Saving Router Configuration to Server

VoIP protocols functionalityIf you want to store a backup copy of your router’s configuration on a TFTP server we have a simple solution for you. This article will explain all the commands needed to save backup configuration of a device to TFTP server. All this for Cisco and also for Juniper device.

CISCO

You need to make regular backups of your router configuration files and keep copies in a safe place. If you have a serious failure that damages a router’s hardware or software, the configuration will be destroyed. And anybody who has had to reconstruct a complex router configuration file from memory will tell you how difficult and stressful this task is. But if you have a backup of the last working configuration file, you can usually get a router working again within minutes of fixing any hardware problems.

Typical Mean Time Between Failure (MTBF) estimates for Cisco routers tend to be about 16 years. This sounds like a long time, but in a large network it means that you can expect to see a few failures every year. Unfortunately, human error is far more common than a device failure, and these human errors can result in complete or partial loss of the configuration file.

In the example, we created an empty backup configuration file on the TFTP server and then instructed the router to send its running configuration to this server. It is important to adjust the file permissions with the Unix chmodcommand. The transfer will fail if the configuration file is not world writable. Move the configuration files out of the TFTP directory to ensure that the file isn’t read by unauthorized people or accidentally overwritten.

Reading files located in the TFTP directory is trivial because the TFTP program needs this directory to be both world readable and world writable. In this example, we are able to access the TFTP server and read a router configuration file from another router:

Rcis#more tftp://143.23.2.1/Rcisco-confg
 !
 ! Last configuration change at 01:23:59 IST Sat Jan 11 2011 by admin
 ! NVRAM config last updated at 00:37:16 IST Sat Jan 11 2011 by admin
 !
 Version 12.2
 service tcp-keepalives-in
 service timestamps debug datetime msec
 service timestamps log datetime localtime
 service password-encryption
 !
 hostname Rcis
.......
 <removed for brevity>

As you can see, any files left in the TFTP directory can be easily viewed or even deliberately corrupted.

JUNOS

Use the first command from operational mode to copy the currently running version of the configuration to a server. The next two commands are configuration mode commands that save the candidate configuration either to a server or to your home directory on the router. If you use the save command after committing the configuration, you are effectively backing up the running configuration. The save command saves the configuration starting at your current hierarchy level. In this recipe, the commands are issued from the top hierarchy level (the [edit] level), so the entire configuration is saved. If you issue the command from a lower level, only that portion of the configuration is saved. The following command saves only the BGP configuration:

            [edit protocols bgp]
 lenovo@Rjuni# save  config-bgp-march11
 Wrote 15 lines of configuration to 'confi-bgp-march11'

Verify the contents using show command:

            [edit protocols bgp]
 lenovo@Rjuni# run file show  config-bgp-march11
 protocols {
 replace:
 bgp {
 export send-statics;
 group internal {
 type internal;
 local-address 10.0.0.11;
 neighbor 10.0.0.21;
 neighbor 10.0.0.31;
 neighbor 10.0.0.51;
 neighbor 10.0.0.41;
 neighbor 10.0.0.61;
 }
 }
 }

Notice that the CLI inserts the replace: tag into the file. If you later load this file into the configuration with the load replace config-bgp-march11 command, the CLI replaces the entire [edit protocols bgp] portion of the configuration with the contents of the file you are loading.

The last command in this recipe automatically transfers the configuration file each time you commit the configuration, in this case saving all files in the server’s directory m11-config-archives. The file is saved in a compressed ( .gz) format with a name that includes the router name and the date and time of the commit operation, as in this example:

r1_juniper.conf.gz_20110122_190538

The numbers at the end of the filename are the date (22 Jan 2011) and the time (1905 hours, or 7:05 p.m., and 38 seconds). Time is always in UTC, even if your router is set to run local time. A variation is to use the set archival command to save the configuration at specific time intervalshere, every 1,440 minutes (24 hours):

            [edit system]
 lenovo@rjuni# set archival configuration transfer-interval  1440
 lenovo@rjuni# set archival configuration archive-sites  ftp://lenovo:password@server1.
 myrouter.com:/m20-config-archives 
Interval time ranges from 15 minutes up to 2,880 minutes (48 hours).

