Being trying to make a backup of a switch/router/ap I'm often getting stuck as archive tar /create ... fall on me with the Permission-denied error. Usually, this error caused by the private-config.text and multiple-fs which are mapped to virtual NVRAM (as well as config.text) and contain sensitive information about crypto keys and some other objects mapped to virtual NVRAM. Perhaps, these files considered as highly confidential, that's why even a user with L15 privileges have no access to simply read/copy or archive a file.
The issue relates to a bunch of devices such as Catalyst 2950, 2960, 3550, 3560, 3650, 3750, 3850, where the NVRAM is not truly physically present.
S3560-0#archive tar /create tftp://10.0.0.1/C3560X flash:
archiving private-config.text (1916 bytes)
%Error opening flash:/private-config.text (Permission denied)
My question generally about access to the files and CLI syntax. I want to get the whole flash archived at the time without questions with one command to be able to deploy it later if needed with another one command.
Is there any way to exclude the problematic files from a target archive in order to avoid errors and interruption? Or instead, include particular files, e.g. encounter them in one string?
So far only the archive command lets to copy an accessible folder from a device to a TFTP-server without interruption due to the need for a parameter confirmation. It works satisfactorily with Ansible module RAW but only for a firmware which resides in a folder as the last parameter of the archive command is PATH_TO_DIRECTORY.
Any suggestions on appropriate methods to exclude the troublesome file from the archiving process?