Procurve 5406R zl2Although it may not be the most glamorous side of IT every sysadmin will appreciate the value of a rock solid backup system. All too often though these systems do not extend down to the ’embedded’ systems like network switches and firewalls.

However with a little WinSCP (and its fantastic .NET assembly automation package) and PowerShell combined its pretty easy to cook up something that is 100% less of the cost of any management solution.

This guide shows how to setup the backup of a HP ProCurve switch (I’ve tested it with the ProCurve 8200 series, 5400 series the 2920s, a 2626 and a 2530 all of which were running the most recent firmware) although it should be a simple matter of changing the relevant paths to make it work with other manufacturers kit (e.g. Cisco).

1Download Source Files

First up grab the source files from the link below and extract the contents to C:\Network Switch Backup (you can use any other path but will just need to update the paths inside the PowerShell) you should then have a folder which contains a .cmd file, a .ps1, a sample .csv and a sub folder called Backups.

  Network Switch Backup (1.7 KiB, 3,263 hits)

Getting your Switch ready and filling out the CSV

Each switch will now need ip ssh and ip ssh filetransfer running on it through the CLI (if its not already setup); be sure to set a manager password (if you haven’t done so already!) as well. In addition you will need to find the Server host key fingerprint for each switch; the screen shots below show one way of doing this.

Getting WinSCP ready

As normal follow through the screen shots below; you will need this link to get a hold of the installation components –

Pushing go!

Final step! (I know this was almost too easy….) Run the .cmd file and assuming everything is listed right you will soon have a complete listing of all of your network switch configurations (more in the screen shots).

There’s a little more…

To take things one step further and make this process truly automated you can set a scheduled task on your computer to run the ‘Backup Network Switches.cmd’ file at a set time each day 🙂

You might also want to consider expanding your setup using the information in my Automated Change Detection and Reporting – Network Switches post which sets things up so that you receive email notification each day listing out any changes in your configs.

VN:F [1.9.22_1171]
Thumbs up if this article helped you 🙂
Rating: +24 (from 24 votes)
Automated backup for your network switches with WinSCP and PowerShell, 100% based on 24 ratings

21 Responses to Automated backup for your network switches with WinSCP and PowerShell

  • Chris Foote says:

    I’ve been researching how to best automate our networks’ backups for a few hours, and this is by far the easiest, most effective, and most secure solution I’ve come across so far. Everything else either relied on TFTP or telnet or required an expensive purchase. This was easy to set up, and as long as access to the backups and CSV folder are set responsibly you’re good to go. Thanks!

  • RobAnd says:

    I have tried running the script and I get

    PS C:\Network Switch Backup> C:\Network Switch Backup\Backup Network Switches.ps1

    Directory: C:\Network Switch Backup\Backups

    Mode LastWriteTime Length Name
    —- ————- —— —-
    d—- 16/12/2016 11:01 IP ADDRESS

    in PowerShell, which created the folder with the IP, but doesn’t download the config file into that folder.

    • James Preston says:

      What is the model and firmware version of the switch that you are connecting to please?
      In addition can you confirm that you’ve carried out the steps in ‘Getting your Switch ready and filling out the CSV’?

  • Ben H says:

    Hi James,

    Thank you so much for the script. It works a treat however I’ve bumped into 2 issues.

    1.) I want to store WinSCP on a network share, however when pointing to it in the .ps1 file, I simply get an error when running the script. When running locally it works fine (see error below)

    “Add-Type : Could not load file or assembly ‘file://\\\\WinSCP\WinSCPnet.dll’
    or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
    At C:\Network Switch Backup\Backup Network Switches.ps1:6 char:1
    + Add-Type -Path “\\\\WinSCP\W …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Add-Type], FileLoadException
    + FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.AddTypeCommand”

    2.) This isn’t a fault with the script at all, more just me trying to get it to do what I want it to do.

    So, I’m going to use the script to pull a config daily using task scheduler. However, I want to incorperate SVN into this so it only keeps one file but has version control. That bit I can do no problem, yet for some reason I can’t get it to change the name the file saves as.

    For example, it’s currently saving as “2017-1-9”, but ideally I’d like for this to be saved as “swt-1-ben”. Is this possible to do?

    Again, thank you so much for this script, automated backup solutions have been driving me mad!

    Kindest regards,
    Ben H

  • Krishna says:

    Lot of typo’s in my previous request.
    So Posting it again.

