I don't know if it's the best way, but I have ours setup with a simple expect script. The script is setup to run as a job on the server every night at 1:00am. The script basically telnets to the switches and routers throughout the network and copies the configuration via tftp to a server and the tftp root directory on that server is setup as a website that can be accessed via our intranet from our admin network. Here is a sample of the expect script I'm using for our gear;
# Backup script for ACCESSW01
set timeout 15
set name "username"
set pass "password-for-user"
spawn telnet ACCESSW01
send "copy start tftp\r"
expect "ddress or name of remote host ?"
It is a rather simple approach although probably not best practice as the username and password are stored in plain text on a server. For a little added security I setup the user on our ACS server to only be able to run the command listed (copy start tftp) so that if the account were compromised the only command they could run is that. I have access-lists in place that denies tftp traffic to the outside so theoretically they could copy the configuration to an internal host which so far has not been an issue for us. Like I said before this is probably not the best solution but it works.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...