Tutorial 3: Configuration backup and restore

HP switches

  • To backup the configuration file:
    1. You will need to backup to a tftp server that is accessible from the control vlans 1810 and 1812 typically vlan 15 will work.
    2. WARNING! DO NOT USE Windows Hyperterminal. HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
    3. to backup to your switch configuration to a tftp server login as with administrator name and password
    4. type: copy startup-config tftp <tftp-ip-address> <filename.cfg>

  • To RESTORE a HP switch configuration file:
    1. You will need to restore the configuration file from a tftp server that is accessible from the control vlans 1810 and 1812 typically vlan 15 will work.
    2. WARNING! DO NOT USE Windows Hyperterminal. HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
    3. Telnet or ssh into switch with adminstrator name and password
    4. type: copy tftp startup-config <tftp-ip-address> <filename.cfg>
    5. Type yes to reboot switch when configuration file has been reloaded.

Netscreen firewalls

Outline: The preferred procedure is to use the embedded web-server in the Netscreens via the management network interface. The CLI procedure is shown below.

Connecting to the management network

  • Our Netscreens' management network interfaces are configured for network 192.168.15.0/24, with the Web management console at 192.168.15.200/24.
  • No DHCP service is available, so configure the laptop statically for any other address on 192.168.15.0/24, e.g. 192.168.15.201/24. DNS and gateway information is not necessary.

You will need to know the root password for the Netscreens. See the password cardfile in the key vault, under "Netscreen".

Web procedure

Saving the current configuration

Browse to the embedded web-server at "http://192.168.15.200". Navigate to Configuration--Update--ConfigFile and "Save to File" and follow the prompts, saving the file locally on the laptop. Note that "http" (as opposed to "https") is acceptable here, since the management network is not routed and you are making a direct connection. "Http" is known to work better with the Netscreen web-server than "https" for Firefox and other non-IE browsers.

Restoring (uploading) a configuration

  1. Place the configuration file to be restored/uploaded onto the laptop.
  2. Log into the embedded web-server on the target device at "http://192.168.15.200/". Navigate to Configuration-Update--ConfigFile.
  3. Click "Replace Current Configuration"
  4. Browse to the location of the configuration file on the local system
  5. Click "Apply".
This will force a re-boot of the device with the new configuration.

Potential problems

The embedded web-server software on the firewalls is very sensitive to the version of web-browser and JavaScript. In particular, https is known to work only with IE version 6. For other software, you will have to use http. This is less than desirable, but in the case of the management port it is not a significant problem -- the network is not viewable by anyone else, so there is no risk in using a password over an unencrypted channel.

CLI procedure

Outline: The procedure to back up via the CLI requires a TFTP server running somewhere, and an SSH client. A method that has been dfound to work acceptably is to run the TFTP server and the SSH client on the same laptop, connecting the laptop to the management network on the Netscreen.

Steps:

  1. connect the laptop the the Netscreen's management network interface
    • the following examples assume that the laptop is configured at 192.168.15.201/24.
  2. start the local tftp server on the laptop
  3. on the laptop, start an ssh client to 192.168.15.200 (method varies depending on laptop OS) and log in as root.
  4. to save a configuration (i.e. copy from the netscreen to the laptop):
    • save config to tftp 192.168.15.201 local-filename-to-save
  5. to restore/upload a configuration (i.e. from the laptop to the Netscreen, destroying the existing configuration):
    • save config from tftp 192.168.15.201 local-filename-containing-config-to-upload

A reset is not forced, so issue the command reset to force the device to load the new configuration.

Archive of saved configurations

There is an archive of Netscreen configurations in sftp://userid@asimov/coregroup1/core/0-Networking/Netscreen%20Firewalls/Saved%20configurations. Replace userid with your userid. (Note: there may be other ways to access this directory, but sftp is known to work.)
Topic revision: r9 - 2010-06-25 - TrevorGrove
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback