In this short howto I’ll explain how to use expect scripts with Cisco devices. In this example I’m going to use it to backup the current running configuration.
Requirements
Lucky for us both requirements are available in all major distro’s.
The Debian/Ubuntu way:
sudo apt-get install tftp tftpd expect
Next on our todo list is configuring the tftp server. This should also be fairly easy:
# cat /etc/xinetd.d/tftp service tftp { protocol = udp port = 69 socket_type = dgram wait = yes user = nobody server = /usr/sbin/in.tftpd server_args = /tftpboot disable = no }
Restart your xinetd server when done.
# /etc/init.d/xinetd restart
Make sure the /tftpboot folder exists and is owned by user and group nobody:
# chown -R nobody:nobody /tftpboot
You should also create an empty file where you’d like to save your configuration and rerun the above command to adjust permissions.
# touch /tftpboot/config # chown -R nobody:nobody /tftpboot
You should also create an empty file where you’d like to save your configuration and rerun the above command to adjust permissions.
# touch /tftpboot/config # chown -R nobody:nobody /tftpboot
We can now test our newly configured tftpd server:
Create a new file in your home dir called config and put some random text in it.
# cat /home/user/config test 12 # tftp tftp> open localhost tftp> put config Sent 146 bytes in 0.0 seconds # cat /tftpboot/config test 12
Excellent! We’re ready to receive config files from the Cisco device.
Below you will find an example script:
#!/usr/bin/expect ## TomDV ## http://blog.penumbra.be/2010/02/expect-scripts-backup-cisco-config/ # ---------------- configuration ---------------- # set device 192.168.0.100 # cisco device set tftp 192.168.0.200 # tftp server set user someuser # username set pass ultrasecret # password set config # config destination set timeout 60 # -------------- do not edit below -------------- # spawn telnet $device expect "Password:" send "$pass\n" expect ">" send "en\n" expect "Password:" send "$pass\n" send "copy running-config tftp://$tftp/$config\n\n" expect "$tftp" send "\n" expect "$config" send "\n" send "exit\n"
Save it anywhere you like and run it from the shell. You’ll see something like this in your logs:
user in.tftpd[22304]: connect from 192.168.0.200 (192.168.0.200) user tftpd[22305]: tftpd: trying to get file: config user tftpd[22305]: tftpd: serving file from /tftpboot
That’s it. Your current Cisco config has been saved to /tftpboot/config.
I wouldn’t recommend using this into production without proper firewalling. You can get the same results by using snmp. But that’s however a subject for another howto.