Automatically saving Cisco device configurations
I decided to write a small post about automatically saving configuration files cisco.
Why save the configuration? There are many examples - a piece of iron can burn out - you can change it without problems, but there is no backup of the configuration file - you have to configure it from scratch. It is good if you have a good memory (and you remember all the settings) or your system is fully described. But what if the configuration file takes thousands of lines?
Or for example one of the employees accidentally cleans the configuration file or deletes it. Perhaps intentionally ...
You can store the configuration not in flash — but on external media or a remote server — but you can also lose the configuration in this case. Backup configuration must be done on an ongoing basis.
I will describe how to automate this process.
')
At the beginning, you need to raise the TFTP server (you can also use FTP or another method, I save it in the configuration via the local network in a separate VLAN management - therefore I use TFTP without authentication).
Under the TFTP server, it is possible to use both Linux and the Windows server, I have a server with Windows 2012 for this purpose. I need to download a TFTP server for it - I use the free tftpd32 service edition for this purpose, it is installed and raised as a service in system. Run the program, specify the folder where the configuration files will be saved, specify which IP it will use and check the availability of the TFTP server from the router by simply copying the file from the internal flash:
I had the file "3.txt" in the internal memory of the router - and I successfully copied it to the TFTP server.
Method one. Creating a job kron.
1) Creating a script-policy for backup:
Router (config) #kron policy-list (name)
Router (config-kron-policy) #cli copy (from where to copy) (where to copy)
Router (config-kron-policy) #exit
where the following parameters:
CLI - definition of the EXEC CLI command in the policy task.
policy-list - definition of the policy that will be associated with the task in the instruction.
Example:
2) An instruction is created for devices with a task time and interval:
Router (config) #kron occurrence (name) at (hh: mm) (day / month / oneshot / reccuring)
Router (config-kron-occurrence) # policy-list (name)
Example:
3) Verification of the configuration with the show kron command.
The second way. Create archiving.
Archiving appeared in devices from version 12.3 - therefore, you may have to update iOS. Currently, iOS devices from version 15.x and higher are already used for many devices. Accordingly, this functionality is not supported on older devices.
Let's look at the parameters of this command:
I will describe each parameter:
log - logging setup;
maximum - the maximum number of backup configurations (default 10);
path is the path that indicates where backups are stored. When specifying the file name, you can use the variables $ H - the device name, and $ T - the current time;
time-period - period of time after which the current configuration will be automatically archived (in minutes), if you set the value to 1440 (24 hours), it will be saved every day and when the device configuration is saved;
write-memory - enables automatic generation of a backup copy of the configuration, after the configuration has been saved;
hidekeys - hide passwords during archiving (although no one has canceled the use of secret instead of password).
Let's look at possible ways to save archives:
The command also allows you to save the configuration in different places.
The save setting on TFTP will look like this:
Now every time the save command is executed on the device, a file will be created on the remote tftp server.
We check the performance, save the configuration:
And look at the saved archives:
It is visible that one archive is created.
The team has another useful feature - comparing archives.
Let's make (saving the configuration) one more archive and check their differences with the command:
Router # sh archive config differences (name1) (name2)
Example:
There are no differences - the archives are the same.
There is also a way to restore the previous version of the archive with the command:
The second method is more convenient, as it allows you to backup every time you save the configuration - and therefore the ability to roll back to the last (even the last ten) configurations, but its disadvantage is not supported by the old iOS. For me, this problem is not relevant - since I use archive.
Why save the configuration? There are many examples - a piece of iron can burn out - you can change it without problems, but there is no backup of the configuration file - you have to configure it from scratch. It is good if you have a good memory (and you remember all the settings) or your system is fully described. But what if the configuration file takes thousands of lines?
Or for example one of the employees accidentally cleans the configuration file or deletes it. Perhaps intentionally ...
You can store the configuration not in flash — but on external media or a remote server — but you can also lose the configuration in this case. Backup configuration must be done on an ongoing basis.
I will describe how to automate this process.
')
At the beginning, you need to raise the TFTP server (you can also use FTP or another method, I save it in the configuration via the local network in a separate VLAN management - therefore I use TFTP without authentication).
Under the TFTP server, it is possible to use both Linux and the Windows server, I have a server with Windows 2012 for this purpose. I need to download a TFTP server for it - I use the free tftpd32 service edition for this purpose, it is installed and raised as a service in system. Run the program, specify the folder where the configuration files will be saved, specify which IP it will use and check the availability of the TFTP server from the router by simply copying the file from the internal flash:
RT-01 # copy flash: tftp:
Source filename []? 3.txt
Address or name of remote host []? 192.168.10.24
Destination filename [3.txt]?
!!!
11335 bytes copied in 0.044 secs (257614 bytes / sec)
RT-01 #
I had the file "3.txt" in the internal memory of the router - and I successfully copied it to the TFTP server.
