Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8717
Views
13
Helpful
6
Replies

How to backup vlan.dat file

gbrillard
Level 1
Level 1

‎06-13-2006 07:24 AM

I want to backup the vlan.dat file from switches without using the Enable password 15. With TFTP, it doesn't work. Using a script with cisco-flash mibs it's OK but not included in Ciscoworks. Another way would be using SNMPV3 but not successful. Also, using ACS and a user with level 3 priviledges allows to launch some commands but we get an error message. So any idea?

Labels:
0 Helpful
6 Replies 6

Joe Clarke
Cisco Employee
Cisco Employee

‎06-13-2006 09:33 PM

LMS 2.5 will do an "enable 15" and fail if the privilege level is not 15. Earlier versions of LMS did not use the "15" modifier. While you might not like LMS logging in with enable 15 access, you could use ACS plus command authorization, and limit which commands your LMS user can actually run. That is, assume you have a user lmsuser. This user can login to the device, and will automatically get level 15 access, but this user will only be able to run certain commands. In particular, it needs to be able to run "term length 0", "show privilege", and "copy flash:vlan.dat tftp:".

gbrillard
Level 1
Level 1
In response to Joe Clarke

‎06-14-2006 11:20 AM

Thanks for your quick answer.

I don't use authorization of tacacs commands because it keeps a configuration that depends on ACS.

In fact I use Radius authorization with "aaa authorization exec default ...." That allows to use the priv-lvl=3

So I would prefer SNMPV3 mechanism. My question is: is it possible that way?

Regards

guy

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to gbrillard

‎06-14-2006 12:12 PM

Not with RME. RME must be able to use an interactive login to copy the vlan.dat to a TFTP server.

miheg
Level 5
Level 5
In response to Joe Clarke

‎06-14-2006 09:19 PM

AFAIK if more security is required, it can also be done with ssh and scp, but using an interactive login on the machine.

Cheers,

Michel

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to miheg

‎06-14-2006 09:42 PM

If you mean via RME, yes you can use SSH as the interactive login protocol, but the copy operation always happens over TFTP (i.e. copy flash:vlan.dat tftp:). The only daemon we know will be available on the server on both Windows and Solaris for configuration purposes is tftp (software upgrades can assume an rcp daemon running on the server).

gbrillard
Level 1
Level 1
In response to Joe Clarke

‎06-14-2006 09:58 PM

Thanks. To be more precise, the Cisco equipments will be outsourced but these people will not have to know the enable password level 15, it's why I was about determining that SNMPV3 could be the best solution

guy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents