TWiki> CF Web>TutorialsStartingPoint>NetworkTutorial3 (revision 7)EditAttach

Tutorial 3: Configuration backup and restore

HP switches

* To backup the configuration file:
  1. You will need to backup to a tftp server that is accessible from the control vlans 1810 and 1812 typically vlan 15 will work.
  2. WARNING! DO NOT USE Windows Hyperterminal. HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
  3. to backup to your switch configuration to a tftp server login as with administrator name and password
  4. type: copy startup-config tftp <tftp-ip-address> <filename.cfg>

* To RESTORE a HP switch configuration file:

  1. You will need to restore the configuration file from a tftp server that is accessible from the control vlans 1810 and 1812 typically vlan 15 will work.
  2. WARNING! DO NOT USE Windows Hyperterminal. HP technical support states that backing up or restoring the configuration files will appear to be ok but WILL FAIL when you try to restore them. Hyperterminal inserts invalid characters in the file.
  3. Telnet or ssh into switch with adminstrator name and password
  4. type: copy tftp startup-config <tftp-ip-address> <filename.cfg>
  5. Type yes to reboot switch when configuration file has been reloaded.

Netscreen firewalls

Outline: The preferred procedure uses the embedded web-server in the Netscreens. The CLI procedure is shown below.

Web procedure

The basic process to restore a saved procedure is:
  • If moving a configuration, save the current configuration. If not possible, look in the archive of saved configurations (details below).
  • place the configuration to be restored onto a laptop
  • set up the laptop on the same network as the management port on the target Netscreen
  • connect to the embedded web-server on the target, and upload the configuration
You should read the entire section before proceeding. If you have problems, see the "Potential problems" section for a possible solution.

You will need to know the root password for the Netscreens. See the password cardfile in the key vault, under "Netscreen".

Save current configuration

If the source device is responsive on the standard network, log onto the embedded web-server and navigate to Configuration--Update--ConfigFile. Click the "Save to File" buttons and follow the prompts.

If the device is not responsive, you can try connecting a laptop directly to the management ethernet port on the device. It is configured as 192.168.15.200/24, so set up the laptop statically for any other address on that network (the device does not provide DHCP on the management network, so you have to use a static configuration).

The address of the embedded web-server would be "http://192.168.15.200". Navigate to Configuration--Update--ConfigFile and "Save to File".

Archive of saved configurations

There is an archive of Netscreen configurations in sftp://userid@asimov/coregroup1/core/0-Networking/Netscreen%20Firewalls/Saved%20configurations. Replace userid with your userid. (Note: there may be other ways to access this directory, but sftp works for me.)

Copy configuration to laptop

Once you have a configuration, copy it to a laptop of other network device that is connected to the management network on the target Netscreen.

Connect to the target Netscreen

The management port on the target Netscreen will be configured as 92.168.15.200/24. Statically configure the laptop (or other device) with the configuration as any other address on that network.

Upload the configuration

Log into the embedded web-server on the target device using address "http://192.168.15.200/". Navigate to Configuration-Update--ConfigFile.
  1. Click "Replace Current Configuration"
  2. Browse to the location of the configuration file on the local system
  3. Click "Apply".
This will force a re-boot of the device with the new configuration

Potential problems

The embedded web-server software on the firewalls is very sensitive to the version of web-browser and JavaScript. In particular, https is known to work only with IE version 6. For other software, you will have to use http. This is less than desirable, but in the case of the management port it is not a significant problem -- the network is not viewable by anyone else, so there is no risk in using a password over an unencrypted channel.

CLI procedure

  • tftp server
  • save config to tftp
  • save config from tftp
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r7 - 2010-06-22 - TrevorGrove
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback