The absolute worst time to realize that a backup doesn’t exist is when that backup is actually needed. Although network devices often don’t house critical data like a typical SAN, backups are still a very important part of day to day operations. These backups are useful when a device fails or a configuration needs to be rolled back. This article is about using an often overlooked IOS feature as a method of automating the Cisco backup process. Primarily, this will look into different ways to create device backups using the archive commands.
Although administrators always have the ability to fire up a TFTP server and do a “copy running-config tftp”, this is one of those things that is often overlooked. In the event of an operation outage due to mistake or device failure, not having current backups can prolong the recovery process. Network devices, as key components to a typical business, should have their configuration backed up regularly. Not all organizations have network management solution that is capable of or configured to do this critical function.
As demonstrated in this article, this is a simple way to keep regular backups of IOS configurations. Third party and open source tools often provide the ability to reach into the network device from the outside and copy the configuration to a tftp server or do a backup directly from the output of “show” commands. The feature discussed here as an alternative to other third party solutions, provides administrators with the ability to backup a configuration by invoking manually, on a scheduled basis or when the running-config is saved.
This article assumes access to a TFTP server that is always on and reachable via static IP address. In the article, the files will be backed up to 192.168.2.2. A suitable Windows TFTP server can be found at the URLs below. My recommendation is to use the “service” edition so it can be daemonized in the Microsoft environment. If there is a need for some other flavor of TFTP, one should be readily available for your platform of choice.
Windows TFTP Servers
- TFTPD32 (Download 32 Bit or 64 Bit as appropriate)
The router configuration is pretty straightforward. The basic configuration is as follows.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/ R1(config-archive)#exit R1(config)#exit
That is all that is necessary for a very basic archive configuration. The challenge with this configuration is it is still quite a manual process. Nonetheless, it is a basic configuration and can be tested. To do so is a manual process executed by the “archive config” privilege mode command.
This should produce an output similar to what is shown below. If not, there is some issue copying the file to the tftp path configured.
R1#archive config !! R1#
Looking in the TFTP directory, there should also be a new file listed. Most likely this is called something like “-1”.
Realizing that “-1” is a bit obscure, it might make sense to name the files something like “hostname-x” where “x” is some kind of index number. There are two ways to accomplish this. The first method involves hard coding the path to include the hostname. The second method uses the “$h” variable to derive the hostname from the individual router configuration. I prefer to use the variable method so the configuration is portable from device to device.
Hostname in Path
R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/R1 R1(config-archive)#exit
Hostname Variable in Path
R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/$h R1(config-archive)#exit
Now when the file is archived, it will be more descriptive.
At this point, it is very easy for an administrator to manually backup the IOS configuration. The problem with that it is still a manual process. Manual processes have a way of not getting the attention they deserve. There is an option that will allow this to be automatically performed any time the running-configuration is saved. Since administrators should be saving their configurations after any change, it helps solve the problem of not having an iteration of the configuration. This feature is enabled with the “write-memory” option.
Archive Write-Memory Option
R1(config)#archive R1(config-archive)#write-memory R1(config-archive)#exit
Now saving the configuration should also archive it. This is easily tested by doing a “wr” or “copy running-config startup-config”.
As can be seen in the image above, the output now shows “[OK]!!”. The !! is the acknowledgement from the TFTP process. In addition, there is another new file created.
The final option that can be added to the configuration is a scheduled backup. This is actually external to the archive process, but is a way to accomplish the goal. For some time, Cisco routers have had the ability to use the kron configuration to schedule router functions. This can be used to automate a weekly or monthly execution of the “archive config” command.
Kron Scheduling of Archive
R1(config)#kron policy-list Archive R1(config-kron-policy)#cli archive config R1(config-kron-policy)#exit R1(config)#kron occure R1(config)#kron occurenc Backup at 3:20 Sun recur R1(config)#kron occurrence Backup at 3:20 Sun recurring R1(config-kron-occurrence)#policy-list Archive
Now the router will execute the archive command every Sunday at 3:20AM. This should produce a current copy of the running configuration on the TFTP server.
To view the archived files from the router, the “show archive log” command can be executed.
R1#show archive The next archive file will be named tftp://192.168.2.2/R1-4 Archive # Name 0 1 tftp://192.168.2.2/R1-1 2 tftp://192.168.2.2/R1-2 3 tftp://192.168.2.2/R1-3
As demonstrated in this article, there is a pretty easy way to keep regular backups of IOS configurations. Third party and open source tools often provide the ability to reach into the network device from the outside and copy something to a tftp server or do a backup directly. As an alternative, Cisco provides administrators with the archive feature that can be invoked manually, on a scheduled basis or when the running-config is saved. This feature, known as Cisco configuration archive, provides administrators who lack access to sophisticated third party network management solutions a viable solution to keep up with their IOS configuration files.
The next article will build on the understanding of the archive feature and demonstrate using “Cisco Configuration Replace and Rollback”.