I'm trying to backup a 3560 Switch configuration in a remote TFTP server using Kron. The switch is connected to the Gateway router via the GigabitEthernet0/0 management port which is using a management vrf:
vrf forwarding Mgmt-vrf
A static route is included to ensure all management traffic goes thru that GW:
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 GigabitEthernet0/0 <GW-IP> name DEFAULT-MGM
On the remote side I have an Ubuntu server running tftpd-hpa.service, it has been verified as active.
The path is Switch -> Gateway -> Backbone -> Server.
There are no Firewalls nor ACLs in between. I can ping the remote server from the switch as follows:
Switch# ping vrf Mgmt-vrf <Server-IP> source <Switch-IP>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to <Server-IP>, timeout is 2 seconds:
Packet sent with a source address of <Switch-IP>
Success rate is 100 percent (5/5), round-trip min/avg/max = 560/572/590 ms
The other way around is also successful :
Server$ ping <Switch-IP>
PING <Switch-IP> 56(84) bytes of data.
64 bytes from <Switch-IP>: icmp_seq=1 ttl=247 time=575 ms
64 bytes from <Switch-IP>: icmp_seq=2 ttl=247 time=573 ms
So I created the following Policy and occurrence in kron to have the running configuration saved every day at 23:59 :
kron policy-list conf_bkp
cli show running-config | redirect tftp://<Server-IP>/home/Backups/Switch.conf
kron occurrence conf_bkp_Schedule at 23:59 recurring
Unfortunately, the policy is not working as expected because after two days, no configuration from this switch has been saved in the tftp server. I'm running the same policy in other devices and in those cases all is working fine. The main difference is that the other devices are communicating to the server via the native Vlan (Vlan 1) while the switch is communicating by using a vrf, But since the the switch and the server can ping each other thru the vrf, I'm wondering what's missing in this setup.