SOHO configuration management
By stretch | Friday, February 19, 2010 at 8:00 p.m. UTC
In large enterprise and service provider environments, it is considered best practice to routinely back-up and archive the configurations of all network devices. These backups can be used in an emergency to restore a device's configuration which was inadvertently altered or erased. Such a scheme is typically accomplished via automated FTP or SCP transfers to a centralized database, often integrated with a network management system like CiscoWorks.
However, this approach is often poorly suited for the small office/home office (SOHO) and similar small-scale environments. In such situations, where only one or few devices are present, it may not be justifiable or practical to run an on-site server dedicated for configuration backups.
Cisco IOS includes a configuration archive feature which allows for the creation of both manual and automated configuration snapshots, stored locally on the router's own filesystem.
To enable this feature, we enter archive configuration and specify a path where archived configurations are to be stored. In the following example, we've created a directory appropriately named archive on the Flash filesystem.
Demarc# mkdir archive Create directory filename [archive]? Created dir flash:archive Demarc# dir Directory of flash:/ 1 -rw- 23587052 Jan 9 2010 17:16:58 -05:00 c181x-advipservicesk9-mz.124-24.T.bin 4 drw- 0 Feb 19 2010 22:47:02 -05:00 archive 7 -rw- 720 Jan 9 2010 03:23:34 -05:00 vlan.dat 128237568 bytes total (104640512 bytes free) Demarc# conf t Enter configuration commands, one per line. End with CNTL/Z. Demarc(config)# archive Demarc(config-archive)# path flash:/archive/
Here, we can also optionally set the maximum number of configurations to store at any time (the default is 10, maximum is 14), and/or enable automatic archiving with the
time-period command. Here we'll increase the default number of configurations stored to 14, since we have plenty of space on the filesystem, and enable weekly automatic archivals (seven days are equal to 10080 minutes).
Demarc(config-archive)# maximum 14 Demarc(config-archive)# time-period 10080
We can view the current archive with the
show archive command:
Demarc# show archive The maximum archive configurations allowed is 14. There are currently no configuration saved. The next archive file will be named flash:/archive/-0 Archive # Name 1 2 3 4 5 6 7 8 9 10 11 12 13 14
As you can see, the archive is currently empty. Let's begin by archiving the router's current configuration with the
archive config command:
Demarc# archive config
Looking at the archive again, we see the first configuration slot has been filled:
Demarc# show archive The maximum archive configurations allowed is 14. There are currently 1 archive configurations saved. The next archive file will be named flash:/archive/-1 Archive # Name 1 flash:/archive/-0 <- Most Recent 2 3 4 5 6 7 8 9 10 11 12 13 14 Demarc# dir flash:/archive/ Directory of flash:/archive/ 8 -rw- 7758 Feb 19 2010 22:58:50 -05:00 -0 128237568 bytes total (104632320 bytes free)
Now, to illustrate the benefits of configuration archiving, we'll configure interface FastEthernet1, which currently has no configuration, to support a routed link:
Demarc# show run interface f1 Building configuration... Current configuration : 81 bytes ! interface FastEthernet1 no ip address duplex auto speed auto end Demarc# conf t Enter configuration commands, one per line. End with CNTL/Z. Demarc(config)# interface f1 Demarc(config-if)# ip address 192.0.2.1 255.255.255.0 Demarc(config-if)# ^Z Demarc# show run interface f1 Building configuration... Current configuration : 92 bytes ! interface FastEthernet1 ip address 192.0.2.1 255.255.255.0 duplex auto speed auto end Demarc# write Building configuration... [OK]
Note that configuration archival is performed separately from start-up configuration synchronization;
copy run start is still needed to save the running configuration to the default start-up configuration.
After archiving the configuration again, we see that there are now two copies in the archive:
Demarc# archive config Demarc# show archive The maximum archive configurations allowed is 14. There are currently 2 archive configurations saved. The next archive file will be named flash:/archive/-2 Archive # Name 1 flash:/archive/-0 2 flash:/archive/-1 <- Most Recent 3 4 5 6 7 8 9 10 11 12 13 14
show archive config differences command can be used to generate a Diff-style list of differences between any two files:
Demarc# show archive config differences flash:/archive/-0 flash:/archive/-1 Contextual Config Diffs: interface FastEthernet1 +ip address 192.0.2.1 255.255.255.0 interface FastEthernet1 -no ip address
(Note that the files are referenced here by their location in the flash: filesystem. Referencing them via the archive: filesystem doesn't seem to work; if anyone knows how to use it, please mention it in the comments.)
more command can be used to view any individual file in its entirety:
Demarc# more flash:/archive/-0 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Demarc ...
