How to import configuration via SFTP?

Veit
Veit Posts: 21  Freshman Member
First Anniversary 10 Comments Friend Collector
edited August 2022 in Switch
Hi guys,

I would like to upload configuration files to my XGS2210 switches (firmware 4.50) via SFTP but I can't figure out the correct way to do this.

Example:

I back up a configuration from a switch via SFTP:

$ sftp admin@1.2.3.4
admin@1.2.3.4's password:
Connected to 1.2.3.4.
sftp> get /config backup_switchname_2018-03-20.config
Fetching /config to backup_switchname_2018-03-20.config
/config                                            100% 6572     6.4KB/s   00:00
sftp> bye
$

Now the switch is defective and I would like to restore the configuration saved earlier onto another switch, and do:

$ sftp admin@192.168.1.1
admin@192.168.1.1's password:
Connected to 192.168.1.1.
sftp> put backup_switchname_2018-03-20.config /config
Uploading backup_switchname_2018-03-20.config to /config
backup_switchname_2018-03-20.config                100% 6572     6.5KB/s   00:00   
Connection closed
$

As the SFTP connection is closed immediately after upload, I expected that the switch reboots into the new configuration, but it does not. So I tried uploading the config again and followed by either "write memory", "boot config 1", "reload config 1" and combinations of that, in order to activate the config I just uploaded -- but without success.

However, uploading the config via HTTPS works as expected and is currently my unloved fallback, but I would like to streamline and automate initial configuration and recovey via SSH/SFTP.

What is the correct workflow for uploading a configuration via SFTP?

Best regards,
// Veit

«1

Comments

  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    Hi @Veit,

    Welcome to Zyxel community.

    I have followed your description on my XGS2210, the following is my screenshot: (I use SFTP via Windows cmd )
    I create VLAN 2 in the backup configuration and restore it back to the switch via SFTP.
    I also connect a console cable from my PC to the switch, the following is what I see from the console port.


    Therefore, I recommend you may connect a console cable to see if you see "Finish restore configuration" after you restore the configuration.
    You may also use "show logging page" to check if there is any system log related to restoring.
    IN system: Restore system configuration successfully<br>IN system: Save system configuration<br>IN system: Now, start restoring system configuration

    Hope it helps.
    Jason
  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Jason,

    thank you for your fast response.

    Unfortunately this does not work for me, but your logging hint shows that something is going wrong, though sadly not the reason itself:

    Importing a configuration file via SFTP logs the following lines:

    ---
         1 Mar 21 11:35:47 DE interface: Port 1 - LAN link up
         2 Mar 21 11:35:44 ER system: Restore system configuration failed
         3 Mar 21 11:35:44 IN system: Line:1 Error:Syntax Command:vlan 10
         4 Mar 21 11:35:44 DE interface: Port 1 - LAN link down
         5 Mar 21 11:35:43 IN system: Now, start restoring system configuration
    ---

    Whereas importing the exact same configuration file via web interface succeeds:

    ---
         1 Mar 21 11:38:25 NO system: Gets the time and date from a time server successfully
         2 Mar 21 11:38:20 DE interface: Port 1 - LAN link up
         3 Mar 21 11:38:18 DE interface: Port 1 - LAN link down
         4 Mar 21 11:38:17 DE interface: Port 1 - LAN link up
         5 Mar 21 11:38:15 IN system: Restore system configuration successfully
         6 Mar 21 11:38:04 IN system: Save system configuration
         7 Mar 21 11:38:00 DE interface: Port 1 - LAN link down
         8 Mar 21 11:38:00 IN system: Now, start restoring system configuration
    ---

    As I could not find anything wrong with the configuration file, I played with unix2dos and dos2unix to convert line endings, and I scanned the file for special characters or whatsoever, but all without success.

    To ensure that nothing is wrong with my configuration file, I finally reset the switch to factory defaults, downloaded the default configuration via SFTP and uploaded it again -- and even this fails:

    ---
    $ ssh admin@192.168.1.1
    admin@192.168.1.1's password:
    Copyright (c) 1994 - 2017 Zyxel Communications Corp.
    XGS2210# show running-config
      Building configuration...

