Although it may not be the most glamorous side of IT every sysadmin will appreciate the value of a rock solid backup system. All too often though these systems do not extend down to the ’embedded’ systems like network switches and firewalls.
However with a little WinSCP (and its fantastic .NET assembly automation package) and PowerShell combined its pretty easy to cook up something that is 100% less of the cost of any management solution.
This guide shows how to setup the backup of a HP ProCurve switch (I’ve tested it with the ProCurve 8200 series, 5400 series the 2920s, a 2626 and a 2530 all of which were running the most recent firmware) although it should be a simple matter of changing the relevant paths to make it work with other manufacturers kit (e.g. Cisco).
Download Source Files
First up grab the source files from the link below and extract the contents to C:\Network Switch Backup (you can use any other path but will just need to update the paths inside the PowerShell) you should then have a folder which contains a .cmd file, a .ps1, a sample .csv and a sub folder called Backups.
Network Switch Backup (1.7 KiB, 5,989 hits)
Getting your Switch ready and filling out the CSV
Each switch will now need ip ssh and ip ssh filetransfer running on it through the CLI (if its not already setup); be sure to set a manager password (if you haven’t done so already!) as well. In addition you will need to find the Server host key fingerprint for each switch; the screen shots below show one way of doing this.
Getting WinSCP ready
As normal follow through the screen shots below; you will need this link to get a hold of the installation components – http://winscp.net/eng/download.php.
Pushing go!
Final step! (I know this was almost too easy….) Run the .cmd file and assuming everything is listed right you will soon have a complete listing of all of your network switch configurations (more in the screen shots).
There’s a little more…
To take things one step further and make this process truly automated you can set a scheduled task on your computer to run the ‘Backup Network Switches.cmd’ file at a set time each day 🙂
You might also want to consider expanding your setup using the information in my Automated Change Detection and Reporting – Network Switches post which sets things up so that you receive email notification each day listing out any changes in your configs.
I’ve been researching how to best automate our networks’ backups for a few hours, and this is by far the easiest, most effective, and most secure solution I’ve come across so far. Everything else either relied on TFTP or telnet or required an expensive purchase. This was easy to set up, and as long as access to the backups and CSV folder are set responsibly you’re good to go. Thanks!
Thanks Chris!
Nice,
I have tried running the script and I get
PS C:\Network Switch Backup> C:\Network Switch Backup\Backup Network Switches.ps1
Directory: C:\Network Switch Backup\Backups
Mode LastWriteTime Length Name
—- ————- —— —-
d—- 16/12/2016 11:01 IP ADDRESS
in PowerShell, which created the folder with the IP, but doesn’t download the config file into that folder.
Think I found the issue. When testing downloading the startup-config manually via WinSCP, I login to the switch correctly, but then when copying the files I get this error http://prntscr.com/dk4etb
What is the model and firmware version of the switch that you are connecting to please?
In addition can you confirm that you’ve carried out the steps in ‘Getting your Switch ready and filling out the CSV’?
Hi James,
Thank you so much for the script. It works a treat however I’ve bumped into 2 issues.
1.) I want to store WinSCP on a network share, however when pointing to it in the .ps1 file, I simply get an error when running the script. When running locally it works fine (see error below)
“Add-Type : Could not load file or assembly ‘file://\\\\WinSCP\WinSCPnet.dll’
or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
At C:\Network Switch Backup\Backup Network Switches.ps1:6 char:1
+ Add-Type -Path “\\\\WinSCP\W …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-Type], FileLoadException
+ FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.AddTypeCommand”
2.) This isn’t a fault with the script at all, more just me trying to get it to do what I want it to do.
So, I’m going to use the script to pull a config daily using task scheduler. However, I want to incorperate SVN into this so it only keeps one file but has version control. That bit I can do no problem, yet for some reason I can’t get it to change the name the file saves as.
For example, it’s currently saving as “2017-1-9”, but ideally I’d like for this to be saved as “swt-1-ben”. Is this possible to do?
Again, thank you so much for this script, automated backup solutions have been driving me mad!
Kindest regards,
Ben H
Edit:
It should say “file://\\domain\folder\WinSCPnet.dll” & + “App-Type -Path “\\domain\folder\W …”
Lot of typo’s in my previous request.
So Posting it again.
Hi James,
The script work for me.
Just one question.
If I already got the host name folder in the backups folder it is giving error “hostname already exists”.
I am thinking something like create a new folder date wise.
If I am running the script today it should create folder 05072017 under backups and then create individual host name folder.
That way I can keep a copy of previous config’s as well.
can you help me to do that.
Thank you
Hi Krishna,
Could you provide the full error message from PowerShell please?
My contact details can be found here – http://myworldofit.net/?page_id=82
Cheers,
James
I must say it’s a very cool script that makes only one click to save your configs. Thank you very much James !