    Hi James,
    The script work for me.
    Just one question.
    If I already got the host name folder in the backups folder it is giving error “hostname already exists”.
    I am thinking something like create a new folder date wise.
    If I am running the script today it should create folder 05072017 under backups and then create individual host name folder.
    That way I can keep a copy of previous config’s as well.
    can you help me to do that.
    Thank you

  • Florent says:

    I must say it’s a very cool script that makes only one click to save your configs. Thank you very much James !

    I altered this part of the ps1 in order to add the IP in the filename of saved config


    #Define the path to store the result of the download
    $outputpath = $outputfolder + $date

    –> file is like 2017-10-18


    #Define the path to store the result of the download
    $outputpath = $outputfolder + $date + “-” + $line.hostname

    –> file is now like 2017-10-18-

  • logi says:

    Hi James

    This explenation is really nice, thx! I have one problem, we have an “@” in our password. I think because of it, the connection doesn’t work. If I use a password withouth “@” it works. Is there solution that we can keep a password with “@”?

    thanks 😉

  • Michael says:

    Hi there,

    Just a heads up, this still appears as one of the top results for backing up Procurve configs automagically and it works a treat. Thanks so much 🙂 We’ve got a huge mix of network gear and 30+ procurve switches throughout the company. This just made my job considerably faster.

    I’m useless at scripting but I’ve made a couple of cosmetic changes.
    If you couldn’t find the WinSCP Automation downloads, you’ll need to make the following changes.

    Add-Type -Path “C:\Program Files (x86)\WinSCP Automation\WinSCPnet.dll”

    Changed to: (assuming it’s installed in the default location)
    Add-Type -Path “C:\Program Files (x86)\WinSCP\WinSCPnet.dll”

    For neatness sake I adapted what Florent kindly added:
    Adds some spaces to the file name, adds the device hostname and adds a file extension to cheer me up.

    Original: $outputpath = $outputfolder + $date
    Altered: $outputpath = $outputfolder + $date + “ – ” + $line.hostname + “.txt”

    Files now output like “2017-11-14 –”
    I’ll get some dns records added and it’ll be lovely and tidy.

    Thanks again.

  • vanguye says:

    New-Item : An item with the specified name C:\Users\vanguye\Desktop\Network_Switch_Backup\Backups\\ already exists.
    At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:19 char:1
    + New-Item $outputfolder -ItemType Directory
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ResourceExists: (C:\Users\vanguy…s\\:String) [New-Item], IOException
    + FullyQualifiedErrorId : DirectoryExist,Microsoft.PowerShell.Commands.NewItemCommand

    Exception calling “Open” with “1” argument(s): “Timeout waiting for WinSCP to respond”
    At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:34
    + $session.Open($sessionOptions)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : TimeoutException

    Exception calling “GetFiles” with “4” argument(s): “Session is not opened”
    At C:\Users\vanguye\Desktop\Network_Switch_Backup\Backup Network Switches.ps1:41
    + $transferResult = $session.GetFiles(“/cfg/startup-config”, $outputpath, $False, …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

    Hi, Can you help with this error:
    Timeout waiting for WinSCP to respond. i can success login and WINSCP show starting session

  • Dariusz says:

    Nice guide 🙂

    But i have litlle problem with new switch like 1920 48 G
    Use CLI is new and not have config in /cfg/startup-config 🙁

    is there a way to get the config from this model ?

    • James Preston says:

      I’m afraid I don’t have any of that model to hand – can you SFTP to it and send me a screenshot of the file structure?

  • cihan says:

    Exception setting “SshHostKeyFingerprint”: “SSH host key fingerprint “” does not match pattern /((ssh-rsa|ssh-dss|
    ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((
    ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-z
    At line:1 char:1
    + $sessionOptions.SshHostKeyFingerprint = $line.sshhostfingerprint
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

    Server hostkey finger print

    MD5 = ssh-rsa 2048 97:a4:6f:40:10:39:22:29:f2:a2:2e:cf:ba:9d:9b:ab

    Hi ,

    As i understand from error message this system dont support ssh-rsa 2048. is there any solution for this problem. Thnx.

  • Hello, first of all, thanks for sharing this guide, even 4 years later is being really useful for me.

    I´ve been trying to get it to work, however I´m not able yet. It says the fingerprint is not set, however it is already in the csv file,

    Excepción al llamar a “Open” con los argumentos “1”: “SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but
    SessionOptions.SshHostKeyFingerprint is not set.”

    Could you or any other reader give me a hand? Thanks in advance, my email is REDACTED and my whatsapp REDACTED

    Best regards to all.

Leave a Reply to Florent Cancel reply

Your email address will not be published.