Configuration Backups for Network Devices

How to use Custom Tags in Nectus

 

Step 1: Login to the Nectus portal with a valid credentials. Go to Settings -> General Settings -> Tags.

Graphical user interface, text, application, email Description automatically generated

Step 2: After clicking the Tags option, it will open a Tags modal with five tabs – SNMP Devices, Interfaces, WMI Servers, IP Monitors, Sites.

In this article, we’ll choose the IP Monitors and create 3 tags.

Graphical user interface, application Description automatically generated

Step 3: After clicking the Create button, we’ll get the Add IP Monitor Custom Tag Modal. Provide name and pick the input type from available three options: Type-In, Single Select, Multi Select.

Graphical user interface, application Description automatically generated

Step 3a: Type-in option allows the user to type the value of the tag as per their need in text form.

Step 3b: Single Select option allows the user select only one tag value at the time of assignment.

Graphical user interface, text, application, email Description automatically generated

Step 3c: Multi Select option allows the user select one or more value at the time of assignment.

Graphical user interface, text, application, email, website Description automatically generated

Step 4: Here, for the demo purposes, we had created 3 tags as shown below.

Graphical user interface, text, application, email Description automatically generated

Step 5: Now, let’s define values for custom tags in the existing IP Monitor. Right-click on selected IP and go to the Properties.

Graphical user interface, text, application Description automatically generated

Step 6: Select the Tags tab from the Edit IP Monitor modal and fill the Tags Values accordingly.

Graphical user interface, application Description automatically generated

 

Catalyst 4500 Series Switch IOS NetFlow Configuration
——————————————————————-

switch(config)# ip flow ingress
switch(config)# ip flow ingress infer-fields
switch(config)# ip flow-export destination <Nectus IP address> 2055
switch(config)# ip flow-export source Loopback0
switch(config)# ip flow-export version 9
switch(config)# ip flow-cache timeout active 1
switch(config)# ip flow-cache timeout inactive 15

Cisco 3800 Series Router NetFlow Configuration
—————————-
Step 1. Define Flow Record format
router(config)# flow record NECTUS_NETFLOW_RECORD
router(config-flow-record)# description NetFlow record format to send to Nectus Netflow Collector
router(config-flow-record)# match ipv4 ttl
router(config-flow-record)# match ipv4 tos
router(config-flow-record)# match ipv4 protocol
router(config-flow-record)# match ipv4 source address
router(config-flow-record)# match ipv4 destination address
router(config-flow-record)# match transport source-port
router(config-flow-record)# match transport destination-port
router(config-flow-record)# match interface input
router(config-flow-record)# match flow direction
router(config-flow-record)# collect interface input
router(config-flow-record)# collect interface output
router(config-flow-record)# collect counter bytes
router(config-flow-record)# collect counter packets
router(config-flow-record)# collect timestamp absolute first
router(config-flow-record)# collect timestamp absolute last
router(config-flow-record)# collect routing source as
router(config-flow-record)# collect routing destination as

 

Step 2. Create Flow Exporter (Specify where NetFlow to be sent)
router(config)# flow exporter NECTUS_NETFLOW_EXPORTER
router(config-flow-exporter)# description Export NetFlow to Nectus
router(config-flow-exporter)# destination <Nectus IP address>
router(config-flow-exporter)# source Loopback0
router(config-flow-exporter)# transport udp 2055
router(config-flow-exporter)# export-protocol netflow-v9

 

Step 3. Create Flow Monitor (Bind Flow Record to the Flow Exporter)
router(config)# flow monitor NECTUS_NETFLOW_IPv4_MONITOR
router(config-flow-monitor)# record NECTUS_NETFLOW_RECORD
router(config-flow-monitor)# exporter NECTUS_NETFLOW_EXPORTER
router(config-flow-monitor)# cache timeout active 60

 

Step 4. Assign Flow Monitor to Selected Interfaces
Repeat this step for every interface you are interested collecting NetFlow for.
router(config)# interface TenGigE 1/1  (repeat for every interface that you need)
router(config-if)# ip flow monitor NECTUS_NETFLOW_IPv4_MONITOR input
router(config-if)# ip flow monitor NECTUS_NETFLOW_IPv4_MONITOR output

 

Step 5. Operation Validation
show flow record NECTUS_NETFLOW_RECORD
show flow monitor NECTUS_NETFLOW_IPv4_MONITOR statistics
show flow monitor NECTUS_NETFLOW_IPv4_MONITOR cache

Network Device Configuration Backup

Nectus version 1.2.51 introduced several enhancements for Network Device Configuration backup procedure.

User can now use different backup credentials and fully customizable backup scripts for different Device Views. This allows user to create different backup scripts for different vendors or different product lines with different CLI.

User can control what configuration information is included in configuration backup and include supplementary information such as hardware inventory info, current ports status and list of connected devices to a scheduled configuration backup process.

