Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to backup vlan.dat file

I want to backup the vlan.dat file from switches without using the Enable password 15. With TFTP, it doesn't work. Using a script with cisco-flash mibs it's OK but not included in Ciscoworks. Another way would be using SNMPV3 but not successful. Also, using ACS and a user with level 3 priviledges allows to launch some commands but we get an error message. So any idea?

6 REPLIES
Cisco Employee

Re: How to backup vlan.dat file

LMS 2.5 will do an "enable 15" and fail if the privilege level is not 15. Earlier versions of LMS did not use the "15" modifier. While you might not like LMS logging in with enable 15 access, you could use ACS plus command authorization, and limit which commands your LMS user can actually run. That is, assume you have a user lmsuser. This user can login to the device, and will automatically get level 15 access, but this user will only be able to run certain commands. In particular, it needs to be able to run "term length 0", "show privilege", and "copy flash:vlan.dat tftp:".

New Member

Re: How to backup vlan.dat file

Thanks for your quick answer.

I don't use authorization of tacacs commands because it keeps a configuration that depends on ACS.

In fact I use Radius authorization with "aaa authorization exec default ...." That allows to use the priv-lvl=3

So I would prefer SNMPV3 mechanism. My question is: is it possible that way?

Regards

guy

Cisco Employee

Re: How to backup vlan.dat file

Not with RME. RME must be able to use an interactive login to copy the vlan.dat to a TFTP server.

Silver

Re: How to backup vlan.dat file

AFAIK if more security is required, it can also be done with ssh and scp, but using an interactive login on the machine.

Cheers,

Michel

Cisco Employee

Re: How to backup vlan.dat file

If you mean via RME, yes you can use SSH as the interactive login protocol, but the copy operation always happens over TFTP (i.e. copy flash:vlan.dat tftp:). The only daemon we know will be available on the server on both Windows and Solaris for configuration purposes is tftp (software upgrades can assume an rcp daemon running on the server).

New Member

Re: How to backup vlan.dat file

Thanks. To be more precise, the Cisco equipments will be outsourced but these people will not have to know the enable password level 15, it's why I was about determining that SNMPV3 could be the best solution

guy

3258
Views
13
Helpful
6
Replies