To retrieve configurations with TFTP servers
The initial communication between ENA and a device is through Telnet, and SSH using a command line access credential set specified in ENA. All required executables are included in the package and installed in the appropriate location.
However, configuration retrieval is through a separate transfer mechanism, using FTP, SCP, RCP or TFTP. The mechanism details are specified through a step definition in the task.
Requirements:
- the Entuity server must be running the transfer server.
- a device must have the credentials to access the transfer server.
- although you can use multiple types of transfer servers at the same time, they must all use the same transfer directory.
- the transfer directory must be the same as that set during configure.
To retrieve configurations with TFTP servers:
Before you can use configuration management, a transfer server must be configured and running. Configuration management can be used with the leading TFTP servers.
In Linux environments, consult with your system administrator on a suitable TFTP server. In Windows environments, the ENA ISO image includes a suitable open source TFTP server, OpenTFTPServer. OpenTFTPServer is not installed by ENA configure.
Note, TFTP does not have an authentication mechanism, and the configuration files require global read and write permissions. Placing the TFTP root directory under the web root is a security risk, and Entuity advises against doing this.
To set up OpenTFTPServer:
- Install the TFTP server to the same machine as the Entuity server. From entuity_home\integ\TFTPServer, double click on TFTPServerMTInstallerv1.61.exe.
- Through the wizard, specify the location of the TFTP server, and click Next.
- The Installer will then display the GNU General Public License. Click Next to accept the license terms and install the server. The installer will then display the install complete dialog.
- Configure the TFTP server.
- Navigate to the TFTP server folder and edit TFTPServerMT.ini:
- in the [HOME] section, set the directory to which the TFTP server does the initial saving of the configuration file. This must be the same as the Transfer Directory defined through configure, for example c:\entuity\cm_transfer. When not set, the TFTP server writes these files to the same folder as the TFTP server executable.
- in the [TFTP-OPTIONS] section, set the file operation permissions to allow writing to these folders.
- Navigate to the TFTP server folder and edit TFTPServerMT.ini:
Please see this article for examples of TFTP server configurations.
To set up an FTP server:
ENA configuration management does not include an FTP server, but would work with the leading FTP servers, e.g. Microsoft IIS FTP (Windows), vsftpd (Linux).
Requirements when using an FTP server:
- it must be configured to place device configurations in the same transfer directory as specified during configure.
- it must have full access rights to the directory.
- when you have a running FTP server on the Entuity server machine, you must ensure each device from which you want to receive configuration can access the FTP server.
To preconfigure Cisco devices for FTP access:
Before you can use FTP on devices that require command line delivery of credentials, you must configure the device. For example:
R837#config terminal
R837(config)#ip ftp username EYEAccess
R837(config)#ip ftp password EYEPassword
R837(config)#end
To manage FTP access to non-Cisco devices:
FTP server credentials are specified through the lcm section of entuity.cfg, and apply to non-Cisco devices. The default settings are:
[lcm]
FTPUsername=EYEAccess
FTPPassword=EYEPassword
where:
- [lcm] is the section name.
- FTPUsername identifies the FTP server account, by default anonymous.
- FTPPassword identifies the account password, by default EYE.
To run transfer servers:
Although ENA configuration management is configured to work with the specified transfer server, it does not check that the server is running when attemtping a retrieval. If the server is not runnng, the retrieval fails and ENA raises CM Running Configuration Retrieval Failed and CM Startup Configuration Retrieval Failed events.
Note, the Entuity server must also support the mechanism used to access the device, e.g. Telnet, SSH.
To run OpenTFTPServer:
You can install and run OpenTFTPServer as a standalone process, or as a service:
- when first installing and testing configuration management, you may want to run OpenTFTPServer as a standalone process to easily view its command line information and error messages.
- in a production environment, running OpenTFTPServer as a service ensures it runs when ENA runs, for example that it is available after restarting the server machine.
To run OpenTFTPServer as a standalone process:
- From \Program Files (86)\TFTPServer\RunStandaloneMT.bat.
OpenTFTPServer displays a summary of its configuration and its state of accepting requests. OpenTFTPServer also displays the receiving of configuration files.
Comments
0 comments
Please sign in to leave a comment.