I altered this part of the ps1 in order to add the IP in the filename of saved config
Original
—
#Define the path to store the result of the download
$outputpath = $outputfolder + $date
—
–> file is like 2017-10-18
Altered
—
#Define the path to store the result of the download
$outputpath = $outputfolder + $date + “-” + $line.hostname
—
–> file is now like 2017-10-18-192.168.30.1
Hi James
This explenation is really nice, thx! I have one problem, we have an “@” in our password. I think because of it, the connection doesn’t work. If I use a password withouth “@” it works. Is there solution that we can keep a password with “@”?
thanks 😉
Hi there,
Just a heads up, this still appears as one of the top results for backing up Procurve configs automagically and it works a treat. Thanks so much 🙂 We’ve got a huge mix of network gear and 30+ procurve switches throughout the company. This just made my job considerably faster.
I’m useless at scripting but I’ve made a couple of cosmetic changes.
If you couldn’t find the WinSCP Automation downloads, you’ll need to make the following changes.
—————-
Original:
Add-Type -Path “C:\Program Files (x86)\WinSCP Automation\WinSCPnet.dll”
Changed to: (assuming it’s installed in the default location)
Add-Type -Path “C:\Program Files (x86)\WinSCP\WinSCPnet.dll”
—————-
For neatness sake I adapted what Florent kindly added:
Adds some spaces to the file name, adds the device hostname and adds a file extension to cheer me up.
—————-
Original: $outputpath = $outputfolder + $date
Altered: $outputpath = $outputfolder + $date + “ – ” + $line.hostname + “.txt”
—————-
Files now output like “2017-11-14 – 10.1.10.114.txt”
I’ll get some dns records added and it’ll be lovely and tidy.
Brilliant.
Thanks again.
Awesome to hear! I think I’m due a bit of an overhaul of the script as well as moving it to GitHub 🙂
New-Item : An item with the specified name C:\Users\vanguye\Desktop\Network_Switch_Backup\Backups\10.239.98.58\ already exists.
At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:19 char:1
+ New-Item $outputfolder -ItemType Directory
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceExists: (C:\Users\vanguy…s\10.239.98.58\:String) [New-Item], IOException
+ FullyQualifiedErrorId : DirectoryExist,Microsoft.PowerShell.Commands.NewItemCommand
Exception calling “Open” with “1” argument(s): “Timeout waiting for WinSCP to respond”
At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:34
char:1
+ $session.Open($sessionOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : TimeoutException
Exception calling “GetFiles” with “4” argument(s): “Session is not opened”
At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:41
char:1
+ $transferResult = $session.GetFiles(“/cfg/startup-config”, $outputpath, $False, …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
Hi, Can you help with this error:
Timeout waiting for WinSCP to respond. i can success login and WINSCP show starting session
Don’t remove the first line in the .CSV file and it works.
Nice guide 🙂
But i have litlle problem with new switch like 1920 48 G
Use CLI is new and not have config in /cfg/startup-config 🙁
is there a way to get the config from this model ?
I’m afraid I don’t have any of that model to hand – can you SFTP to it and send me a screenshot of the file structure?
Exception setting “SshHostKeyFingerprint”: “SSH host key fingerprint “” does not match pattern /((ssh-rsa|ssh-dss|
ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((
ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-z
A-Z+/]{43}=))*/”
At line:1 char:1
+ $sessionOptions.SshHostKeyFingerprint = $line.sshhostfingerprint
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
————————————————————
Server hostkey finger print
MD5 = ssh-rsa 2048 97:a4:6f:40:10:39:22:29:f2:a2:2e:cf:ba:9d:9b:ab
————————————————————
Hi ,
As i understand from error message this system dont support ssh-rsa 2048. is there any solution for this problem. Thnx.
hi i would like to store morte than one file. ( as backup) any solutions?
Hi, i need an automatic Reboot of more than one switch.
Any ideas ?
Hello, first of all, thanks for sharing this guide, even 4 years later is being really useful for me.
I´ve been trying to get it to work, however I´m not able yet. It says the fingerprint is not set, however it is already in the csv file,
:::::::::::::::::::::::::
False
Excepción al llamar a “Open” con los argumentos “1”: “SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but
SessionOptions.SshHostKeyFingerprint is not set.”
:::::::::::::::::::::::::
Could you or any other reader give me a hand? Thanks in advance, my email is REDACTED and my whatsapp REDACTED
Best regards to all.
Hi James, I was looking for a simple way to automatically secure the twelve alcatel switches in my small company. that’s it, you are my personal hero. Kind Regards Daniel
Hi,
is there any chance to adopt this script to be compatible for the new Aruba CX-OS?
Greetings,
René
I’m afraid I don’t have access to a new CX-OS switch to test it out, if it has an SSH/SCP interface it should be possible though.
Hi,
Your script works great but there is some issues which i faced. One of them is for 2800 model switches ios versiyon must be n.11.78. i had earlier version of that ios and winscp couldnt copy file to my pc. Second there is underline between name of network switch backup at script code but there is not that underlines network switch backup file which i download from web page. Thank you.
Great script. I do have a question, I work at a tiny school district in North Texas and we don’t use Microsoft Excel, we are poor as dirt, we use Google’s “sheets”. How would I or could I change the “switches.csv” to work in my situation with “sheets” Thanks, Matt