Wired Intelligent Edge

ย View Only
  • 1.  ArubaOS-CX script copy configuration

    Posted Dec 13, 2023 12:38 PM

    Hi,

     

    Is it possible with the aruba cx switch range to save the configuration on a server with scp?

    I have tried this powershell script without success.

    $user = "admin"
    $pwd =  ConvertTo-SecureString "password" -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential($user,$pwd)

    New-SSHSession -ComputerName ip -Credential $Cred -AcceptKey:$true

    $session = Get-SSHSession -Index 0

    $stream = $session.Session.CreateShellStream("dumb", 80, 9999, 800, 600, 1024)


    $session.Write("`n")
    Sleep 20
    $session.Write("copy running-config scp://aruba@ipserver/swtestpowershell.cfg cli")
    $session.Write("`n")
    Sleep 20
    $session.Write("password")
    $session.Write("`n")

    Sleep 20

    Remove-SSHSession -SessionId 0

    Regards

    MHB



  • 2.  RE: ArubaOS-CX script copy configuration

    Posted Dec 13, 2023 12:49 PM
    Edited by mark.bossert Dec 13, 2023 12:50 PM

    Just run it as a backup job on the switch; no need to access it from the outside:

    job backup
        desc Daily Config Backup
        10 cli copy running-config scp://10.51.152.251/sw-10.running.cfg cli vrf mgmt
        20 cli copy startup-config tftp://10.51.152.251/sw-10.startup.json json vrf mgmt
    schedule backup
        10 job backup
        trigger on 03:00 daily start 2022-01-21

    Cheers,

    Mark




  • 3.  RE: ArubaOS-CX script copy configuration

    Posted Dec 14, 2023 02:21 AM
    Edited by PoVO Dec 14, 2023 02:21 AM

    Hello Mark,

    Thanks for the reply, but I've tried this method without success.

    The switches are Aruba-CX 6100 in version PL.10.13.

    The copy function is not available in the jobs and that's a shame. Another problem I've encountered is integrating the public key for scp copying, but that's another problem.

    result of the command :

    SWTEST# conf t
    SWTEST(config)# job backup
    SWTEST(config-job-backup)# 10 cli copy running-config scp://10.10.10.10/sw-10.running.cfg cli vrf mgmt
    This command cannot be part of a job
    SWTEST(config-job-backup)#

    Regard,

    MH




  • 4.  RE: ArubaOS-CX script copy configuration

    Posted Dec 22, 2023 05:39 PM
    Edited by mark.bossert Dec 22, 2023 06:04 PM

    Yeah, update to a more recent version. I think that copy command became available in 10.13. It wasn't available in 10.10, i think.

    And then jobs only really became available in 10.08, iirc?

    Either way, try the latest LSR.

    Edit: My apologies, I should have read your post properly and used my brain.

    We did implement this in a secured network, with tftp only. Then it works. Because apparently the switches can't do pubkey-authentication as clients.

    We actually implemented in a few places via custom-commands for user-groups and then grab it via ssh:

    user-group config-reader
        10 permit cli command "show running-config"
        20 permit cli command "show startup-config"
    user oper group config-reader password ciphertext ...
    user oper authorized-key ecdsa-sha2-nistp521 ...

    This allows one to run `ssh oper@some-switch "show running-config" > some-switch.running.cfg` with passwordless/public key authentication in a pull-fashion.




  • 5.  RE: ArubaOS-CX script copy configuration

    Posted Oct 28, 2024 06:17 AM

    Hello. I want to copy the configuration of aruba 8320 switches to a sftp server. 

    I use the command: copy running-config sftp://USER@IP/config-name.cfg

    As result I get "Invalid user name". 

    Where can I set the password for the user which is used in that command? On the SFTP Servet there is a user configured with a password. But where can I set the password on the Aruba switch to export the configurationv ia SFTP? 




  • 6.  RE: ArubaOS-CX script copy configuration

    Posted Oct 28, 2024 07:05 AM

    I'd say there is no need to be done on the switch side.

    That command sends a request to SFTP Server (<IP>) with username <USER>.

    This should result in a prompt for the password of <USER>.

     

    The error message received is sent by the SFTP server system (<IP>).
    Either the name actually is invalid there, or the user does not have the right privileges to get access via SFTP/SSH ...

    Troubleshooting probably needs to be performed at the server side.

     






  • 7.  RE: ArubaOS-CX script copy configuration

    Posted Oct 28, 2024 08:02 AM

    I will check, but if I use this command in a regular Job, how the password is then inserted? 




  • 8.  RE: ArubaOS-CX script copy configuration

    Posted Oct 28, 2024 08:50 AM

    user:<password>@host




  • 9.  RE: ArubaOS-CX script copy configuration

    Posted Oct 28, 2024 10:51 AM

    Should have read the full thread .... ๐Ÿ˜‰

    There is no option (known to me) within AOS-CX CLI to hand over the password for sftp/scp transfer.
    Thus, you might be limited to TFTP within the job context.