Creating Device View for Configuration Backups

Very first step in setting up your configuration backup is to create Device Views that will contain devices that require common Credentials and Configuration Scripts.

For example, you can create Device View that will contain all Cisco ASA Firewalls and Separate Device View that will contain all Cisco IOS Devices.

The reason those devices require separate Device Views is that Configuration Backup script differ for ASA and IOS devices.

Also use different Device View if devices require different login credentials.

To Create a Device Views, go to Inventory → Views → SNMP Device Views

 

Creating Login Credential Sets

Next step is to define your login credentials that will be used by Configuration backup engine to login to devices and executing Backup Scripts.

To Create a Backup login Credentials, go to:

Settings → Device Configuration Backups → Backup Credentials

Creating Backup Scripts

Next step is to create Backup Scripts that will be executed by backup engine once it is logged in to device.

Here is the example of sample Backup Script for Cisco ASA Devices:

config terminal

pager 0

show running-config

You can further enhance backup script by including for example hardware inventory information command: “show inventory” etc.

It is important to create a script that will generate all the information required for backup without pagination.

To Create Backup Scripts, go to:

Settings → Device Configuration Backups → Backup Scripts

In some cases, output generated by backup script may contain highly sensitive information that may not be desired to be stored anywhere.

For cases like this Nectus offers “exclusion rules” option in Configuration Script definition where you can define which config lines must be excluded from the text before it is stored in database.

You can use RegEx syntax to define those exclusion rules.

Creating Backup Jobs

Next step is to create a Backup Job definition where you can combine Device View with specific Backup Credential Set and Backup Script.

To Create Backup Jobs, go to:

Settings → Device Configuration Backups → Backup Jobs

Enable Config Backup, Set Time and Miscellaneous Settings

And final step is to define time for scheduled backup and to turn it ON.

To set a time for Configuration Backup, go to:

Settings → Device Configuration Backups → Schedule

 

To enable configuration Backup go to:

Settings → Device Configuration Backups → General Settings

 

Additional Backup Parameters are available on “Backup Parameters” Tab where you can control for how long the backup files should be stored in DB

and whether you want you to backup up configuration if it has not changed since the last time it was backed up.

 

Note: Backup engine attempts SSH connection first and if SSH connection fails it will attempt a Telnet.

 

This post will cover the configuration backup and change tracking features available in Nectus.
Nectus provides the ability to back up the configuration of the devices discovered, on a scheduled basis and manually.
Nectus comes with some default settings regarding the configuration backup and for others administrator input is required.
This is the configuration backup settings menu:

Multiple tabs on the menu allows you to specify some parameters like what to be backed up and for how long to keep a configuration backup:

Or how often and when the automatic backup should happen:

The next two tabs are for telnet protocol configuration:

And ssh protocol configuration:

The remaining two tabs allows the administrator to use custom specific scripts for backup (in case you would like to perform partial backup for instance).
Nectus must connect to the device using a valid username/password combination on that device.
If the username/password exist on the device, then it must be fed to Nectus.
This is where you set this up:

And these are the input values required

Once this is done, you can backup configuration per device, per group of devices (vendor, platform, model) or for all devices.
This is how you can backup a group of devices, which in this case is the same as all the devices are backed up (this is because there are only Cisco devices in the topology):

From the inventory menu, you can see the successful backups and the failed backups.
If the backup failed, then you would see like this:

You can see the reason it failed, which in this is because Nectus could not establish a telnet or SSH connection to the device:

If the backup is successful, the device configuration should show up:

Clicking on any of the files, you will see the configuration of the device at the time configuration backup was triggered:

Each device context menu has a configuration backup section where you can perform various actions:

You can backup the configuration, view the running configuration:

Or you can view the archive of all the device backups:

Further on, you can compare two backup files to see what has changed.
They do not need to be consecutive backups. Here, “auto-cost reference-bandwidth” was configured on the device:

Another useful feature is the tracking change feature which shows the changes between two consecutive backups.
You select the newer backup and Nectus will show what has changed since the previous backup was taken:

In case there are backups that were taken before Nectus was deployed and you would like to see what are the changes between those configurations and the ones taken by Nectus,
you have the possibility to compare the Nectus backups with the external files. You can even compare two external configuration backups with the help of Nectus.
Another useful feature that is related to configuration backup, is the report that tracks the devices whose configuration was not saved after the last change.

You can trigger this report like this:

You can specify if you want to send the report to an email address and if you also want to keep this report for auditing purposes:

And the report looks like this:

Keep in mind that the time you see in the report is the uptime of the router. For instance, in the above example,
the device configuration was saved last time when the router had an uptime of 1h47m
and the last configuration change was done when the router had an uptime of 1h50m.
And this would pretty much all about configuration backup and change tracking in Nectus and how it can help you to save your configurations and see
what has changes from one backup to the next one or any other backup.