Now let's assume we want to revert to the prior configuration. All we need to do is issue the
config replace command referencing the file we want to revert to:
Demarc# configure replace flash:/archive/-0 This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file, which is assumed to be a complete configuration, not a partial configuration. Enter Y if you are sure you want to proceed. ? [no]: y Total number of passes: 1 Rollback Done Demarc# show run interface f1 Building configuration... Current configuration : 71 bytes ! interface FastEthernet1 no ip address duplex auto speed auto end
Another handy feature of the configuration archive is its ability to log individual configuration commands entered by users. This feature is enabled with
log config under archive configuration:
Demarc(config)# archive Demarc(config-archive)# log config Demarc(config-archive-log-cfg)# ? commands for controlling config logging: default Set a command to its defaults exit Exit from the log config submode hidekeys suppress output (e.g. passwords) when displaying logged commands logging Modify config logging parameters no Negate a command or set its defaults notify Send logged commands to target applications record What to record in the config logger Demarc(config-archive-log-cfg)# logging enable Demarc(config-archive-log-cfg)# logging size 500 Demarc(config-archive-log-cfg)# hidekeys
The log has been configured to record the last 500 configuration commands. The
hidekeys command censors passwords and other sensitive information.
The log can be viewed with the
show archive log config command. We can see that it has started recording commands as soon as logging was enabled (including that command itself):
Demarc# show archive log config all idx sess user@line Logged command 1 1 stretch@vty0 | logging enable 2 1 stretch@vty0 | logging size 500 3 1 stretch@vty0 | hidekeys
Finally, we save our running configuration to start-up and commit it to the archive once more:
Demarc# wr Building configuration... [OK] Demarc# archive config Demarc# show archive The maximum archive configurations allowed is 14. There are currently 3 archive configurations saved. The next archive file will be named flash:/archive/-3 Archive # Name 1 flash:/archive/-0 2 flash:/archive/-1 3 flash:/archive/-2 <- Most Recent 4 5 6 7 8 9 10 11 12 13 14
Posted in Configuration Management
February 19, 2010 at 8:29 p.m. UTC
I change the path directive up a bit. I have an archive directory, but I want meaningful filenames so I can move the files around later.
archive path flash:/archive/routername-confg
This will give me files starting "routername-confg-1" so I can know which files are which.
February 19, 2010 at 8:35 p.m. UTC
I had an issue using this on my 3560. It was backing up blank files to my server, which I didn't realize until I needed the config. Never again!!!
(I'll probably try it again in a year or so)
February 20, 2010 at 11:26 a.m. UTC
Great post! Love those small commands/functions that ease our day-by--day tasks.
I'll put this with "line con 0 - logg sync" and many others.
Thank you for sharing.
February 20, 2010 at 5:48 p.m. UTC
Something to save you from needing two commands to sync both to startup-config and to archive:
router(config-archive)#? write-memory Enable automatic backup generation during write memory
Once the above line is entered into configuration, you can see that the config is archived when you write to startup-config.
router#write mem Building configuration... [OK] Writing rtrcfg-2 !!! router#
February 21, 2010 at 2:09 p.m. UTC
I really like the archive stuff to upload the configuration to TFTP. If the devices crashes, the configuration is still at some other place and most recent.
February 23, 2010 at 8:17 p.m. UTC
You can also set the path to your ftp server, assuming this is your home network and you have appropriately closed all windows and doors of your network.
February 23, 2010 at 11:09 p.m. UTC
Great article! Very useful whether you are storing these locally or on a TFTP server, the automation is great.
On my 3750, I don't receive the option to set the path to a local filesystem, only remote protocols. Anyone else seen this?
rtr001(config-archive)#path ? ftp: Write archive on ftp: file system http: Write archive on http: file system https: Write archive on https: file system rcp: Write archive on rcp: file system scp: Write archive on scp: file system tftp: Write archive on tftp: file system
February 26, 2010 at 10:03 p.m. UTC
One additional feature that I've found useful with this is the ability to compare the running-config and startup-configs using archive, so you can tell what changes have been made to the config since the last write (or even compare them to another config sitting on the flash):
C1841-PE#show archive config differences nvram:startup-config system:running-config Contextual Config Diffs: !No changes were found C1841-PE#conf t Enter configuration commands, one per line. End with CNTL/Z. C1841-PE(config)#hostname C1841-Provider C1841-Provider(config)#end C1841-Provider#show archive config differences nvram:startup-config system:running-config Contextual Config Diffs: +hostname C1841-Provider -hostname C1841-PE C1841-Provider#
September 10, 2013 at 2:10 a.m. UTC
Has anyone experienced any issue with the " maximum X" archive command?
What I notice happening is that at every reboot the device would reset this counter, clearing up the archive, but not removing the files from flash. Because of this behavior the files will keep accumulating in flash endlessly! (I have routers running on generators in remote areas and they reboot quite often)
This happened on various Cisco routers and switches that I tested with.
Anyone else has experienced this?