      Current configuration:

    vlan 1
      name 1
      normal ""
      fixed 1-28
      forbidden ""
      untagged 1-28
      ip address 192.168.1.1 255.255.255.0
    exit
    interface route-domain 192.168.1.1/24
    exit
    XGS2210# show logging
         1 Jan 01 00:01:23 IN authentication: SSH user admin login [IP address = 192.168.1.2]
         2 Jan 01 00:01:21 NO system: System cold start
         3 Jan 01 00:01:21 IN system: Image 1 F/W version V4.50(AAZJ.0) | 09/08/2017 boot up
         4 Jan 01 00:01:21 AL system: System has reset without management command
    ---

    Now in another tab I downloaded config:

    ---
    $ sftp admin@192.168.1.1
    admin@192.168.1.1's password:
    Connected to 192.168.1.1.
    sftp> get config
    Fetching /config to config
    /config                                         0%  341     0.3KB/s 27:19:59 ETA
    sftp> bye
    ---

    I cleared logging for easier debugging:

    ---
    XGS2210# clear logging
    ---

    And uploaded the config (without any change) again:

    ---
    $ sftp admin@192.168.1.1
    admin@192.168.1.1's password:
    Connected to 192.168.1.1.
    sftp> put config
    Uploading config to /config
    config                                        100%  341     0.3KB/s   00:00   
    Write failed: Broken pipe
    Connection closed
    ---

    But the same problem occured again:

    ---
    XGS2210# show logging
         1 Jan 01 00:03:03 DE interface: Port 1 link up
         2 Jan 01 00:03:01 ER system: Restore system configuration failed
         3 Jan 01 00:03:00 IN system: Line:6 Error:Syntax Command:vlan 1
         4 Jan 01 00:02:59 DE interface: Port 1 link down
         5 Jan 01 00:02:59 IN system: Now, start restoring system configuration
    XGS2210#
    ---

    This is the config downloaded from switch:

    ---
    ; Product Name = XGS2210-28
    ; Firmware Version = V4.50(AAZJ.0) | 09/08/2017
    ; SysConf Engine Version = 1.2
    ; Config last updated = = 00:00:00 (UTC) 2016-01-01

    vlan 1
      name 1
      normal ""
      fixed 1-28
      forbidden ""
      untagged 1-28
      ip address 192.168.1.1 255.255.255.0
    exit
    interface route-domain 192.168.1.1/24
    exit
    ---

    During firmware upgrade from 4.40 (factory image) to 4.50, the release notes PDF states that an "configuration upgrade" shall be performed by uploading a .rom file to /rom-0 on the switch via FTP, but /rom-0 does neither exist when accessing the switch using FTP nor SFTP, so I assumed this only applies to switches other (maybe bigger) than XGS2210. On my switch I only see "config", "ras-0" and "ras-1", and trying to upload the .rom file to /rom-0 returned an error message.

    Might this be the root of this problem?

    Thank you in advance for your help.

    Best regards,
    // Veit
  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Update:

    Via SFTP instead of FTP I was able to upload the .rom file to /rom-0 without error. I rebooted the switch using "boot config 1" and tried to upload the config file again, but the error persists:

    ---
    $ sftp admin@192.168.1.1
    admin@192.168.1.1's password:
    Connected to 192.168.1.1.
    sftp> ls -l
    -rw-rw-rw-   1 owner    group        33554432 Jul 01 12:00 config
    --w--w--w-   1 owner    group         7338278 Jul 01 12:00 ras-0
    --w--w--w-   1 owner    group         7338278 Jul 01 12:00 ras-1
    sftp> put 450AAZJ0C0.rom rom-0
    Uploading 450AAZJ0C0.rom to /rom-0
    450AAZJ0C0.rom                                             100% 1280KB 142.2KB/s   00:09   
    sftp> Write failed: Broken pipe
    sftp> bye
    ---

    Cleared logging and issued reboot...

    ---
    $ sftp admin@192.168.1.1
    admin@192.168.1.1's password:
    Connected to 192.168.1.1.
    sftp> put config
    Uploading config to /config
    config                                                                100%  341     0.3KB/s   00:00   
    Write failed: Broken pipe
    Connection closed
    ---

    ---
    XGS2210# show logging
         1 Jan 01 00:01:37 DE interface: Port 1 link up
         2 Jan 01 00:01:35 ER system: Restore system configuration failed
         3 Jan 01 00:01:35 IN system: Line:6 Error:Syntax Command:vlan 1
         4 Jan 01 00:01:33 DE interface: Port 1 link down
         5 Jan 01 00:01:33 IN system: Now, start restoring system configuration
         6 Jan 01 00:01:28 IN authentication: SSH user admin login [IP address = 192.168.1.2]
         7 Jan 01 00:01:22 NO system: System cold start
         8 Jan 01 00:01:22 IN system: Image 1 F/W version V4.50(AAZJ.0) | 09/08/2017 boot up
         9 Jan 01 00:01:22 NO system: System has reset due to a management command
    XGS2210#
    ---

