Using expect scripts to backup your Cisco configuration

In this short howto I’ll explain how to use expect scripts with Cisco devices. In this example I’m going to use it to backup the current running configuration.
Requirements

A working tftp server

Expect

Lucky for us both requirements are available in all major distro’s.
The Debian/Ubuntu way:

sudo apt-get install tftp tftpd expect

Next on our todo list is configuring the tftp server. This should also be fairly easy:

# cat /etc/xinetd.d/tftp
service tftp
{
    protocol        = udp
    port            = 69
    socket_type     = dgram
    wait            = yes
    user            = nobody
    server          = /usr/sbin/in.tftpd
    server_args     = /tftpboot
    disable         = no
}

Restart your xinetd server when done.

# /etc/init.d/xinetd restart

Make sure the /tftpboot folder exists and is owned by user and group nobody:

# chown -R nobody:nobody /tftpboot

You should also create an empty file where you’d like to save your configuration and rerun the above command to adjust permissions.

# touch /tftpboot/config
# chown -R nobody:nobody /tftpboot

You should also create an empty file where you’d like to save your configuration and rerun the above command to adjust permissions.

# touch /tftpboot/config
# chown -R nobody:nobody /tftpboot

We can now test our newly configured tftpd server:
Create a new file in your home dir called config and put some random text in it.

# cat /home/user/config
test 12

# tftp
tftp> open localhost
tftp> put config
Sent 146 bytes in 0.0 seconds

# cat /tftpboot/config
test 12

Excellent! We’re ready to receive config files from the Cisco device.
Below you will find an example script:

#!/usr/bin/expect

## TomDV
## http://blog.penumbra.be/2010/02/expect-scripts-backup-cisco-config/

# ---------------- configuration ---------------- #
set device 192.168.0.100    # cisco device
set tftp 192.168.0.200      # tftp server
set user someuser           # username
set pass ultrasecret        # password
set config                  # config destination
set timeout 60

# -------------- do not edit below -------------- #
spawn telnet $device
expect "Password:"
send "$pass\n"
expect ">"
send "en\n"
expect "Password:"
send "$pass\n"

send "copy running-config tftp://$tftp/$config\n\n"
expect "$tftp"
send "\n"
expect "$config"
send "\n"
send "exit\n"

Save it anywhere you like and run it from the shell. You’ll see something like this in your logs:

user in.tftpd[22304]: connect from 192.168.0.200 (192.168.0.200)
user tftpd[22305]: tftpd: trying to get file: config
user tftpd[22305]: tftpd: serving file from /tftpboot

That’s it. Your current Cisco config has been saved to /tftpboot/config.
I wouldn’t recommend using this into production without proper firewalling. You can get the same results by using snmp. But that’s however a subject for another howto.