How to Take Backup of Cisco Configuration and IOS
The main task in Cisco Device maintenance is take the backup of its software. This tutorial is about How to Take Backup of Cisco Configuration and IOS. Device maintenance includes making sure that a backup copy of the
Cisco IOS configuration files and images is in a secure location in case the device memory is corrupted or deleted, either for malicious reasons or involuntary Maintenance also includes keeping the
IOS image up to date.
For taking backup of Cisco device you must have an understanding of its file system and different types of storage. Following are the file systems and different memory storage:
- Router file systems
- Switch File Systems
- Creating backup copies and restoring using text files
- Creating backup copies and restoring TFTP
- Using USB ports on a Cisco router
- Backup and restore creation via USB
- Password Recovery
- Cisco IOS system files
- IOS image management
- TFTP servers as backup location
- Backup IOS images on a TFTP server
- Copy an IOS image to a device
- The boot system command
Router file systems
The Cisco IOS file system (IFS) allows the administrator to browse through different directories, list the files in one of them and create subdirectories in flash memory or on a disk. The directories available depend on the device.
Image 1 shows the result of the show file systems command , which lists all the file systems available on a Cisco 1941 router. This command provides useful information, such as the amount of available and free memory, the type of file system and permissions. . Permissions include read only (ro), write only (wo) and read and write (rw), which are shown in the Flags column of the command result.
While several file systems are listed, we will focus on the TFTP, flash and NVRAM file systems.
THE FLASH FILE SYSTEM
Image 2 shows the output of the dir (directory) command . Since flash is the default file system, the dir command lists the flash content. Several files are located in flash memory, but the one of most interest specifically is the last one on the list is the name of the current Cisco IOS image file that runs in RAM.
THE NVRAM FILE SYSTEM
To view the contents of NVRAM memory, you must change the current default file system with the cd (change directory) command , as shown in Image 3. The pwd (current working directory) command verifies that we are viewing the directory NVRAM Finally, the dir command includes the content of NVRAM in a list. While several configuration files are listed, the one of particular interest is the startup configuration file.
Switch File Systems
With the Cisco 2960 switch flash file system, you can copy the configuration files and archive (upload and download) software images.
The command to view file systems on a Catalyst switch is the same as the one used on Cisco routers: show file systems , as shown in the illustration.
Creating backup copies and restoring using text files
Configuration files can be saved or archived in a text file using Tera Term.
As shown in the figure, the steps are:
- Step 1: On the File menu, click Log .
- Step 2 . Choose the location to save the file. Tera Term will start capturing text.
- Step 3. Once the capture begins, execute the show running-config or show startup-config command on the privileged EXEC entry request. The text that appears in the terminal window will go to the chosen file.
- Step 4 . When the capture is complete, select Close in the Log window of TeraTerm.
- Step 5 . Look at the file to verify that it is not damaged.
RESTORING TEXT SETTINGS
A configuration can be copied from a file to a device. When copied from a text file and pasted into a terminal window, the IOS executes each line of the configuration text as if it were a command. This means that the file will need editing to ensure that the encrypted passwords are in the form of text and that IOS messages and non-command text, such as “–More–“, are deleted. This process is analyzed in laboratory practice.
In turn, in the CLI, the device must be set to the global configuration mode to receive the commands from the text file that are pasted into the terminal window.
When Tera Term is used, the steps are as follows:
- Step 1: On the File menu, click Send to send the file.
- Step 2 . Locate the file you should copy on the device and click Open .
- Step 3. Tera Term will paste the file into the device.
The text in the file will be applied as commands in the CLI and will become the configuration running on the device. This is a convenient method to manually configure a router.
Creating backup copies and restoring TFTP
Copies of the configuration files should be stored as backup files in case of a problem. The configuration files can be stored on a trivial file transfer protocol (TFTP) server or on a USB drive. A configuration file should also be included in the network documentation.
To save the running configuration or startup configuration on a TFTP server, use the copy running-config tftp or copy startup-config tftp command , as shown below:
R1 # copy running-config tftp
Remote host []? 192.168.10.254
Name of the configuration file to write [R1-config]? R1-Jan-2017
Write file R1-Jan-2017 to 192.168.10.254? [confirm]
Writing R1-Jan-2017 !!!!!! [OKAY]
Follow these steps to back up the running configuration on a TFTP server:
- Step 1: Enter the copy running-config tftp command .
