1. Home
  2. Network Monitoring and Management
  3. Network Configuration Management

Network Configuration Management

Domotz allows to easily backup and restore configuration of a number of networking devices.

In particular, Domotz allows to:

  • automatically back-up configuration
  • manually back-up specific configuration
  • compare across different versions
  • getting alerted if something changes
  • getting notified if running configuration is different from the saved one
  • restore previous saved configuration
  • upload and update the device with a new configuration

Major brands such as Cisco, Luxul, FortiGate, WatchGuard are supported. View the complete list of supported devices on the Domotz Community.

Feature Access & Unlock

The feature is available in the Config section of certain network devices

Network Configuration Management 1

As a first step you would need to unlock the device, by providing SSH credential.

Notes for Cisco IOS series:

1) SSH server should be enabled
2) SNMP should be enabled
3) SCP should be enabled

4) You need to create a privilege level 15 user in order to make Domotz manage your device configuration files. To do this issue the following commands:

In order to create a user with privilege level 15 issue the following commands:
#conf t
(config)#username <username> privilege 15 password <password>

Note: There are two ways to complete this configuration depending on the type of authentication you are using:

Option 1 – If you do not have AAA authentication (“no aaa new-model” in your conf file), you need to issue the following commands:
(config)#line vty 0 15
(config)#login local
 
Option 2 – In case that you are using AAA authentication (aaa new-model in your config file), in order for the privilege 15 user to log in enable mode, you need to issue the following commands:
(config)#aaa authentication login default local
(config)#aaa authentication enable default enable
(config)#aaa authorization console
(config)#aaa authorization exec default local if-authenticated

5) If you get the “Read-only mode” error while unlocking your device, this is due to the archive functionality to be enabled and set to a local filesystem (for example ‘flash:’ or ‘bootflash:’).

This is used to perform auto-rollback on error. For more information please check: Prerequisites for Configuration Replace and Configuration Rollback.

You can enable it by issuing these commands on the IOS cli:
#configure terminal
(config)#archive
(config)#path flash:archive
(config)#write-memory

Notes for Cisco SG series:

1) SSH and SNMP should be enabled
2) Domotz need the usage of an admin account with privilege level 15 for this functionality
3) Add the following lines in the configuration file:
             – ip ssh password-auth   (mandatory)
             – no logging console (recommended) 

Note: SG200 is not yet supported, given that this model does not support ssh server

Notes for Luxul:

1) SSH and SNMP should be enabled
2) Domotz need the usage of an admin account with privilege level 15 for this functionality

Notes for FortiGate:

1) SSH and TFTP should be enabled
2) SSH account provided for unlocking must be super_admin or admin
3) The maximum limit for the configuration file is 5MB
4) Hash for passwords and other encrypted data may be shown as different when comparing configurations even if the password is the same
5) A firewall rule must allow TFTP traffic from the Domotz agent host to the FortiGate device. For further information please check TFTP Session Helper
6) The following configuration is needed for the correct interpretation of its configuration
config system console
set output standard
end

Notes for WatchGuard:

1) HTTPS (port 8080) is needed for the recognition
2) The maximum limit for the configuration file is 5MB
3) SSH and TFTP should be enabled.
4) We recommend having a separate SSH user for this feature since only one session per user is allowed at a time
5) A firewall rule must allow TFTP traffic from the Domotz agent host to the WatchGuard firewall.

Notes for Juniper:

1) SSH and SCP should be enabled
2) User must be super-admin or capable of restoring configuration

Notes for HP Aruba:

1) SSH and TFTP enabled
2) User must be admin
3) Access Points are in READ ONLY mode

If the device is successfully unlocked, the following screen is shown:

Network Configuration Management screenshot 2

In order to trigger the Domotz driver to discover configuration files, SNMP should be enabled on the Network appliance (and Domotz Agent should be able to access SNMP for that device). In this way, Domotz is able to correctly identify the device, and trigger the correct driver for configuration management purposes.

Automatic and Manual Backup

Domotz automatically backup the configuration of the device and shows the history of the last configuration files. The backup is executed every 6 hours, and a new version is only saved (and shown) if it differs from the previous version.

Moreover, Domotz allows the manual backup of the configuration file. A new version is created, regardless if it differs or not from the previously saved version:

Upload/Download/Remove Configuration files

Through the same interface, it is possible to upload a new configuration file (which can then be applied to the device). In addition, each saved configuration file can be locally downloaded.

Misalignment Error

If you get a Misalignment error it means that the Startup configuration file is different from the Running configuration file inside the device. It’s best practice to keep the Startup configuration file aligned with the Running configuration file. In fact, when you restore a configuration file from Domotz, we’ll replace both Startup and Running configuration files with the selected backup.

You can also set an alert on the misalignment error.

Note: It is possible to get a misalignment error with Cisco, Luxul, and HP Aruba.

Compare and Restore Configurations

Through the same interface, it is possible to upload a new configuration file (which can then be applied to the device). In addition, each saved configuration file can be locally downloaded.

Network Configuration Management 4
Updated on November 17, 2021

Was this article helpful?