  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Jason,

    uploading the configuration file via FTP works, too (but is not applicable as we need to disable FTP):

    ---
        28 Jan 02 03:45:27 DE interface: Port 1 link up
        29 Jan 02 03:45:24 DE interface: Port 1 link down
        30 Jan 02 03:45:23 DE interface: Port 1 link up
        31 Jan 02 03:45:21 IN authentication: FTP user admin logout [IP address = 192.168.1.2]
        32 Jan 02 03:45:21 IN system: Restore system configuration successfully
        33 Jan 02 03:45:13 IN system: Save system configuration
        34 Jan 02 03:45:10 DE interface: Port 1 link down
        35 Jan 02 03:45:10 IN system: Now, start restoring system configuration
        36 Jan 02 03:44:55 IN authentication: FTP user admin login [IP address = 192.168.1.2]
    ---

    I tried various versions of OpenSSH sftp tool, as yours on Cygwin seems to work correctly, but the results remain the same. I tried without success:

    - version 7.4p1-13.el7_4 as shipped with CentOS 7.4 x86_64
    - version 6.6.1p1-25.el7_2 as shipped with RedHat Enterprise Linux 7.2 x86_64
    - version 6.1p1 built from vanilla sources

    Regards,
    // Veit
  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Uploading the file via curl (built against libssh2 for SFTP support) instead of using OpenSSH sftp fails equally:

    ---
    -(~:$)-> curl --upload-file config sftp://admin:1234@192.168.1.1/config
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   338    0     0  100   338      0    147  0:00:02  0:00:02 --:--:--   147
    100   338    0     0  100   338      0    147  0:00:02  0:00:02 --:--:--   147
    ---

    ---
         2 Jan 02 04:20:47 DE interface: Port 1 link up
         3 Jan 02 04:20:45 ER system: Restore system configuration failed
         4 Jan 02 04:20:44 IN system: Line:5 Error:Syntax Command:vlan 1
         5 Jan 02 04:20:42 DE interface: Port 1 link down
         6 Jan 02 04:20:42 IN system: Now, start restoring system configuration
         7 Jan 02 04:20:39 IN authentication: SSH user admin login [IP address = 192.168.1.2]
    ---

  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Jason,

    could you be so kind to test restoring config using SFTP on an actual XGS2210-28?

    As I can reproduce this problem across different SFTP clients on different computers with different OS, but it works for you, the most striking difference seems to be that I am on XGS2210-28 but you tested on a PoE+ model of this series.

    This leads me to the assumption, that this might be a bug in the model-specific firmware for my model. Although I run 27 ZyXEL switches so far, unfortunately all of them are XGS2210-28.

    Best regards,
    // Veit
  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    Hi @Veit,

    Sorry for the late response.

    I have reproduced the same symptom on my XGS2210-28HP via SFTP by using Linux OS.
    Our internal team will verify it and I will update on the forum once I get the result.
    During this time, hope you may use HTTPS first to restore your configuration.

    Thanks.
    Jason
  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Jason,

    thanks for your reply. I will patiently wait for the results, but I would like to add that I successfully updated the firmware of all our ZyXEL switches using SFTP from the same clients that I try to use to restore the config from, and I experienced not a single problem with firmware transfers.

    Could you please provide information on whether updating the .rom file from firmware releases is required and what it does? Just because updating the firmware through the web interface does not request a .rom file at all and until yesterday I assumed that the XGS2210-28 doesn't even take it as in SFTP/FTP no /rom-0 or /rom-1 is shown. I would have to schedule a change to update and reboot the switches that are in production at the moment.

    Thank and regards,
    // Veit
  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    Hi @Veit,

    Note: We will update the release note this reset configuration part in the next firmware release.
    Uploading .rom file to XGS2210 series via SFTP/FTP is the way to reset the configuration to factory default.
    After uploading the .rom file successfully, the Switch needs a reboot to complete the "reset factory default".

    XGS2210 series has dual ROM, but the uploading place is according to the running ROM.
    Therefore, there is only one command "put <.rom file> rom-0" to upload the file.
    EX: Although you are running image 2, the command still is "put <.rom file> rom-0".

    Hope it helps.

    Jason
  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Jason,

    thank you very much. Thank goodness I did not "update" rom-0 on the production switches... ;)

    Thanks,
    // Veit