- Step 2 . Enter the IP address of the host where the configuration file will be stored.
- Step 3. Enter the name to be assigned to the configuration file.
- Step 4 . Press Enter to confirm each choice.
RESTORE CONFIGURATIONS VIA TFTP
To restore the running configuration or startup configuration from a TFTP server, use the copy tftp running-config or copy tftp startup-config command . Follow these steps to restore the running configuration from a TFTP server:
- Step 1: Enter the copy tftp running-config command .
- Step 2 . Enter the IP address of the host where the configuration file is stored.
- Step 3. Enter the name to be assigned to the configuration file.
- Step 4 . Press Enter to confirm each choice.
Using USB ports on a Cisco router
The USB flash feature provides optional secondary storage capacity and an additional boot device. Images, settings and other files can be copied to Cisco USB flash memory and from it with the same reliability with which files are stored and retrieved with a Compact Flash card. In addition, modular integrated service routers can boot with any image of Cisco IOS software stored in USB flash memory. Ideally, the USB flash memory can contain multiple copies of the Cisco IOS configurations and several router configurations.
Use the dir command to view the contents of the USB flash drive, as shown in the figure.
Router # dir usbflash0:
Directory of usbflash0: /
1 -rw- 30125020 Dec 22 2032 05:31:32 +00: 00
c3825-entservicesk9-mz.123-14.T
63158272 bytes total (33033216 bytes free)
Backup and restore creation via USB
When making backup copies on a USB port, it is recommended to issue the show file systems command to verify that the USB drive is present and confirm the name, as shown in Image 7.
Then use the copy run usbflash0: / command to copy the configuration file to the USB flash drive. Be sure to use the name of the flash drive as indicated in the file system. The bar is optional, but indicates the root directory of the USB flash drive.
The IOS will request the file name. If the file already exists on the USB flash drive, the router will request the overwrite confirmation, as seen below:
R1 # copy running-config usbflash0:
Destination filename [running-config]? R1-Config
5024 bytes copied in 0.736 secs (6826 bytes / sec)
R1 # copy running-config usbflash0:
Destination filename [running-config]? R1-Config
% Warning: There is a file already existing with this name
Do you want to over write? [confirm]
5024 bytes copied in 1,796 secs (2797 bytes / sec)
Use the dir command to view the file on the USB drive, and the more command to view the content, as shown in Image 8.
RESTORE SETTINGS USING A USB FLASH DRIVE
To copy the file again, it will be necessary to edit the R1-Config file of the USB drive with a text editor. If we assume that the file name is R1-Config , use the copy usbflash0: / R1-Config boot-configuration command to restore a running configuration.
Password Recovery
Device passwords are used to prevent unauthorized access. Encrypted passwords, such as passwords generated by enable secret, must be replaced after recovery. According to the device, the detailed procedure for password recovery varies; However, all password recovery procedures follow the same principle:
- Step 1 : Enter ROMMON mode.
- Step 2 . Change the configuration log to 0x2142 to ignore the startup configuration file.
- Step 3. Make the necessary changes to the original startup configuration file.
- Step 4 : Save the new configuration.
For password recovery, access to the device console through a terminal or terminal emulator software on a PC is required. The terminal configurations to access the device are:
- 9600 baud rates
- No parity
- 8 bits of data
- 1 stop bit
- No flow control
With access to the console, the user can access the ROMMON mode by an interruption sequence during the boot process or by removing the external flash memory when the device is turned off.
Cisco ROMMON Mode
Cisco ROMMON Mode supports some basic commands, such as confreg . The confreg 0x2142 command allows the user to define the configuration register at 0x2142. With the configuration register at 0x2142, the device will ignore the startup configuration file during startup. The startup configuration file is where forgotten passwords are stored. After setting the configuration log to 0x2142, type reset in the input request to restart the device. Enter the interrupt sequence while the device is restarting and decompressing the IOS. Below is the terminal output of a 1941 router in ROMMON mode after using an interrupt sequence during the boot process.
Readonly ROMMON initialized
monitor: command "boot" aborted due to user interrupt
rommon 1> confreg 0x2142
rommon 2> reset
System Bootstrap, Version 15.0 (1st) M9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.
<the result was omitted>
When the device has finished recharging, copy the boot configuration to the running configuration:
# Copy startup-config running-config router
Destination filename [running-config]?
