cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3108
Views
0
Helpful
21
Replies

Backing Up Cisco IOS CA Router using EEM

JHaynes4
Level 1
Level 1

I have been using the EEM to backup a Cisco IOS CA routers critical files to an ftp server. However, I would like to also backup the .cnm files as well but as the numbers of the change constantly due to certificate renewal I can't name them all. Is it possible to use a wildcard (*.cnm) and loop the routine until it is done?

1 Accepted Solution

Accepted Solutions

No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:

event manager directory user policy flash:/policies

event manager policy tm_ca_backup.tcl

View solution in original post

21 Replies 21

Joe Clarke
Cisco Employee
Cisco Employee

Yes this is possible using glob. I wrote a simple little Tcl snippet to do this which I posted in this thread:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde3b88/0#selected_message

It should plug right into an EEM Tcl policy, but if you require more help adapting this to EEM, let me know.

Thanks for the quick reply. I am no TCL guru by any stretch of the imagination. In looking at the thread you linked I see two TCL snippets:

set fileList [glob -directory flash: -nocomplain *]

foreach file $fileList {

copy flash:/$file usbflash1:/$file

}

**************************************************************

set fileList [glob -directory flash: -nocomplain *]

foreach file $fileList {

copy $file usbflash1:

}

I'm not sure which one I should use. My use of EEM is limited to the action cli commands so I'm not sure how I would plug this into EEM.

You would use the second example as the $file variable will have the file system name in it. What does your current EEM backup policy look like?

OK, thanks for the clarification. Here is what I use now:

event manager applet CA_Backup

event timer cron cron-entry "0 3 * * 0-6"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "file prompt quiet"

action 4.0 cli command "end"

action 5.0 cli command "copy nvram:ST_3825_CA#1CA.cer ftp://10.111.1.127/"

action 5.1 cli command "copy flash:ST_3825_CA.ser ftp://10.111.1.127/"

action 5.2 cli command "copy flash:ST_3825_CA.crl ftp://10.111.1.127/"

action 5.3 cli command "copy flash:ST_3825_CA_00001.p12 ftp://10.111.1.127/"

action 5.4 cli command "copy flash:DMVPN-CA-Key.pub ftp://10.111.1.127/"

action 5.5 cli command "copy flash:DMVPN-CA-Key.prv ftp://10.111.1.127/"

action 5.6 cli command "copy nvram:startup-config ftp://10.111.1.127/"

action 6.0 cli command "config t"

action 7.0 cli command "no file prompt quiet"

action 8.0 cli command "end"

This new Tcl policy should do what you want.

Thanks, Joe I could have typed for a few years and never developed this. Forgive my ignorance but do I just paste this into the config?

No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:

event manager directory user policy flash:/policies

event manager policy tm_ca_backup.tcl

You should write a book on TCL for Cisco. :-) Thanks for all your help. I will try implementing this today.

Does/Can the latest LMS back up Tcl scripts, or is that feature on the road map? What is Cisco's recommended practice for backing up flash-based files such as this?

No, LMS does not backup arbitrary flash files like it does with vlan.dat. There is discussion about some more EEM management in LMS for a future release.

In the EEM space, we recommend you keep local backups of all your policies, but this must be done manually, or by using another EEM policy to do it.

Hi Joe,

The script you created worked great the first night but it has failed the last two nights in a row. When I go on the ftp server I can see that it fails at exactly the same file. The file is available and the permissions are OK so I am not sure what the issue might be. Can you help?

I've attached the error log.

Thanks...

What do you see if you try to copy this file manually to the FTP server?

Thanks for the quick reply Joe. I just ftp'd manually without issue:

ST_3825_CA#copy flash:C.cnm ftp://10.111.1.127/

Writing C.cnm !

115 bytes copied in 0.040 secs (2875 bytes/sec)

Okay, then change the first line of the script, and add:

maxrun 600

Then unregister and re-register the policy, and it should work going forward.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: