How to Automate Cisco Backup Using Configuration Archive
The absolute worst time to realize
that a backup doesn’t exist is when that backup is actually needed.
Although network devices often don’t house critical data like a typical
SAN, backups are still a very important part of day to day operations.
These backups are useful when a device fails or a configuration needs to
be rolled back. This article is about using an often overlooked IOS
feature as a method of automating the Cisco backup process. Primarily,
this will look into different ways to create device backups using the
archive commands.
Although administrators always have the
ability to fire up a TFTP server and do a “copy running-config tftp”,
this is one of those things that is often overlooked. In the event of an
operation outage due to mistake or device failure, not having current
backups can prolong the recovery process. Network devices, as key
components to a typical business, should have their configuration backed
up regularly. Not all organizations have network management solution
that is capable of or configured to do this critical function.
As demonstrated in this article, this is
a simple way to keep regular backups of IOS configurations. Third party
and open source tools often provide the ability to reach into the
network device from the outside and copy the configuration to a tftp
server or do a backup directly from the output of “show” commands. The
feature discussed here as an alternative to other third party solutions,
provides administrators with the ability to backup a configuration by
invoking manually, on a scheduled basis or when the running-config is
saved.
This article assumes access to a TFTP
server that is always on and reachable via static IP address. In the
article, the files will be backed up to 192.168.2.2. A suitable Windows
TFTP server can be found at the URLs below. My recommendation is to use
the “service” edition so it can be daemonized in the Microsoft
environment. If there is a need for some other flavor of TFTP, one
should be readily available for your platform of choice.
Windows TFTP Servers
- TFTPD32 (Download 32 Bit or 64 Bit as appropriate)
The router configuration is pretty straightforward. The basic configuration is as follows.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/ R1(config-archive)#exit R1(config)#exit
That is all that is necessary for a very
basic archive configuration. The challenge with this configuration is
it is still quite a manual process. Nonetheless, it is a basic
configuration and can be tested. To do so is a manual process executed
by the “archive config” privilege mode command.
R1#archive config
This should produce an output similar to
what is shown below. If not, there is some issue copying the file to
the tftp path configured.
R1#archive config !! R1#
Looking in the TFTP directory, there should also be a new file listed. Most likely this is called something like “-1”.
Realizing that “-1” is a bit obscure, it
might make sense to name the files something like “hostname-x” where
“x” is some kind of index number. There are two ways to accomplish this.
The first method involves hard coding the path to include the hostname.
The second method uses the “$h” variable to derive the hostname from
the individual router configuration. I prefer to use the variable method
so the configuration is portable from device to device.
Hostname in Path
R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/R1 R1(config-archive)#exit
Hostname Variable in Path
R1(config)#archive R1(config-archive)#path tftp://192.168.2.2/$h R1(config-archive)#exit
Now when the file is archived, it will be more descriptive.
At this point, it is very easy for an
administrator to manually backup the IOS configuration. The problem with
that it is still a manual process. Manual processes have a way of not
getting the attention they deserve. There is an option that will allow
this to be automatically performed any time the running-configuration is
saved. Since administrators should be saving their configurations after
any change, it helps solve the problem of not having an iteration of
the configuration. This feature is enabled with the “write-memory”
option.
Archive Write-Memory Option
R1(config)#archive R1(config-archive)#write-memory R1(config-archive)#exit
Now saving the configuration should also
archive it. This is easily tested by doing a “wr” or “copy
running-config startup-config”.
As can be seen in the image above, the
output now shows “[OK]!!”. The !! is the acknowledgement from the TFTP
process. In addition, there is another new file created.
The final option that can be added to
the configuration is a scheduled backup. This is actually external to
the archive process, but is a way to accomplish the goal. For some time,
Cisco routers have had the ability to use the kron configuration to
schedule router functions. This can be used to automate a weekly or
monthly execution of the “archive config” command.
Kron Scheduling of Archive
R1(config)#kron policy-list Archive R1(config-kron-policy)#cli archive config R1(config-kron-policy)#exit R1(config)#kron occure R1(config)#kron occurenc Backup at 3:20 Sun recur R1(config)#kron occurrence Backup at 3:20 Sun recurring R1(config-kron-occurrence)#policy-list Archive
Now the router will execute the archive
command every Sunday at 3:20AM. This should produce a current copy of
the running configuration on the TFTP server.
To view the archived files from the router, the “show archive log” command can be executed.
R1#show archive The next archive file will be named tftp://192.168.2.2/R1-4 Archive # Name 0 1 tftp://192.168.2.2/R1-1 2 tftp://192.168.2.2/R1-2 3 tftp://192.168.2.2/R1-3
As demonstrated in this article, there
is a pretty easy way to keep regular backups of IOS configurations.
Third party and open source tools often provide the ability to reach
into the network device from the outside and copy something to a tftp
server or do a backup directly. As an alternative, Cisco provides
administrators with the archive feature that can be invoked manually, on
a scheduled basis or when the running-config is saved. This feature,
known as Cisco configuration archive, provides administrators who lack
access to sophisticated third party network management solutions a
viable solution to keep up with their IOS configuration files.
The next article will build on the
understanding of the archive feature and demonstrate using “Cisco
Configuration Replace and Rollback”.
Reference: http://www.packetu.com/2013/05/07/how-to-automate-cisco-backup-using-configuration-archive/