1450 bytes copied in 0.156 secs (9295 bytes / sec)
Router # conf t
Enter configuration commands, one per line. End with CNTL / Z.
Router (config) # enable secret cisco
Router (config) # config-register 0x2102
Router (config) # end
Router # copy running-config startup-config
Destination filename [startup-config]?
Building configuration ...
[OKAY]
# Reload router
Since you are in
privileged EXEC mode, you can now configure all necessary passwords. Once the new passwords are configured, change the configuration register back to 0x2102 with the config-register 0x2102 command in global configuration mode. Save running-config in startup-config and reload the device.
The device now uses the newly configured authentication passwords. Remember to use the show commands to verify that all settings are still valid. For example, verify that the appropriate interfaces are not turned off after recovering the password.
Cisco IOS system files
The Cisco second generation integrated service router series (ISR G2) 1900, 2900 and 3900 support services on demand through the use of software licenses. The Services on demand process allows customers to achieve operational savings through ease of ordering and software management. When an order for a new Cisco G2 ISR platform is placed, the router ships with a unique and universal image of Cisco IOS software, and a license is used to enable specific feature set packages.
There are two types of universal images supported in ISR G2:
- Universal images with the designation "universalk9" in the name of the image - This universal image offers all the features of Cisco IOS software, including strong payload cryptography features such as IPsec VPN, SSL VPN and Secure Unified Communications.
- Universal images with the designation “universalk9_npe” in the name of the image - The strong imposition of encryption capabilities provided by Cisco Software Activation satisfies the requirements for the export of encryption functionalities. However, some countries have import requirements that require that the platform does not support any secure cryptography functionality, such as content cryptography. To satisfy the import requirements of these countries, the universal image npe does not support any encryption of secure content.
IOS IMAGE FILE NAMES
When selecting or updating a router with Cisco IOS, it is important to choose the appropriate IOS image with the correct feature set and version. The Cisco IOS image file is based on a special naming convention and contains several parts, each with a specific meaning.
As shown below, the show flash command shows files stored in flash memory, including system image files.
R1 # show flash0:
- # - --length-- ----- date / time ------ path
8 68831808 Apr 2 2013 21:29:58 +00: 00 c1900-
universalk9-mz.SPA.152-4.M3.bin
182394880 bytes available (74092544 bytes used)
- Image name (c1900): Identifies the platform on which the image is executed. In this example, the platform is a Cisco 1900 router.
- universalk9: specifies the designation of the image. The two designations for an ISR G2 are universalk9 and universalk9_npe. Universalk9_npe does not contain secure encryption and is intended for countries with encryption restrictions. Features are controlled by licenses and can be divided into four technology packages. These are IP Base, Security, Unified Communications and Data.
- mz: Indicates where the image is executed and if the file is compressed. In this example, mz indicates that the file is running from RAM and that it is compressed.
- SPA: indicates that the file is digitally signed by Cisco.
- 152-4.M3: Specifies the format of the file name for image 15.2 (4) M3. This is the IOS version, which includes the numbers of the main version, the secondary version, the maintenance version and the maintenance collection. The M indicates that it is an extended maintenance version.
- bin: The file extension. This extension indicates that this file is a binary executable file.
LOCATION AND FORMAT
The most common designation for memory location and compression format is mz. The first letter indicates the location where the image is executed on the router. The locations may include the following:
- F: flash
- m: RAM
- r: ROM
- l: Relocatable
The compression format can be z for zip ox for mzip. File compression is a method that Cisco uses to compress some images executed from RAM that is effective in reducing image size. It decompresses itself, so that when the image is loaded into RAM to run, the first action is decompression.
Cisco IOS image management
TFTP servers as backup location
As a network grows, the Cisco IOS software configuration images and files can be stored on a central TFTP server. This helps control the amount of IOS images and revisions to those IOS images, as well as the configuration files that must be maintained.
Production internetworks usually cover large areas and contain several routers. For a network, it is advisable to keep a backup copy of the Cisco IOS software image in case the system image on the router is corrupted or accidentally deleted.
Widely distributed routers need a source or backup location for Cisco IOS software images. Using a network TFTP server allows you to upload and download images and settings over the network. The TFTP server on the network can be another router, a workstation or a host system.
