NetworkTutorial3 < CF

CF Web>TutorialsStartingPoint>NetworkTutorial3 (2010-06-25, TrevorGrove) (raw view)
---+ Tutorial 3:  Configuration backup and restore

%TOC%

---++ HP switches
   * To backup the configuration file:
      1. You will need to backup to a tftp server that is accessible from the control vlans 1810 and 1812  typically vlan 15 will work.   
      1.  WARNING! DO NOT USE Windows Hyperterminal.  HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
      1. to backup to your switch configuration to a tftp server login as with administrator name and password
      1.  type:   copy startup-config tftp <tftp-ip-address>  <filename.cfg>

   * To RESTORE a HP switch configuration file:
      1. You will need to restore the configuration file from a tftp server that is accessible from the control vlans 1810 and 1812 typically vlan 15 will work.   
      1.  WARNING! DO NOT USE Windows Hyperterminal.  HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
      1.  Telnet or ssh into switch with adminstrator name and password
      1.  type:   copy tftp startup-config <tftp-ip-address>  <filename.cfg>
      1.  Type yes to reboot switch when configuration file has been reloaded.



---++ Netscreen firewalls

*Outline:*  The preferred procedure is to use the embedded web-server in the Netscreens via the management network interface.  The CLI procedure is shown [[#CLI_procedure][below]].

---+++ Connecting to the management network
   * Our Netscreens' management network interfaces are configured for network 192.168.15.0/24, with the Web management console at 192.168.15.200/24.
   * No DHCP service is available, so configure the laptop statically for any other address on 192.168.15.0/24, e.g. 192.168.15.201/24.  DNS and gateway information is not necessary.

You will need to know the root password for the Netscreens.  See the password cardfile in the key vault, under "Netscreen". 

---+++ Web procedure
---++++ Saving the current configuration
Browse to the embedded web-server at "http://192.168.15.200".  Navigate to  Configuration--Update--ConfigFile and "Save to File" and follow the prompts,  saving the file locally on the laptop.  Note that "http" (as opposed to "https") is acceptable here, since the management network is not routed and you are making a direct connection.  "Http" is known to work better with the Netscreen web-server than "https" for Firefox and other non-IE browsers.

---++++ Restoring (uploading) a configuration
   1. Place the configuration file to be restored/uploaded onto the laptop.
   1. Log into the embedded web-server on the target device at "http://192.168.15.200/".  Navigate to Configuration-Update--ConfigFile.  
   1. Click "Replace Current Configuration"
   1. Browse to the location of the configuration file on the local system
   1. Click "Apply".
This will force a re-boot of the device with the new configuration.

---++++ Potential problems
The embedded web-server software on the firewalls is very sensitive to the version of web-browser and !JavaScript.  In particular, https is known to work only with IE version 6.  For other software, you will have to use http.  This is less than desirable, but in the case of the management port it is not a significant problem -- the network is not viewable by anyone else, so there is no risk in using a password over an unencrypted channel.

---+++ CLI procedure

*Outline:*  The procedure to back up via the CLI requires a TFTP server running somewhere, and an SSH client.  A method that has been dfound to work acceptably is to run the TFTP server and the SSH client on the same laptop, connecting the laptop to the management network on the Netscreen.

Steps:
   1. connect the laptop the the Netscreen's management network interface
      * the following examples assume that the laptop is configured at 192.168.15.201/24.
   1. start the local tftp server on the laptop
   1. on the laptop, start an ssh client to 192.168.15.200 (method varies depending on laptop OS) and log in as root.
   1. to save a configuration (i.e. copy *from the netscreen to the laptop*):
      * <tt><big>save config to tftp 192.168.15.201 <em>local-filename-to-save</em></big></tt>
   1. to restore/upload a configuration (i.e. *from the laptop to the Netscreen, destroying the existing configuration*):
      * <tt><big>save config from tftp 192.168.15.201 <em>local-filename-containing-config-to-upload</em></big></tt>

A reset is not forced, so issue the command <tt><big>reset</em></big></tt> to force the device to load the new configuration.

---+++ Archive of saved configurations
There is an archive of Netscreen configurations in
<tt><big>sftp://<em>userid</em>@asimov/coregroup1/core/0-Networking/Netscreen%20Firewalls/Saved%20configurations</big></tt>.
Replace <tt><big><em>userid</em></big></tt> with your userid.  (Note:  there may be other ways to access this directory, but sftp is known to work.)
Topic revision: r9 - 2010-06-25 - TrevorGrove
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
Other Webs
My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images
Edit