Backup? Router Configuration!! Can you remember the last backup time of your router configuration? If somebody asks me the same question my answer will be no. Take backup periodically, take backup after and before any changes, store them in a remote location, those are the line I have seen in many company backup policies. But how often we follow those backup policy? To be honest, not very much, until unless you have a dedicated backup team. But if you are like Captain America whose job is saving the world and backup is the last task in your regular job and you often forget to take backup (like me :)) then this tutorial is for you. In this tutorial I will show you how you can backup your router configuration after every write-memory command and after taking the backup how you can send them to a remote server using ftp or scp using Cisco archive command. The command was first introduced by Cisco systems with Cisco IOS version 12.3.
Configure archive
The task is simple. But before starting the tutorial make sure that your router can reach your server where you will put the backup. If there is any firewall between your router and your server allow the ftp or ssh traffic on that firewall.
Login to your router and go to the archive configuration mode:
training(config)#archive
Press enter and you will be in the archive configuration mode. To see the available options, type the below command:
training(config-archive)#? Archive configuration commands: default Set a command to its defaults exit Exit from archive configuration mode log Logging commands maximum maximum number of backup copies no Negate a command or set its defaults path path for backups rollback Rollback parameters time-period Period of time in minutes to automatically archive the running-config write-memory Enable automatic backup generation during write memory training(config-archive)#
Lets configure the path parameter where the router will send the configuration as a backup. If you want to use scp then perform the following:
path scp://user:password@REMOTE_SERVER_IP_ADDRESS/$h
for ftp do the following:
path ftp://user:password@REMOTE_SERVER_IP_ADDRESS/$h
user:password is the user name and password used for scp of ftp connection. REMOTE_SERVER_IP_ADDRESS is the IP address of the remote server where scp or ftp is configured and $h will instruct the system to use the router host name while naming the router configuration.
Enable automatic backup
The path is configured now lets configure the automatic backup. Perform the following for automatic backup:
training(config-archive)#write-memory
That’s it. whenever you type write-memory the router will send a copy of your router configuration to the configured remote server. So you don’t need to worried about the backup anymore. Make a change, type write-memory, your router will take the backup and will send it to the remote location.
Some fine tuning
Remember one thing that you are sending files from the router to the server. You may need to configure the transport output parameter of line vty for sending the configuration to the remote server. Perform the following to enable transport output parameter for scp:
training#config t training(config)#line vty 0 4 training(config-line)#transport output ssh training(config-line)#exit training(config)#
and for ftp:
training#config t training(config)#line vty 0 4 training(config-line)#transport output telnet training(config-line)#exit training(config)#
Finally, mention your output interface which will be used for outgoing scp/ftp traffic.
for scp:
training(config)#ip ssh source-interface YOUR_SOURCE_INTERFACE
for ftp:
training(config)#ip ftp source-interface YOUR_SOURCE_INTERFACE
Verify the backup
To check your archiving is working type the show archive command:
training#show archive The maximum archive configurations allowed is 10. The next archive file will be named scp://user:password@REMOTE_SERVER_IP_ADDRESS/training-<timestamp>-1 Archive # Name 1 scp://user:passsword@REMOTE_SERVER_IP_ADDRESS/training-Oct-26-06-32-23.295-0 <- Most Recent 2 3 4 5 6 7 8 9 10 training#
As you can see the router is sending the file to your mention location. By default it takes 10 backups. You can configure it if you want.
Thanks for reading the post. If you enjoyed the post, please share it with your network and let me know your thoughts in the comments.
About the Author: Imtiaz is working in a financial organization in Bangladesh and having experience in system, network and security administration. Feel free to contact with him on LinkedIn or Twitter.