One disadvantage of the set archival command is that the password is not encrypted in the configuration file but is shown in ASCII (clear text).

The JUNOS software also saves a copy of a configuration each time you activate it with any version of the commit command. The JUNOS software saves the last 50 versions of the configuration: the currently active configuration and the last 49 committed ones. The active (currently running) configuration (juniper.conf.gz) and the three most recent previous configurations (juniper.conf.1.gz, juniper.conf.2.gz, and juniper.conf.3.gz) are in the /config directory, which is on the router’s flash disk. Because space is limited on the flash disk, the files are stored in a compressed format (.gz).

            lenovo@rjuni> file list /config
 /config:
 juniper.conf.1.gz
 juniper.conf.2.gz
 juniper.conf.3.gz
 juniper.conf.gz
 license/
 rescue.conf.gz

The remaining configurations named juniper.conf.4.gz through juniper.conf.49.gz are in the /var/db/config directory on the router’s hard disk.

These files are also compressed.

            lenovo@rjuni> file list /var/db/config
 /var/db/config:
 juniper.conf++
 juniper.conf.10.gz
 juniper.conf.11.gz
 juniper.conf.12.gz
 juniper.conf.13.gz
 juniper.conf.14.gz
 juniper.conf.15.gz
 …
 juniper.conf.49.gz
 juniper.conf.5.gz
 juniper.conf.6.gz
 juniper.conf.7.gz
 juniper.conf.8.gz
 juniper.conf.9.gz

Each time you commit a configuration, that configuration is named juniper.conf.gz, the existing juniper.conf.gz file is renamed juniper.conf.1.gz, and all the remaining numbered configurations from before are renumbered. This means that the JUNOS backup configuration files are continually renamed. This behavior points out one advantage of using the save command: it allows you to store the configuration in a file with a fixed name.

A publicly available software tool for archiving and monitoring router hardware and software configuration is RANCID (http://www.shurbbery.net/rancid). You can also use this tool to track configuration changes.

CISCO

This example shows how to use TFTP to upload a copy of the router’s active configuration to a remote server:

Freebsd% touch /tftpboot/Rcisco-confg
 Freebsd% chmod 666 /tftpboot/Rcisco-confg
 Freebsd% telnet Rcisco
 Trying 143.23.2.5...
 Connected to Rcisco.
 Escape character is '^]'.
User Access Verification
Password: <vtypassword>
Rcisco>enable
 Password: <enablepassword>
 Rcisco#copy running-config tftp://143.23.2.1/rcisco-confg
 Address or name of remote host [143.23.2.1]? <enter>
 Destination filename [rcisco-confg]? <enter>
 !!!
 bytes copied in 3.956 secs (2437 bytes/sec)
 Rcisco#

JUNOS

You can use the following command to copy the active configuration file to a server:

            lenovo@rjuni> file copy /config/juniper.conf.gz  server1:/homes/lenovo/tmp
 lenovo@server1's password:
 juniper.conf.gz               100% 2127       2.1KB/s       00:00

From configuration mode, use the save command to copy the candidate configuration to your home directory on a server:

            [edit]
 lenovo@rjuni# save server1:configuration-jan11
 lenovo@server1's password:
 tempfile                      100%    11KB    11.2KB/s      00:00
 Wrote 433 lines of configuration to 'server1:configuration-jan11'

You can also save it to a file in your home directory on the router:

            [edit]
 lenovo@rjuni# save  configuration-jan11
 Wrote 433 lines of configuration to 'configuration-jan11'
 lenovo@rjuni# run file list
 /var/home/lenovo:
 .ssh/
 configuration-jan11

Another way to back up configuration files is to automatically transfer the file each time you commit the configuration:

            [edit system]
 lenovo@rjuni# set archival configuration transfer-on-commit
 lenovo@rjuni# set archival configuration archive-sites ftp: //lenovo:password@server1.
 myrouter.com:/m11-config-archives