Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Copy Running Config via SFTP

This thread has been viewed 56 times

  • 1.  Copy Running Config via SFTP

    Posted Jun 28, 2022 03:44 PM

    Greetings,

    I am wanting to backup our switch config files via SFTP. I have tried and succeeded in the past using FTP/TFTP but my supervisor is keen on using SFTP. We're mostly operating ArubaOS switch devices, with a few ArubaOS CX taking their place now. As for the SFTP server I'd prefer using WinSCP.

    I have succeeded accessing config files from the WinSCP interface, but when I try to copy them from the switch cli I get 'Request failed'

    switch# copy config [config-name] sftp [ip-address] [dest-filename] detail

    I thought the best would be to run a recurring job on the switches to copy their config to the server. I'm open to automating things from the WinSCP end too. Any pointers appreciated!



  • 2.  RE: Copy Running Config via SFTP

    EMPLOYEE
    Posted Jun 28, 2022 05:09 PM
    Hi,

    WinSCP is a client, at least they claim it to be such on their website - "WinSCP is an open source free SFTP client, FTP client, WebDAV client, S3 client and SCP client for Windows." At the same time the "copy" command needs SFTP server on another side, in fact 'copy config ... sftp' is an SFTP client itself. It is the same story as with FTP/TFTP, a typical client-server architecture where clients talk to servers, but never to another clients.

    Since you use Windows here are a couple of options for free SFTP servers:
    - OpenSSH for Windows (since you know and prefer WinSCP they have a good guide about it - https://winscp.net/eng/docs/guide_windows_openssh_server )
    - Solarwinds SCP/SFTP server - https://www.solarwinds.com/free-tools/free-sftp-server

    Also there are a plenty of commercial products, I can't recommend any, but Google will gladly do so :-)

    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


  • 3.  RE: Copy Running Config via SFTP

    Posted Jun 28, 2022 06:23 PM
    Thanks Ivan. I'm fine using the solarwinds server, I've used it before. But the issue persists. I get 'Request Failed' posted in the switch CLI
    Original Message


  • 4.  RE: Copy Running Config via SFTP

    Posted Jun 28, 2022 06:44 PM
    If you look at the command I tried (original message) there is no user or password specified. I would think that's necessary for sftp but I haven't found a way to do that in a command in the cli.
    Original Message


  • 5.  RE: Copy Running Config via SFTP

    Posted Jun 29, 2022 04:02 AM
    The command you specified isn't quite right, you need to include the username as below:
    copy config [config-name] sftp://[user]@[ip-address] [dest-filename] detail

    Hope this helps

    ------------------------------
    .
    ------------------------------

    Original Message


  • 6.  RE: Copy Running Config via SFTP

    Posted Jun 29, 2022 11:04 AM
    Thanks, but when I use the command as you specified I get 'Invalid input: sftp://[user]@[ip-address] - of course with the filled in user and IP.

    I've tried: 'copy config [config-name] sftp user@ip-address [dest-filename] detail' - still getting 'Request failed.'
    Original Message


  • 7.  RE: Copy Running Config via SFTP

    Posted Jun 29, 2022 11:25 AM
    When you are backing up the config on a CX switch the command is copy startup-config sftp://[user]@[IP] [cli/json]
    On a AOS-S switch the command is copy startup-config sftp [user]@[IP] [filename]
    The latter doesn't have detail on the end because I don't see it in the options on a 2930f.

    ------------------------------
    .
    ------------------------------

    Original Message


  • 8.  RE: Copy Running Config via SFTP
    Best Answer

    Posted Jun 29, 2022 11:43 AM
    I found the issue. I was trying to back up the switch config from within the management VLan, while the sftp server interface is in another vlan. Management VLAN is not routable, so there is the problem. Created  an interface in the right VLAN on the switch and it works like a charm. Rookie mistake I suppose.

    Thank you for hanging in there with me everyone!
    Original Message


  • 9.  RE: Copy Running Config via SFTP

    Posted Jun 29, 2022 11:46 AM
    Although, I have one more related question. It keeps prompting me for a password. Is there a way to load the password in the command? Again, my hope is to have this running as a scheduled job without user input.
    Original Message


  • 10.  RE: Copy Running Config via SFTP

    Posted Jun 28, 2022 07:05 PM
    I'm ok using the solarwinds server, but it doesn't work for me either. Same result 'Request failed' 



    Original Message


  • 11.  RE: Copy Running Config via SFTP

    Posted Jun 29, 2022 02:31 PM
    Hi Ronald,

    aside from the SFTP, I suggest you may give a look to a different method for storing the configs:

    https://github.com/ytti/oxidized

    Pretty easy to setup, it cycles through the switch (or router, or anything network-related) list you have defined, and pull the configuration.
    Switch-side it just needs an SSH user.
    The directory where you store the config files may be git-enabled, so you will have the versioning and the diff between one config and another.
    A basic webserver is included, I suggest you protect it behind an SSL Reverse Proxy with access lists.

    On our 2930F and 2930M switches and switch stacks it works flawlessly.

    Regards
    GG
    Original Message


  • 12.  RE: Copy Running Config via SFTP

    Posted Jul 05, 2022 12:32 PM
    Thanks ilGino. I've gotten a similar setup running, just using WinSCP and Git. To my dismay I realize that the new AOS-CX switches don't support sftp server role, so there's no centralized way of copying to and fro. I'm so upset with AOS-CX. Haven't found any upsides yet, only many roadblocks. Coming back to my original question, if there's a way to authenticate switchside without having to enter a password, I guess that would be the only way for us to go (we have mostly AOS-S switches, but just implemented our first 3 AOS-CX devices)
    Original Message


  • 13.  RE: Copy Running Config via SFTP

    Posted Jul 05, 2022 01:00 PM
    Hi Ronald,

    just to add some more clarifications.

    With Oxidized you will not need to configure *anything* on each target switch (or router, or anything network-related).
    No scheduled jobs, no SFTP clients.
    Only the SSH service you possibly are already using to access the switch interface.

    The Oxidized service, installed on a VM, will cycle through the switch list you have defined, and *pull* the configuration via SSH.

    To be on the safest side, you may use for this task a restricted SSH user with reduced capabilities, read-only, just the login and the "show running-config".

    Regards
    GG
    Original Message


  • 14.  RE: Copy Running Config via SFTP

    Posted Jul 05, 2022 02:26 PM
    Thanks ilGino, but I believe that does not work with the AOS-CX firmware because it does not support SCP. On all other switches I can access the filesystem through my SSH client (mobaXterm) but not on the AOS-CX devices - I'm guessing because SCP is non-existent on them. So I doubt Oxidized will be able to pull anything from these devices.
    Original Message


  • 15.  RE: Copy Running Config via SFTP

    Posted Jul 05, 2022 06:36 PM
    I managed to backup AOS-S config files to an OpenSSH server. In those switches there is a command to import a client-key (copy sftp ssh-client-key). Is there an equivalent command for AOS-CX?

    (@ilGino we're also looking into oxidized, just giving this one last push since it would be the preferred solution)
    Original Message