10.2.8. Configuration management

Note

The procedure below cannot be executed with Brocade 5600 vRouter GUI.

10.2.8.1. Configuration save

1.Login
Login to Firewall by executing the command below.
$ ssh user-admin@192.168.1.10
Welcome to Brocade vRouter
user-admin@192.168.1.10's password:

Note

In this chapter, the address of Firewall whose configuration is intended to be saved is 192.168.1.10 .

2.Save configuration
Execute the command below, and copy the output results. Save the results in the text file of the working terminal.
$ user-admin@vyatta:~$ show configuration commmands
Example of the output results:
set interfaces dataplane 'dp0s3'
set interfaces dataplane dp0s4 address '192.168.1.7/24'
set interfaces dataplane dp0s5 address '192.168.2.7/24'
set interfaces dataplane 'dp0s6'
set interfaces dataplane 'dp0s7'
set interfaces dataplane dp0s8 address '192.168.5.3/24'
set interfaces dataplane dp0s9 address '192.168.6.3/24'
set interfaces dataplane 'dp0s10'
set interfaces dataplane 'dp0s11'
set interfaces loopback 'lo'
set protocols static route '0.0.0.0/0'
set protocols static route 192.168.3.0/24 next-hop '192.168.2.9'
set security firewall name 'IN_DUMMY'
set security firewall name 'IN_PROVIDER_MGMT'
set security firewall name 'OUT_DUMMY'
set security firewall name 'OUT_PROVIDER_MGMT'
set service 'https'
set service snmp community '1gjiYVzLXbHeJvt5'
set service 'ssh'
set system config-management commit-revisions '20'
set system login user 'provider-ctrl'
set system login user 'provider-dev'
set system login user 'provider-ope'
set system login user user-admin authentication encrypted-password '********'
set system login user user-read authentication encrypted-password '********'
set system login user user-read level 'operator'
set system syslog global facility all level 'warning'

10.2.8.2. Preparation for configuration restoration

To restore the configuration file that is saved in the step above, the following preparation is required.

1.Edit (delete) configuration

At the saved configuration, delete the command lines that reject any setting made by the user.
//1.IF名のみ設定している行
//2.addressを設定している行
set interfaces dataplane 'dp0s3'
set interfaces dataplane dp0s4 address '192.168.1.7/24'
set interfaces dataplane dp0s5 address '192.168.2.7/24'
set interfaces dataplane 'dp0s6'
set interfaces dataplane 'dp0s7'
set interfaces dataplane dp0s8 address '192.168.5.3/24'
set interfaces dataplane dp0s9 address '192.168.6.3/24'
set interfaces dataplane 'dp0s10'
set interfaces dataplane 'dp0s11'
set interfaces loopback 'lo'

//3.default routeを設定している行
set protocols static route '0.0.0.0/0'


//4.以下の特定のfirewall rule nameを設定している行
set security firewall name 'IN_DUMMY'
set security firewall name 'IN_PROVIDER_MGMT'
set security firewall name 'OUT_DUMMY'
set security firewall name 'OUT_PROVIDER_MGMT'

//5.https,snmp,sshのservice設定の行
set service 'https'
set service snmp community '1gjiYVzLXbHeJvt5'
set service 'ssh'

//6.以下の特定のlogin userの設定の行
set system login user 'provider-ctrl'
set system login user 'provider-dev'
set system login user 'provider-ope'
2.Edit (modify) configuration

Modify the command lines that are equivalent to password settings of the user account.
For each of user-admin and user-read, change the description “encrypted-password” to “plaintext-password”, and modify the part shown with asterisks to be the setting password.
//変更前のイメージ
set system login user user-admin authentication encrypted-password '********'
set system login user user-read authentication encrypted-password '********'

//変更後のイメージ(パスワードを"abcdefg","hijklmn"に指定)
set system login user user-admin authentication plaintext-password abcdefg
set system login user user-read authentication plaintext-password hijklmn

10.2.8.3. Configuration restoration

1.Login

Login to Firewall by executing the command below.
$ ssh user-admin@192.168.1.10
Welcome to Brocade vRouter
user-admin@192.168.1.10's password:

Note

As a prerequisite, it is assumed that Firewall which restores configuration files are created newly and its interface is connected with logical networks.
In this restoring procedure, it is assumed that rewriting will be made with the saved configuration settings. If there is any old configuration, etc., it is necessary to delete or modify them.
If intending to create a Firewall with another address such as 192.168.1.20 , modify the settings relating to the modified address such as firewall rules in advance.
2.Past the saved configuration

As turning to the configuration mode, execute the command below. When the prompt turns #, paste the saved configuration file.
user-admin@vyatta:~$ configure
[edit]
user-admin@vyatta#

Note

When any command contains what the user cannot set, the error message below may appear. In this case, please review the setting once again and modify it.

Configuration path: 「該当するコマンド」 is not valid access denied Set failed
3.Check the configuration gap

By executing the command below, confirm the designed configuration appears as gaps.
user-admin@vyatta# compare
Example of the output results:
user-admin@vyatta# compare
[edit protocols static]
+route 192.168.2.0/24 {
+       next-hop 192.168.1.100
+}
[edit protocols static]
-route 192.168.3.0/24 {
-       next-hop 192.168.1.101
-}
[edit]
user-admin@vyatta#

Note

By executing the compare command, the gaps between the previous configuration saved and the current configuration. The command added newly is shown with +, and the deleted command is shown with -.
If any unintended gap is shown, review the details of the configuration.
If there are some missing parts in the configuration, the command may fail to execute properly. In this case, the user needs enter the configuration setting once again, or get out from the configuration mode with the exit discard command in order to reset the restoring task.
4.Reflect the configuration

Execute the command below to reflect the settings.
user-admin@vyatta# commit

Note

By executing the commit command, the configuration which was pasted in the step 2 above will be reflected to Firewall’s memory.
If the execution of the commit command failed, specify failure causes and correct them.
When the command modifying the provider’s settings is executed and commit, the error message “Commit failed!” appears. Recheck the contents of the configuration that is intended to be pasted.
By rebooting Firewall, the modified configuration before saving can be back to the previous status.
5.Save the configuration.

By executing the command below, save the Firewall’s configuration.
user-admin@vyatta# save

Note

By executing the save command, the memory settings will be saved on the configuration file that is loaded at Firewall booting.
If Firewall is rebooted without the save command execution, its configuration will be back to the unmodified status.