Cisco设备配置文件定期备份
Cisco设备配置文件定期备份一、需求和应对之策
公司IDC机房几台交换机和防火墙设备,因业务需要,经常在交换机上或防火墙上修改配置文件,虽说Cisco设备稳定性很好,但做好备份,可以防万一。
网上有很多关于Cisco设备定期备份的文章,个人根据公司实际情况写了个备份脚本。
个人采用自动交互expect获取Cisco设备的配置文件,让后通过FTP上传到FTP服务器。
该脚本是放在Centos6.5服务器上,每周六晚上23:00执行。
二、线上脚本
1.脚本所在目录介绍
# pwd/usr/local/scripts/cisco_bak
# ls
cfgcisco_bak.ship_asa.txtip_switch.txttelnet_asa.exptelnet_switch.exp
up_cfg.sh
2.文件及目录介绍
cfg是存放备份的Cisco设备的配置文件。
telnet_switch.exp是通过Expect获取Cisco交换机的配置文件的。
# cat telnet_switch.exp
#!/usr/bin/expect
#This script is get switch cfg.
set timeout 60
set ip
set password
spawn /usr/kerberos/bin/telnet $ip
expect "Password:"
send "$password\r"
expect ">"
send "enable\r"
expect "Password:"
send "$password\r"
expect "#"
send "show running-config\r"
while {1} {
sleep 1
expect {
"*More--" {send " "}
"*#" {break}
}
}
send "exit\r"
expect eof
telnet_asa.exp是通过Expect获取Cisco防火墙的配置文件的。
# cat telnet_asa.exp
#!/usr/bin/expect
#This script is get switch cfg.
set timeout 60
set ip
set password
spawn /usr/kerberos/bin/telnet $ip
expect "*assword:"
send "$password\r"
expect ">"
send "enable\r"
expect "Password:"
send "$password\r"
expect "#"
send "show running-config\r"
while {1} {
sleep 1
expect {
"*More --->" {send " "}
"*#" {break}
}
}
send "exit\r"
expect eof
ip_switch.txt存放交换机的IP和密码。(我修改了,不能用公司的真实IP和密码。)
# cat ip_switch.txt
10.10.10.1 123
10.10.20.1 123
ip_asa.txt存放防火墙的IP和密码。(我修改了,不能用公司的真实IP和密码。)
# cat ip_asa.txt 10.10.10.254 123
10.10.20.254 123
cat up_cfg.sh是将备份的配置文件上传FTP备份。(也可以通过其他途径备份到存储服务器。)
# cat up_cfg.sh
#!/bin/bash
#This script is upload cfg to Remote Computer.
TODAY=`/bin/date +%F`
#Local Path
L_PATH=/usr/local/scripts/cisco_bak
#date path
Date_PATH=`/bin/date +%Y%m%d%H%M%S`
cd ${L_PATH}
#$1 Ip,$2 User,$3 Passwd,$4 Remote_Path
/usr/kerberos/bin/ftp -i -n -v << !
open $1
user $2$3
bin
passive
cd $4
lcd${L_PATH}/cfg
mput *${TODAY}.cfg
bye
!
cisco_bak.sh是主程序,它将telnet_asa.exp 、telnet_switch.exp和up_cfg.sh整合到一个脚本中。
# cat cisco_bak.sh
#!/bin/bash
#
TODAY=`date +%F`
PATH=/usr/local/scripts/cisco_bak
[ -d ${PATH}/cfg/ ] || /bin/mkdir -p ${PATH}/cfg/
cd ${PATH}
##ip.txt is stored in the user name and password.
#switch_bak
while read ip
do
#IP_NAME is IP
IP_NAME=`echo "$ip" | /bin/awk '{print $1}'`
/usr/bin/expect telnet_switch.exp $ip > ${PATH}/cfg/switch_${IP_NAME}_${TODAY}.cfg
done < ip_switch.txt
#asa_bak
while read ip
do
#IP_NAME is IP
#IP_NAME=`echo "$ip" | /bin/awk '{print $1}'`
/usr/bin/expect telnet_asa.exp $ip > ${PATH}/cfg/asa_${IP_NAME}_${TODAY}.cfg
done < ip_asa.txt
##upload cfg to ftp
##/bin/bash ${PATH}/up_cfg.sh FTP_IP FTP_USER FTP_PASSWD FTP_PATH
/bin/bash ${PATH}/up_cfg.sh 10.10.10.200 abc 123 /home/abc/Cisco_Devices
3.在linux上定期执行
# crontab -l
00 23 * * 6 /bin/bash /usr/local/scripts/cisco_bak/cisco_bak.sh>> /dev/null 2>&1
三、总结:
1.telnet_switch.exp和telnet_asa.exp很像,但在while循环中有区别,"*More--" {send " "}和"*More --->" {send " "}是不一样的。
2.有的防火墙需要用户名和密码才能登陆,可稍作修改telnet_asa.exp,传入三个参数:ip、name和passwd
3.可扩展:在备份失败时放送邮件通知管理员。
页:
[1]