) from a variety of Cisco access layer switches, but not from the above devices using the Management interface in  a Management VRF.

 

Before digging further into configuring I would like to know if it is even supported?

 

Thank you, Pat

Labels:
0 Helpful
2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

‎03-06-2020 07:08 AM - edited ‎03-06-2020 07:13 AM

Hi
these are the below mgmt supported protocols and it looks like scp is vrf aware too once the source is set but i havent tried this through archive before , im just seeing can i send it to my linux server with scp , ll our local switches are through mgmt ports and the mgmt traffic sourced to use it , whats happening when you try ?

Prerequisites for VRF-Aware SCP

Ensure that Secure Shell (SSH) connection is enabled.

Ensure that Virtual Routing and Forwarding (VRF) configuration is available on the device.

Information About VRF-Aware SCP
SCP and SSH

The secure copy protocol (SCP) feature allows a user with appropriate authorization to copy any file that exists in the Cisco IOS File System (IFS) to and from a device by using the copy command. Being Virtual Routing and Forwarding (VRF) aware, the SCP feature can provide the service only to a specific group or interface rather than providing global access and configuration. The VRF-aware SCP feature enables administrators to have more control and added security.

SCP relies on Secure Shell (SSH) for security and authentication.

Use the ip ssh source-interface command to source SSH traffic from any interface, including a VRF interface.

How to Configure VRF-Aware SCP
Configuring SCP to Use VRF-Aware Interface
Before You Begin

Configure Virtual Routing and Forwarding (VRF) aware interfaces.
SUMMARY STEPS

1. enable

2. configure terminal

3. ip ssh source-interface interface

4. exit

5. copy running-config scp://username@destination-host-address[/destination-directory][/destination-filename]

6. copy scp://username@source-host-address[/source-directory][/source-filename] bootflash:

7. exit

###########

Supported Features on the Ethernet Management Port

The Ethernet management port supports these features:

  • Express Setup (only in switch stacks)
  • Network Assistant
  • Telnet with passwords
  • TFTP
  • Secure Shell (SSH)
  • DHCP-based autoconfiguration
  • SMNP (only the ENTITY-MIB and the IF-MIB)
  • IP ping
  • Interface features
    • Speed—10 Mb/s, 100 Mb/s, 1000 Mb/s, and autonegotiation
    • Duplex mode—Full, half, and autonegotiation
    • Loopback detection
  • Cisco Discovery Protocol (CDP)
  • DHCP relay agent
  • IPv4 and IPv6 access control lists (ACLs)
  • Routing protocols

Mark Malone
VIP Alumni
VIP Alumni
In response to Mark Malone

‎03-06-2020 07:17 AM

Another option maybe is to use EEM with SCP and source the SSH traffic from the mgmt interface if the archive doesn't work out through the mgmt

example from one of Joes post just alter the tftp section

event manager applet backup-config

event timer watchdog time 86400

action 1.0 cli command "enable"

action 2.0 info type routername

action 3.0 cli command "copy runn tftp://x.x.x.x/$_info_routername.cfg" pattern "Address"

action 4.0 cli command "" pattern "Destination"

action 5.0 cli command ""
Customers Also Viewed These Support Documents
Top