Method one. Creating a job kron.
1) Creating a script-policy for backup:
Router (config) #kron policy-list (name)
Router (config-kron-policy) #cli copy (from where to copy) (where to copy)
Router (config-kron-policy) #exit
where the following parameters:
CLI - definition of the EXEC CLI command in the policy task.
policy-list - definition of the policy that will be associated with the task in the instruction.
Example:
RT-01 (config) #kron policy-list conf_to_tftp
RT-01 (config-kron-policy) #cli copy system: / running-config tftp: //192.168.10.24/rt-01.txt
2) An instruction is created for devices with a task time and interval:
Router (config) #kron occurrence (name) at (hh: mm) (day / month / oneshot / reccuring)
Router (config-kron-occurrence) # policy-list (name)
Example:
RT-01 (config) #kron occurrence daily at 4:00 recurring
RT-01 (config-kron-occurrence) # policy-list conf_to_tftp
3) Verification of the configuration with the show kron command.
RT-01 # sh kron schedule
Kron Occurrence Schedule
daily inactive, will run again in 0 days 15:04:22 at 4:00 on
The second way. Create archiving.
Archiving appeared in devices from version 12.3 - therefore, you may have to update iOS. Currently, iOS devices from version 15.x and higher are already used for many devices. Accordingly, this functionality is not supported on older devices.
Let's look at the parameters of this command:
RT-01 (config) #archive
RT-01 (config-archive) #?
Archive configuration commands:
default set a command to its defaults
exit Exit from archive configuration mode
log logging commands
maximum maximum number of backup copies
no Negate command or set its defaults
path path for backups
rollback rollback parameters
the running-config
write-memory Enable automatic backup generation during write memory
I will describe each parameter:
log - logging setup;
maximum - the maximum number of backup configurations (default 10);
path is the path that indicates where backups are stored. When specifying the file name, you can use the variables $ H - the device name, and $ T - the current time;
time-period - period of time after which the current configuration will be automatically archived (in minutes), if you set the value to 1440 (24 hours), it will be saved every day and when the device configuration is saved;
write-memory - enables automatic generation of a backup copy of the configuration, after the configuration has been saved;
hidekeys - hide passwords during archiving (although no one has canceled the use of secret instead of password).
Let's look at possible ways to save archives:
RT-01 (config-archive) #path?
flash0: Write archive on flash0: file system
flash1: Write archive on flash1: file system
flash: Write archive on flash: file system
ftp: Write archive on ftp: file system
http: Write archive on http: file system
https: Write archive on https: file system
rcp: Write archive on rcp: file system
scp: Write archive on scp: file system
tftp: Write archive on tftp: file system
The command also allows you to save the configuration in different places.
The save setting on TFTP will look like this:
RT-01 (config) #archive
log config
logging enable
logging persistent reload
hidekeys
path tftp: //192.168.10.24/$H-$T
write-memory
Now every time the save command is executed on the device, a file will be created on the remote tftp server.
We check the performance, save the configuration:
RT-01 # wr
Building configuration ...
[OK]!
And look at the saved archives:
RT-01 # sh archive
The maximum archive configurations allowed is 10.
Tftp: //192.168.10.24/RT-01-Mar--5-13-17-00.303.txt-1
Archive # Name
1 tftp: //192.168.10.24/RT-01-Mar--5-13-16-56.343.txt-0 <- Most Recent
2
3
four
five
6
7
eight
9
ten
It is visible that one archive is created.
The team has another useful feature - comparing archives.
Let's make (saving the configuration) one more archive and check their differences with the command:
Router # sh archive config differences (name1) (name2)
Example:
RT-01 # sh archive config differences tftp: //192.168.10.24/RT-01-Mar--5-13-16-56.343.txt-0 tftp: //192.168.10.24/RT-01-Mar--5 -13-20-30.647.txt-1
Loading RT-01-Mar - 5-13-16-56.343.txt-0 from 192.168.10.24 (via Port-channel1) :!
[OK - 6663 bytes]
Loading RT-01-Mar - 5-13-20-30.647.txt-1 from 192.168.10.24 (via Port-channel1) :!
[OK - 6663 bytes]
! Contextual Config Diffs:
! No changes were found
There are no differences - the archives are the same.
There is also a way to restore the previous version of the archive with the command:
RT-01 (config) #configure replace tftp: //192.168.10.24/RT-01-Mar--5-13-20-30.647.txt-1
The second method is more convenient, as it allows you to backup every time you save the configuration - and therefore the ability to roll back to the last (even the last ten) configurations, but its disadvantage is not supported by the old iOS. For me, this problem is not relevant - since I use archive.
Source: https://habr.com/ru/post/171681/
All Articles