March 5, 2013 at 15:36Automatically Save Cisco Device Configuration
I decided to write a short post about automatically saving cisco configuration files.
Why save the configuration? There are many examples - a piece of iron can burn - you can change it without problems, but there is no backup of the configuration file - you will have to configure it from scratch. It’s good if you have good memory (and you remember all the settings) or you have everything fully described by the system. But what if the configuration file takes thousands of lines?
Or for example, one of the employees accidentally cleans a configuration file or deletes it. Perhaps deliberately ...
You can store the configuration not in flash - but on an external medium or a remote server - but you can lose the configuration in this case too. Backup configurations must be done - and on an ongoing basis.
I will describe how you can automate this process.
In the beginning, you need to raise the TFTP server (you can also use FTP or another method, I save it in the configuration on the local network in a separate VLAN management - therefore I use TFTP without authentication).
It is possible to use both Linux and Windows servers for a TFTP server, I have a server with Windows 2012 for these purposes. I need to download a TFTP server for it - I use the free tftpd32 service edition for these purposes , it is installed and lifted as a service in system. We start the program, point it to the folder where the configuration files will be saved, indicate which IP it will use and check the availability of the TFTP server from the router by simply copying the file from the internal flash:
I had a “3.txt” file in the router’s internal memory - and I successfully copied it to a TFTP server.
The first way. Create a kron job.
1) Creating a policy script for backup:
Router (config) #kron policy-list (name)
Router (config-kron-policy) #cli copy (where to copy) (where to copy)
Router (config-kron-policy) #exit
where the following parameters:
cl - definition of the EXEC CLI command in the policy job.
policy-list - definition of the policy that will be associated with the task in the instruction.
Example:
2) An instruction is created for devices with the time and interval of the job:
Router (config) #kron occurrence (name) at (hh: mm) (day / month / oneshot / reccuring)
Router (config-kron-occurrence) # policy-list (name)
Example:
3) Verify the configuration with the show kron command.
The second way. Create archiving.
Archiving has appeared on devices from version 12.3 - therefore, you may have to update iOS. Currently, many devices are already using iOS from version 15.x and higher. Accordingly, on older devices, this functionality is not supported.
Let's see the parameters of this command:
I will describe each parameter:
log - logging settings;
maximum - the maximum number of configuration backups (10 by default);
path - a path that indicates where backups are stored. When specifying the file name, you can use the variables $ H - the name of the device, and $ T - the current time;
time-period - the period of time after which the current configuration will be automatically archived (in minutes); if you set the value to 1440 (24 hours), it will be saved every day even when the device configuration is saved;
write-memory - enables automatic backup of the configuration after saving the configuration;
hidekeys - hide passwords during archiving (although no one has canceled the use of secret instead of password).
Let's see the possible ways to save the archives:
The command also allows you to save the configuration to various places.
The save configuration on TFTP will look like this:
Now, each time the save configuration command is executed, a file will be created on the device on the remote tftp server.
We check the operability, save the configuration:
And look at the saved archives:
It can be seen that one archive was created.
The team has another useful feature - comparing archives.
Let's make (saving the configuration) one more archive and check their differences with the command:
Router # sh archive config differences (name1) (name2)
Example:
There are no differences - the archives are the same.
There is also a way to restore the previous version of the archive with the command:
The second method is more convenient, since it allows you to backup each time you save the configuration - and therefore the ability to roll back to the last (even ten last) configurations, but its minus is not supported by older iOS. For me, this problem is not relevant - since I use archive.
Why save the configuration? There are many examples - a piece of iron can burn - you can change it without problems, but there is no backup of the configuration file - you will have to configure it from scratch. It’s good if you have good memory (and you remember all the settings) or you have everything fully described by the system. But what if the configuration file takes thousands of lines?
Or for example, one of the employees accidentally cleans a configuration file or deletes it. Perhaps deliberately ...
You can store the configuration not in flash - but on an external medium or a remote server - but you can lose the configuration in this case too. Backup configurations must be done - and on an ongoing basis.
I will describe how you can automate this process.
In the beginning, you need to raise the TFTP server (you can also use FTP or another method, I save it in the configuration on the local network in a separate VLAN management - therefore I use TFTP without authentication).
It is possible to use both Linux and Windows servers for a TFTP server, I have a server with Windows 2012 for these purposes. I need to download a TFTP server for it - I use the free tftpd32 service edition for these purposes , it is installed and lifted as a service in system. We start the program, point it to the folder where the configuration files will be saved, indicate which IP it will use and check the availability of the TFTP server from the router by simply copying the file from the internal flash:
RT-01 # copy flash: tftp:
Source filename []? 3.txt
Address or name of remote host []? 192.168.10.24
Destination filename [3.txt]?
!!!
