Tuesday, December 11, 2018

Network Switch Configuration Backup Automation

Network Devices Configuration Backup Automation 



In this article, I'm going to explain about how to automate network device configuration backup using PowerShell and TFTP.

Here we are going to automate HP ,Cisco switches and Fortigate UTM configuration backup.

Manual backup of network devices in an infrastructure is a time consuming task.Many licensed applications are available in the market for taking the configuration backup of network devices from a central console but you have to pay for the license.

Therefore, this automated network device configuration backup solution is useful for those who have not purchased network management software and also the network infrastructure consists of number of switches, routers and firewalls.

This PowerShell script will save the configuration backup of all devices into the TFTP server's defined location, so it is definitely a time saver.

Here we are going to use the new module introduced in windows PowerShell (WMF 5.0 or later) “Posh-SSH module”, which is loaded with SSH commands to access and execute commands on the network devices.

Pre-requisites  

  ü  Windows PowerShell version 5.0 or above


Open an administrative PowerShell and execute the below command to check your PowerShell version.
















If it is below 5.0, update your PowerShell Version first.

Reference : https://docs.microsoft.com/en-us/powershell/wmf/5.1/install-configure

 ü  Posh-SSH module should be installed on windows PowerShell
Open an administrative PowerShell and execute the below command







Reference: https://www.powershellgallery.com/packages/Posh-SSH/2.0.2

 ü  Install and configure a TFTP Server (Refer Step 2)

 ü  SSH should be enabled on all network devices

 ü  All devices should be configured with same login credentials (Read only)

 ü  After logging in, the devices should be in "Enable" (Privileged #) mode

 ü  Network devices firmware should be in-line with industry standards

 ü  Add IP address of devices into hp.txt, cisco.txt and fortigate.txt into the “content” folder.

 ü  Not recommended to run on any servers installed with SCCM, WDS or any other tftp services.

 ü  Login credential need to be encrypted and saved in a text file Pass.txt. Copy the pass.txt file into the script “content” folder.

How to Convert

Open Administrative PowerShell window and execute the command below.

"Temp123*" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\pass.txt”.

Password – Temp123*
Output File – pass.txt in C drive

Note: In case if your password contains special characters like "$" make sure you input the password in below format. Otherwise while encrypting the password get altered.

Example:

Temp123$upp0rt

"Temp123"+"$"+upp0rt

How to use the script


 1)      Download the script “Network_switch_auto_backup.ps1” from the GitHub repository and extract it into any drive.

https://github.com/Sijoejohn/Network-Device-Configuration-Backup













 2)      Open tftpd64 folder under script root folder and run tftpd64.exe, note down the IP address and edit the following settings. It is a one-time job.
      






       2a)  Open Tftpd64 program, click on Settings button.

2b) Settings window will open as shown below. Put a check mark only to TFTP Server option. Remove check mark from all other options

2c) then next select TFTP tab. click on Browse button to specify Base Directory. You need to specify the Base Directory of the TFTP Server. Set your script root folder as the base directory.

Ex: H:\Network_switch_auto_backup

Where H = your disk drive where the script folder is extracted to. Network_switch_auto_backup is the script root folder.

2d) Under TFTP Security, select the option None

2e) A very important Step, Bind TFTP to this address: To set the IP address for TFTP server, please select the option Bind TFTP to this address then select the IP address available for you. You may get a different IP address, please use the IP address available in the drop down window.

You have to note down bonded IP address and write into the script line as mentioned in Step 3.

2f) once you have performed all the above steps, Click on OK. Now you will receive a window asking to restart Tftpd64 to apply the new settings. Click on OK.

2e) Reopen Tftpd64 program. Just ensure that you selected same IP address for Server Interface.              
Reference: http://techzain.com/how-to-setup-tftp-server-tftpd64-tfptd32-windows/

 3)      Edit the following portion in the script

 If user name to login to your device is not "manager”, change it to your user name.

$cred=New-ObjectSystem.Management.Automation.PSCredential ('manager',$securePassword)

Enter your TFTP server IP address (Bonded TFTP Server IP address – Step 2e)

$tftp_server="Enter your TFTP server ip address here" 



 4)      Open script root folder and navigate to “Content folder”

  Replace pass.txt with your encrypted device password key file












 Enter the IP address of HP devices into hp.txt










Enter the IP address of Cisco devices into cisco.txt

Enter the IP address of Fortigate devices into fortigate.txt


5)      Open a PowerShell (Administrative PS recommended) 

 6)      Navigate and set path to script root folder

 7)      If you want to backup HP devices configuration execute the below command
PS>.\Network_switch_auto_backup.ps1 HP




 8)      If you want to backup CISCO devices configuration execute the below command
  
 PS>.\Network_switch_auto_backup.ps1 cisco










8)      If you want to backup Fortigate devices configuration execute the below command
  
 PS>.\Network_switch_auto_backup.ps1 fortigate

 9)      If you want to backup HP, CISCO and Fortigate devices configuration execute the below command.

  PS>.\Network_switch_auto_backup.ps1 All
                                                                                                             

 10)      Output will be saved in your script root folder

\2018\December\07122018\10.0.0.20\running-config.cfg
\2018\December\07122018\10.0.0.20\startup-config.cfg

 Note : Fortigate devices backup will be saved into script root folder.











 11)      Logging is enabled on the script for troubleshooting, check “logs” folder under the script root folder if you come across any errors.




































 12)      The script can be schedule using task scheduler to backup devices configuration as per the requirement.


How it works

1.      Script creates a folder at destination if it is not exist, folder structure as follows Year -> Date -> Switch IP.
2.       Get device IP addresses from the hp.txt& cisco.txt
3.       Import Posh-SSH module into PowerShell
4.       Create a SSH Session into each devices and save the configurations into the defined location one by one.
5.       Disconnect the SSH session.

Troubleshooting



1)  Logging is enabled on the script with run time, date and year, check the folder “logs”


Future Enhancements



1)  Expand functionality for larger pool of network devices.

 2) Compare the startup and running config and remove running-config if both are identical.


Devices Tested


1) HP Switches (Procurve and Aruba)2) Cisco switches (iOS)3) Fortigate UTM


Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)