Cisco archive command: backup router configuration automatically, stores them remotely.

Backup? Router Configuration!!  Can you remember the last backup time of your router configuration? If somebody asks me the same question my answer will be no. Take backup periodically, take backup after and before any changes, store them in a remote location, those are the line I have seen in many company backup policies. But how often we follow those backup policy? To be honest, not very much, until unless you have a dedicated backup team. But if you are like Captain America whose job is saving the world and backup is the last task in your regular job and you often forget to take backup (like me :)) then this tutorial is for you. In this tutorial I will show you how you can backup your router configuration after every write-memory command and after taking the backup how you can send them to a remote server using ftp or scp  using Cisco archive command. The command was first introduced by Cisco systems with Cisco IOS version 12.3.

Configure archive

The task is simple. But before starting the tutorial make sure that your router can reach your server where you will put the backup. If there is any firewall between your router and your server allow the ftp or ssh traffic on that firewall.

Login to your router and go to the archive configuration mode:


Press enter and you will be in the archive configuration mode. To see the available options, type the below command:

Archive configuration commands:
 default Set a command to its defaults
 exit Exit from archive configuration mode
 log Logging commands
 maximum maximum number of backup copies
 no Negate a command or set its defaults
 path path for backups
 rollback Rollback parameters
 time-period Period of time in minutes to automatically archive the
 write-memory Enable automatic backup generation during write memory

Lets configure the path parameter where the router will send the configuration as a backup. If you want to use scp then perform the following:

path scp://user:password@REMOTE_SERVER_IP_ADDRESS/$h

for ftp do the following:

path ftp://user:password@REMOTE_SERVER_IP_ADDRESS/$h

user:password is the user name and password used for scp of ftp connection. REMOTE_SERVER_IP_ADDRESS is the IP address of the remote server where scp or ftp is configured and $h will instruct the system to use the router host name while  naming the router configuration.

Enable automatic backup

The path is configured now lets configure the automatic backup. Perform the following for automatic backup:


That’s it. whenever you type write-memory the router will send a copy of your router configuration to the configured remote server. So you don’t need to worried about the backup anymore. Make a change, type write-memory, your router will take the backup and will send it to the remote location.

Some fine tuning

Remember one thing that you are sending files from the router to the server. You may need to configure the transport output parameter of line vty for sending the configuration to the remote server. Perform the following to enable transport output parameter for scp:

training#config t
training(config)#line vty 0 4
training(config-line)#transport output ssh

and for ftp:

training#config t
training(config)#line vty 0 4
training(config-line)#transport output telnet

Finally, mention your output interface which will be used for outgoing scp/ftp traffic.

for scp:

training(config)#ip ssh source-interface YOUR_SOURCE_INTERFACE

for ftp:

training(config)#ip ftp source-interface YOUR_SOURCE_INTERFACE

Verify the backup

To check your archiving is working type the show archive command:

training#show archive
The maximum archive configurations allowed is 10.
The next archive file will be named scp://user:password@REMOTE_SERVER_IP_ADDRESS/training-<timestamp>-1
 Archive # Name
 1 scp://user:passsword@REMOTE_SERVER_IP_ADDRESS/training-Oct-26-06-32-23.295-0 <- Most Recent

As you can see the router is sending the file to your mention location. By default it takes 10 backups. You can configure it if you want.

Thanks for reading the post. If you enjoyed the post, please share it with your network and let me know your thoughts in the comments. 

About the Author: Imtiaz is working in a financial organization in Bangladesh and having experience in system, network and security administration. Feel free to contact with him on LinkedIn or Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *