Pull switch/router config with SSH flow

Hi,

I'm trying to find a, in my opinion, very simple flow to do the following.

• Connect via SSH to an IP address
• Login with username/password
• Run the commands:
  no page

• show system*
• show version*
• show vlans*
• show trunks*
• show mac-address*
• show spanning-tree*
• show running-config*
• page*

• save all the output to a .txt file
• Disconnect the SSH session

I want to get the whole running config from a router of switch automated by Node Red.
If this is working I would like to make a dashboard where you can enter an IP address and the credentials and hit the button to save the config.

I googled for a couple of hours but can't find anything usefull.
Anybody here that did this trick before?

Thanks
Dane

This is not going to be so simple as it looks, mainly because Cisco IOS does not have a interactive commandline and ssh also adds some complexity. I would recommend ansible for these types of tasks instead, or there might some python scripts out there that could do it as well.

You could try snmp

https://flows.nodered.org/search?term=snmp

EDIT...
PS, if you get this to work I would be very interested

Maybe you can do something with exec node and ssh remote commands

Maybe you can do something with exec node and ssh remote commands

You can't, it is not a linux box. To script IOS, you need python and TCL, TCL is the only languague IOS understands.

You could try snmp

snpm should work, if you can configure it on the device. There are snpm nodes available too.

(not being pedantic)
Is this a typo or something different to SNMP and the nodes i linked to?

Assuming its a typo and you meant SNMP, would you know how to do this?
I find SNMP to be quite obtuse.

Typo yes sorry

I will report back once I understand how to interpret the MIBs for my ubiquity router. For my synology based NAS (xpenology) I know how to get data out of it, but it never reports what I request (ie. specified incorrect MIB).

TS never mentioned the brand of his switch/router so I don't have a clue where you see Cisco or IOS.

At a guess - leap of faith - the clues are in the commands the OP wants to execute...

They are all valid Cisco IOS commands

The node i am using: node-red-contrib-snmp

Example interfaces from my ubiquiti erx

IOD 1.3.6.1.2.1.2.2.1.2 per RFC (should be standard accross devices) - outputs the interfaces and names in buffers (example flow translates them to UTF8 string)

IOD 1.3.6.1.2.1.2.2.1.8 (RFC) outputs all interfaces status value 0 (down) 1 (up)

Example output

Screenshot 2020-07-13 at 18.53.33636×1802 167 KB

Example flow

[{"id":"7320c129.7639f8","type":"inject","z":"838f476f.2b6cd","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":204,"y":408,"wires":[["5a17a576.80a3bc","fdafbd8b.0520a"]]},{"id":"c5077427.3b3a3","type":"debug","z":"838f476f.2b6cd","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":698,"y":408,"wires":[]},{"id":"5a17a576.80a3bc","type":"snmp subtree","z":"838f476f.2b6cd","host":"10.0.0.1","community":"public","version":"2c","oids":"1.3.6.1.2.1.2.2.1.2","timeout":5,"name":"","x":388,"y":384,"wires":[["121a7d16.7513db"]]},{"id":"121a7d16.7513db","type":"function","z":"838f476f.2b6cd","name":"","func":"m = msg.payload\no = []\nfor(x=0;x<m.length;x++){\n    \n    let i = m[x].value.toString('utf8');\n    o.push({oid:m[x].oid,interface:i})\n    \n}\n\nreturn {payload:o}","outputs":1,"noerr":0,"initialize":"","finalize":"","x":564,"y":384,"wires":[["c5077427.3b3a3"]]},{"id":"fdafbd8b.0520a","type":"snmp subtree","z":"838f476f.2b6cd","host":"10.0.0.1","community":"public","version":"2c","oids":"1.3.6.1.2.1.2.2.1.8","timeout":5,"name":"","x":388,"y":432,"wires":[["c5077427.3b3a3"]]}]

Really essential is a MIB browser to understand the values and their context, i am using iReasoning MIB browser, it's free and you can load MIB's in it.

Thanks people for your reply’s!
From reading your reply’s it’s harder than I thought.
I’m not sure if SNMP will do the trick but I will look into that.
In this case I’m using Aruba switches, now doing this by hand one by one to make a backup.
Should be very helpful if I can automate this.
I know there are ways of using sftp where the switch drop their running config but I’m not going to use that.

Interesting, looks exactly like cisco, very creative But looking on google, depending on the OS they have a rest api available, which will make this relatively easy with a http request or exec node

I believe that Aruba (depending on OS version) support TCL in the console.

This is the easiest way to do this - although really i would just use a TFTP dump of the file and then use Node-red to manage them

Should be simple in TCL (been a while since i did anything on IOS with it) to do a once a day dump of running config to a local TFTP server

Here is almost a working TCL version for you in this thread

Craig

Another update - not sure what Aruba supports but on Cisco we have Kron and Archive - have a read of the below

You could either:

Use Cisco's Kron functionality for command scheduling. This will allow you to execute predefined commands on a scheduled basis. As you pointed out, copy run tftp requires file prompt confirmation. (Unless you've turned off file prompt confirmation, however I don't recommend it as a normal setting.) Redirecting does not require confirmation. So the command used in the scheduler is show run | redirect tftp://$SERVERIP/$PATH/$FILE

Use Cisco's Archive functionality for configuration management. Archive is a way to store multiple copies of the config in a sequential fashion and roll back configs if needed to a previous version. Copying out with Kron overwrites the previous config, while Archive allows you to keep up to 14 different config versions in the specified location. See this link on the Cisco Learning network for more useful info on Archive. Specifically how to dynamically set the filename with the $h and $t tags.

In either of the below samples, you can adjust the times to your needs, these are just what I quickly pulled out of some production gear.

Sample config to have Kron write config and back it up to a tftp server once a week:

kron occurrence SaveConfig at 23:50 Mon recurring
policy-list SaveConfig
!
kron occurrence BackupRunningConfig at 23:55 Mon recurring
policy-list BackupRunningConfig
!
kron policy-list SaveConfig
cli write
!
kron policy-list BackupRunningConfig
cli show running-config | redirect tftp://10.10.10.10/configs/testswitch.txt
Sample config to have Archive back up your config to a tftp server daily:

archive
path tftp://10.10.10.10/configs/$h-$t
time-period 1440
maximum 14

I was not aware of the rest API, thanks!
I checked my switches and they support rest API, I will try to lookin to that if it's possible to pull the running config via a rest API command.

Thanks, I know this is possible.
But I want to connect my laptop to the network select the IP addresses of the switches hit the button and collect the switch config files. Not schedule anything yet, If I get this to work in Node-Red then it would be very easy to schedule something and archive files.

OK - not sure why you would prefer that to an automated job though - the right tools for the job and all.

You could then have NR go out and grab all the config files from each of the servers where they have been dropped and centralize them all

Craig

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.