Hey Checkyourlogs fans,
As businesses increasingly rely on virtual environments and the cloud to store and manage data, backup and replication have become critical functions. Veeam Backup and Replication is a popular tool for backing up and replicating virtual environments. It includes running pre- and post-job scripts to execute custom commands before or after a backup or replication job.
If you use a Cisco Nexus 9200 switch in your environment, you can use PowerShell to turn on a switch port as part of a Veeam backup or replication job. This allows you to automate turning on a port, reducing the risk of human error and saving time.
In this blog post, we’ll show you how to use PowerShell to connect to a Cisco Nexus 9200 switch, turn on a switch port, and integrate the script with a Veeam backup or replication job. We’ll also show you how to encrypt the credentials so that no passwords are stored in the script.
Requirements
Before we begin, make sure you have the following:
- A Cisco Nexus 9200 switch
- PowerShell 5.1 or later
- The Posh-SSH module
Connecting to the Cisco Nexus switch
The first step is to connect to the Cisco Nexus switch using PowerShell. We’ll use the Posh-SSH module to establish an SSH connection to the switch.
# Import the Posh-SSH module Import-Module Posh-SSH # Define the switch connection details $username = "admin" $hostname = "switch_hostname" $port = 22 # Connect to the Cisco Nexus switch using SSH $ssh = New-SSHSession -ComputerName $hostname -Credential (Get-Credential -UserName $username)
In this example, we import the Posh-SSH module, define the switch connection details, and connect to the switch using SSH. The Get-Credential cmdlet prompts us to enter the password for the specified username, so we don’t need to store the password in the script.
Turning on a switch port
Once connected to the switch, we can use PowerShell to turn on a switch port. In this example, we’ll turn on port 1.
# Turn on port 1 $interface = "Ethernet1/1" $command = "interface $interface ; no shutdown" $ssh | Invoke-SSHCommand -Command $command
Here, we define the interface name and the command to turn on the port, and then we execute the command using the Invoke-SSHCommand cmdlet.
Encrypting the credentials
While the password isn’t stored in the script, it’s still visible in clear text when we use the Get-Credential cmdlet to prompt for the password. To encrypt the password, we’ll use a key to encrypt the password as a secure string and then store the encrypted password in a file.
# Encrypt the password $username = "admin" $key = [byte]1..16 $securePassword = Read-Host "Enter password" -AsSecureString $encryptedPassword = ConvertFrom-SecureString $securePassword -Key $key # Save the encrypted password to a file $encryptedPassword | Set-Content -Path "password.txt"
In this example, we prompt the user to enter the password using the Read-Host cmdlet, encrypt the password using a randomly generated key, and save the encrypted password to a file
Using the encrypted credentials
Now that the encrypted password is stored in a file, we can use it to connect to the Cisco Nexus switch in our script. We’ll read the encrypted password from the file, decrypt it using the key, and use the decrypted password to connect to the switch.
# Connect to the Cisco Nexus switch using SSH $username = "admin" $hostname = "switch_hostname" $port = 22 $key = [byte]1..16 # Read the encrypted password from the file $encryptedPassword = Get-Content -Path "password.txt" # Decrypt the password $decryptedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR((ConvertTo-SecureString $encryptedPassword -Key $key))) # Connect to the Cisco Nexus switch using SSH and the decrypted password $ssh = New-SSHSession -ComputerName $hostname -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $decryptedPassword) -Port $port
In this example, we define the connection details and the key, then read the file’s encrypted password. Next, we decrypt the password using the key and the ConvertTo-SecureString cmdlet, and then we use the decrypted password to connect to the switch using the New-SSHSession cmdlet.
Integrating with Veeam Backup and Replication
Now that we can turn on a switch port using PowerShell, we can integrate the script with a Veeam backup or replication job. We’ll create a simple example script that turns on a switch port before a backup job starts and turns off the port after the job finishes.
# Import the Posh-SSH module Import-Module Posh-SSH # Define the switch connection details $username = "admin" $hostname = "switch_hostname" $port = 22 $key = [byte]1..16 # Read the encrypted password from the file $encryptedPassword = Get-Content -Path "password.txt" # Decrypt the password $decryptedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR((ConvertTo-SecureString $encryptedPassword -Key $key))) # Connect to the Cisco Nexus switch using SSH and the decrypted password $ssh = New-SSHSession -ComputerName $hostname -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $decryptedPassword) -Port $port # Turn on port 1 $interface = "Ethernet1/1" $command = "interface $interface; no shutdown" $ssh | Invoke-SSHCommand -Command $command # Run the Veeam backup job Start-VBRJob -Name "Backup Job Name" # Turn off port 1 $command = "interface $interface; shutdown" $ssh | Invoke-SSHCommand -Command $command # Disconnect from the SSH session Remove-SSHSession -SSHSession $ssh
In this example, we first connect to the switch and turn on the desired port using the same code as in the previous examples. We then run the Veeam backup job using the Start-VBRJob cmdlet, turn off the port using the same code as before, and disconnect from the switch.
Conclusion
By using PowerShell to connect to a Cisco Nexus 9200 switch and turn on a port as part of a Veeam backup or replication job, you can automate turning on a switch port and reduce the risk of human error. In addition, encrypting the password and storing it in a file can protect the password from unauthorized access.
In this blog post, we’ve covered the steps involved in connecting to a Cisco Nexus switch using PowerShell and the Posh-SSH module and how to encrypt the password to protect it. We’ve also shown how to integrate the script with a Veeam backup or replication job to automate turning on a switch port.
While we’ve used a Cisco Nexus 9200 switch as an example in this blog post, the same principles and techniques can be used to connect to other types of network devices and automate other types of network tasks. By leveraging the power of PowerShell and the Posh-SSH module, you can automate network tasks and improve the efficiency and reliability of your network infrastructure.
Thanks,
Dave Kawula MVP