How to Automate Cisco Backup Using Configuration Archive

The absolute worst time to realize that a backup doesn’t exist is when that backup is actually needed. Although network devices often don’t house critical data like a typical SAN, backups are still a very important part of day to day operations. These backups are useful when a device fails or a configuration needs to be rolled back. This article is about using an often overlooked IOS feature as a method of automating the Cisco backup process. Primarily, this will look into different ways to create device backups using the archive commands.

Although administrators always have the ability to fire up a TFTP server and do a “copy running-config tftp”, this is one of those things that is often overlooked. In the event of an operation outage due to mistake or device failure, not having current backups can prolong the recovery process. Network devices, as key components to a typical business, should have their configuration backed up regularly. Not all organizations have network management solution that is capable of or configured to do this critical function.

As demonstrated in this article, this is a simple way to keep regular backups of IOS configurations. Third party and open source tools often provide the ability to reach into the network device from the outside and copy the configuration to a tftp server or do a backup directly from the output of “show” commands. The feature discussed here as an alternative to other third party solutions, provides administrators with the ability to backup a configuration by invoking manually, on a scheduled basis or when the running-config is saved.

This article assumes access to a TFTP server that is always on and reachable via static IP address. In the article, the files will be backed up to 192.168.2.2. A suitable Windows TFTP server can be found at the URLs below. My recommendation is to use the “service” edition so it can be daemonized in the Microsoft environment. If there is a need for some other flavor of TFTP, one should be readily available for your platform of choice.

Windows TFTP Servers

  • TFTPD32 (Download 32 Bit or 64 Bit as appropriate)

The router configuration is pretty straightforward. The basic configuration is as follows.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#archive
R1(config-archive)#path tftp://192.168.2.2/
R1(config-archive)#exit
R1(config)#exit

That is all that is necessary for a very basic archive configuration. The challenge with this configuration is it is still quite a manual process. Nonetheless, it is a basic configuration and can be tested. To do so is a manual process executed by the “archive config” privilege mode command.

R1#archive config

This should produce an output similar to what is shown below. If not, there is some issue copying the file to the tftp path configured.

R1#archive config
!!
R1#

Looking in the TFTP directory, there should also be a new file listed. Most likely this is called something like “-1”.

Basic Configuration Archive TFTP FIle

Realizing that “-1” is a bit obscure, it might make sense to name the files something like “hostname-x” where “x” is some kind of index number. There are two ways to accomplish this. The first method involves hard coding the path to include the hostname. The second method uses the “$h” variable to derive the hostname from the individual router configuration. I prefer to use the variable method so the configuration is portable from device to device.

Hostname in Path

R1(config)#archive
R1(config-archive)#path tftp://192.168.2.2/R1
R1(config-archive)#exit

Hostname Variable in Path

R1(config)#archive
R1(config-archive)#path tftp://192.168.2.2/$h
R1(config-archive)#exit

Now when the file is archived, it will be more descriptive.

Descriptive Cisco Archive Filename

At this point, it is very easy for an administrator to manually backup the IOS configuration. The problem with that it is still a manual process. Manual processes have a way of not getting the attention they deserve. There is an option that will allow this to be automatically performed any time the running-configuration is saved. Since administrators should be saving their configurations after any change, it helps solve the problem of not having an iteration of the configuration. This feature is enabled with the “write-memory” option.

Archive Write-Memory Option

R1(config)#archive
R1(config-archive)#write-memory
R1(config-archive)#exit

Now saving the configuration should also archive it. This is easily tested by doing a “wr” or “copy running-config startup-config”.

WR MEM Option

As can be seen in the image above, the output now shows “[OK]!!”. The !! is the acknowledgement from the TFTP process. In addition, there is another new file created.

The final option that can be added to the configuration is a scheduled backup. This is actually external to the archive process, but is a way to accomplish the goal. For some time, Cisco routers have had the ability to use the kron configuration to schedule router functions. This can be used to automate a weekly or monthly execution of the “archive config” command.

Kron Scheduling of Archive

R1(config)#kron policy-list Archive
R1(config-kron-policy)#cli archive config
R1(config-kron-policy)#exit
R1(config)#kron occure
R1(config)#kron occurenc Backup at 3:20 Sun recur
R1(config)#kron occurrence Backup at 3:20 Sun recurring
R1(config-kron-occurrence)#policy-list Archive

Now the router will execute the archive command every Sunday at 3:20AM. This should produce a current copy of the running configuration on the TFTP server.

To view the archived files from the router, the “show archive log” command can be executed.

R1#show archive
The next archive file will be named tftp://192.168.2.2/R1-4
 Archive #  Name
   0
   1       tftp://192.168.2.2/R1-1
   2       tftp://192.168.2.2/R1-2
   3       tftp://192.168.2.2/R1-3

As demonstrated in this article, there is a pretty easy way to keep regular backups of IOS configurations. Third party and open source tools often provide the ability to reach into the network device from the outside and copy something to a tftp server or do a backup directly. As an alternative, Cisco provides administrators with the archive feature that can be invoked manually, on a scheduled basis or when the running-config is saved. This feature, known as Cisco configuration archive, provides administrators who lack access to sophisticated third party network management solutions a viable solution to keep up with their IOS configuration files.

The next article will build on the understanding of the archive feature and demonstrate using “Cisco Configuration Replace and Rollback”.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in How-To. Bookmark the permalink.

11 Responses to How to Automate Cisco Backup Using Configuration Archive

  1. Winston Soetosenojo says:

    Excellent and clear article. Many thanks.
    To do the archiving of the configs we use Rancid at our university.

    • Paul Stewart says:

      Thanks for the comment. I know what rancid is, but haven’t worked with it much. I assume it is good for archiving and diffing configuration in your environment?

      • Winston Soetosenojo says:

        Oh yes indeed. Every time a change is detected rancid will mail the diffs and archive the config. We even set it up with a web svn, so you can browse the diffs and the archive.

  2. Very good and detailed article! Have a look at Restorepoint as well (www.restorepoint.com). It automatically backups network/security devices from about 50 vendors (not only Cisco) and restores, too. Full disclosure: I work for them.

  3. Very helpful article ! I use RANCID as well – but Rancid is not saving to a TFTP-Server
    it is pretty good to have a Revision of all the Configs

    the arcive command provide a ” time-periode ” option which let u save also the config Config automatical

  4. Nice article Paul. I’ve also created an Automation tool for backing up configs as well (Net-Sense Automater http://www.net-sense.com) but I like this idea just as well. Maybe better to use the Net-Sense Automater to push out the configuration commands you’ve explained above. Thx

  5. Kabir says:

    Dear Paul,
    1. First time am getting 5kb size file which is correct configuration file
    2. 2nd time, 3rd time and so on am getting 1 kb size file which just belongs to
    !
    ! Last configuration change at 14:18:39 UTC Thu Oct 15 2015
    !
    NVRAM config last updated at 14:19:11 UTC Thu Oct 15 2015
    !
    end
    ###################################
    Q. Do you have any solution for this?

  6. Pingback: بک آپ گرفتن خودکار از سوییچ

  7. Marco says:

    if I have VRF-lite and conectivity to TFTP is only with VRF source …..Can I use kron ?.

  8. Yas says:

    Hi, i keep getting this error on archive through FTP.
    The next archive file will be named ftp://ntwktm:[email protected]6.61/Ntwkdta/CiscoConfig/OTTMonitoring–1
    Archive # Name
    1 :Error – Bad file number <- Most Recent
    2
    3
    4
    5
    6
    7
    8
    9
    10

    Please advice. Thank you.

    Regards.

Comments are closed.