11335 bytes copied in 0.044 secs (257614 bytes / sec)
RT-01 #
I had a “3.txt” file in the router’s internal memory - and I successfully copied it to a TFTP server.
The first way. Create a kron job.
1) Creating a policy script for backup:
Router (config) #kron policy-list (name)
Router (config-kron-policy) #cli copy (where to copy) (where to copy)
Router (config-kron-policy) #exit
where the following parameters:
cl - definition of the EXEC CLI command in the policy job.
policy-list - definition of the policy that will be associated with the task in the instruction.
Example:
RT-01 (config) #kron policy-list conf_to_tftp
RT-01 (config-kron-policy) #cli copy system: / running-config tftp: //192.168.10.24/rt-01.txt
2) An instruction is created for devices with the time and interval of the job:
Router (config) #kron occurrence (name) at (hh: mm) (day / month / oneshot / reccuring)
Router (config-kron-occurrence) # policy-list (name)
Example:
RT-01 (config) #kron occurrence daily at 4:00 recurring
RT-01 (config-kron-occurrence) # policy-list conf_to_tftp
3) Verify the configuration with the show kron command.
RT-01 # sh kron schedule
Kron Occurrence Schedule
daily inactive, will run again in 0 days 15:04:22 at 4:00 on
The second way. Create archiving.
Archiving has appeared on devices from version 12.3 - therefore, you may have to update iOS. Currently, many devices are already using iOS from version 15.x and higher. Accordingly, on older devices, this functionality is not supported.
Let's see the parameters of this command:
RT-01 (config) #archive
RT-01 (config-archive) #?
Archive configuration commands:
default Set a command to its defaults
exit Exit from archive configuration mode
log Logging commands
maximum maximum number of backup copies
no Negate a command or set its defaults
path path for backups
rollback Rollback parameters
time-period Period of time in minutes to automatically archive the running-config
write-memory Enable automatic backup generation during write memory
I will describe each parameter:
log - logging settings;
maximum - the maximum number of configuration backups (10 by default);
path - a path that indicates where backups are stored. When specifying the file name, you can use the variables $ H - the name of the device, and $ T - the current time;
time-period - the period of time after which the current configuration will be automatically archived (in minutes); if you set the value to 1440 (24 hours), it will be saved every day even when the device configuration is saved;
write-memory - enables automatic backup of the configuration after saving the configuration;
hidekeys - hide passwords during archiving (although no one has canceled the use of secret instead of password).
Let's see the possible ways to save the archives:
RT-01 (config-archive) #path?
flash0: write archive on flash0: file system
flash1: write archive on flash1: file system
flash: write archive on flash: file system
ftp: write archive on ftp: file system
http: write archive on http: file system
https: write archive on https: file system
rcp: Write archive on rcp: file system
scp: Write archive on scp: file system
tftp: Write archive on tftp: file system
The command also allows you to save the configuration to various places.
The save configuration on TFTP will look like this:
RT-01 (config) #archive
log config
logging enable
logging persistent reload
hidekeys
path tftp: //192.168.10.24/$H-$T
write-memory
Now, each time the save configuration command is executed, a file will be created on the device on the remote tftp server.
We check the operability, save the configuration:
RT-01 # wr
Building configuration ...
[OK]!
And look at the saved archives:
RT-01 # sh archive
The maximum archive configurations allowed is 10.
The next archive file will be named tftp: //192.168.10.24/RT-01-Mar--5-13-17-00.303.txt-1
Archive # Name
1 tftp: //192.168.10.24/RT-01-Mar--5-13-16-56.343.txt-0 <- Most Recent
2
3
4
5
6
7
8
9
10
It can be seen that one archive was created.
The team has another useful feature - comparing archives.
Let's make (saving the configuration) one more archive and check their differences with the command:
Router # sh archive config differences (name1) (name2)
Example:
RT-01 # sh archive config differences tftp: //192.168.10.24/RT-01-Mar--5-13-16-56.343.txt-0 tftp: //192.168.10.24/RT-01-Mar--5 -13-20-30.647.txt-1
Loading RT-01-Mar - 5-13-16-56.343.txt-0 from 192.168.10.24 (via Port-channel1) :!
[OK - 6663 bytes]
Loading RT-01-Mar - 5-13-20-30.647.txt-1 from 192.168.10.24 (via Port-channel1) :!
[OK - 6663 bytes]
! Contextual Config Diffs:!
No changes were found
There are no differences - the archives are the same.
There is also a way to restore the previous version of the archive with the command:
RT-01 (config) #configure replace tftp: //192.168.10.24/RT-01-Mar--5-13-20-30.647.txt-1
The second method is more convenient, since it allows you to backup each time you save the configuration - and therefore the ability to roll back to the last (even ten last) configurations, but its minus is not supported by older iOS. For me, this problem is not relevant - since I use archive.