Cisco devices automatic backup with pure-ftp (Centos 7)

I’ve tried different solution for automatic backup of Cisco devices from different clients including python ssh scripting and so on. Cisco included in his routers and switches the “archive” and the “kron” commands that help us in our task and makes it very easy. In this tutorial we describe how to install a better solution than tftp server with FTP protocol, using pure-ftp and centos 7.

tasks:

– scheduled backup of running-config file on remote FTP server
– automatic snapshot at every write memory command

steps:

– pure-ftp installation
– Cisco device configuration

Pure-ftp

in this configuration we’re gonna use virtual user access (no PAM or Unix access)

download epel package

install pure-ftp

yum install -y epel-release pure-ftpd

configure and set some security settings pure-ftpd

vim /etc/pure-ftpd/pure-ftpd.conf

here are some settings:

AnonymousOnly               no
NoAnonymous                 yes
PureDB                        /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication              no
UnixAuthentication             no

on centos system we create a pure-ftp user with the relative group:

[root@centos]# useradd ftp_user -g ftp_user -s /sbin/nologin -d /dev/null

let’s create a folder to be used for the FTP-server

[root@centos]# mkdir -p /home/user/ftp-folder/

change folder permissions

[root@centos]# chown -R ftp_user.ftp_user /home/user/ftp-folder/

create a virtual user “bob” with home folder /home/user/ftp-folder/

[root@centos]# pure-pw useradd bob -u ftp_user -g ftp_user -d /home/user/ftp-folder/ -m

insert password.

create virtual user database with this command:

[root@centos]# pure-pw mkdb

list users with folders

[root@centos]# pure-pw list

our ftp server is ready

Cisco Devices settings

in this case we want to configure an automatic configuration backup every time we save changes to our device with the command “copy run start” and every day at 01:00 am

Switch1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch1(config)#archive
Switch1(config-archive)#path ftp://your_ftp_ip_address/
Switch1(config-archive)#exit

insert login parameters to access ftp server

Switch1(config)#ip ftp username bob
Switch1(config)#ip ftp password bob_passwd

enable backup every time we save the configuration:

Switch1(config)#archive
Switch1(config-archive)#write-memory
Switch1(config-archive)#exit

in this case when we execute “wr” or “copy running-config startup-config” there’ll be a configuration transfer to our FTP server

if we want to schedule an automatic backup we have to set up the kron command

Switch1(config)#kron policy-list AUTOMATIC_BACKUP
Switch1(config-kron-policy)#cli write memory
Switch1(config-kron-policy)#exit
Switch1(config)#kron occurrence BACKUP_SCHEDULE at 1:00 recurring
Switch1(config-kron-occurrence)#policy-list AUTOMATIC_BACKUP

with the command:

sh archive

we can check if everything is ok.
using sh kron schedule

Switch1#sh kron schedule
Kron Occurrence Schedule
BACKUP_SCHEDULE inactive, will run again in 0 days 22:56:22 at 1:00 on

we have information about the next time the schedule will be executed.

at this point we have a working system for automatic backup of cisco devices.
The problem at this point will be the logrotate for the rotation of older files that we don’t need to store. This will be the argument of the next tutorial

enjoy