Backup IOS images on a TFTP server
To maintain network operations with minimal downtime, it is necessary to implement procedures to back up Cisco IOS images. This allows the network administrator to quickly copy an image to a router in case the image is damaged or deleted.
In Image 12, the network administrator wishes to back up the current image file on the router (c1900-universalk9-mz.SPA.152-4.M3.bin) on the TFTP server at 172.16.1.100.
To back up the Cisco IOS image on a TFTP server, follow these three steps:
- Step 1 : Ensure that there is access to the network TFTP server. Ping the TFTP server to test connectivity, as shown:
R1 # ping 172.16.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
seconds: !!!!!
Success rate is 100 percent (5/5),
bround-trip min / avg / max = 56/56/56 ms
- Step 2 : Verify that the TFTP server has enough disk space to support the Cisco IOS software image. Use the show flash0: command on the router to determine the size of the Cisco IOS image file. The sample file is 68831808 bytes in length.
R1 # show flash0:
- # - --length-- ----- date / time ------ path
8 68831808 Apr 2 2013 21:29:58 +00: 00
c1900-universalk9-mz.SPA.152-4.M3.bin
- Step 3 : Copy the image to the TFTP server with the copy url-source url-destination command:
R1 # copy flash0: tftp:
Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
Address or name of remote host []? 172.16.1.100
Destination filename [c1900-universalk9-mz.SPA.152-4.M3.bin]?
Writing c1900-universalk9-mz.SPA.152-4.M3.bin ...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
68831808 bytes copied in 363,468 secs (269058 bytes / sec)
After issuing the command using the specified source and destination URLs, the user is requested to enter the name of the source file, the IP address of the remote host and the name of the destination file. Then the transfer starts.
Copy an IOS image to a device
Cisco systematically releases new versions of Cisco IOS software to resolve warnings and provide new features. In this example, IPv6 is used for transfer, to show that TFTP can also be used over IPv6 networks.
Image 13 illustrates how to copy an image of Cisco IOS software from a TFTP server. A new image file (c1900-universalk9-mz.SPA.152-4.M3.bin) will be copied from the TFTP server in 2001: DB8: CAFE: 100 :: 99 to the router.
Follow these steps to update the software on the Cisco router:
- Step 1: Select a Cisco IOS image file that meets the requirements in terms of platform, features and software. Download the file from cisco.com and transfer it to the TFTP server.
- Step 2: Verify connectivity to the TFTP server. Ping the TFTP server from the router:
R1 # ping 2001: DB8: COFFEE: 100 :: 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001: DB8: CAFE: 100 :: 99,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min / avg / max = 56/56/56 ms
- Step 3: Make sure there is enough space in the flash memory on the router that is updated. You can check the amount of available flash memory using the show flash0: command . Compare the available space in flash memory with the size of the new image file. In the example, the available space in flash memory is 182,394,880 bytes.
R1 # show flash0:
- # - --length-- ----- date / time ------ path
182394880 bytes available (74092544 bytes used)
- Step 4: Copy the IOS image file from the TFTP server to the router with the copy command . After issuing this command with the specified destination and source URLs, the user will be asked to enter the IP address of the remote host, the name of the source file and the name of the destination file. File transfer will start.
R1 # copy tftp: flash0:
Address or name of remote host []? 2001: DB8: CAFE: 100 :: 99
Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
Destination filename []?
c1900-universalk9-mz.SPA.152-4.M3.bin
Accessing tftp: // 2001: DB8: CAFE: 100 :: 99 / c1900-universalk9-
mz.SPA.152-4.M3.bin ...
Loading c1900-universalk9-mz.SPA.152-4.M3.bin
from 2001: DB8: CAFE: 100 :: 99 (via
GigabitEthernet0 / 0): !!!!!!!!!!!!!!!!!!!!
[OK - 68831808 bytes]
68831808 bytes copied in 368.128 secs (265652 bytes / sec)
The boot system command
To update the copied IOS image after saving the image in the router's flash memory, configure the router to load the new image during startup; To do this, use the boot system command . Save the configuration. Reload the router to boot with the new image. Once the router is started, use the show version command to confirm that the new image has been loaded.
R1 # configure terminal
R1 (config) # boot system
flash0: //c1900-universalk9-mz.SPA.152-4.M3.bin
R1 (config) # exit
R1 # copy running-config startup-config
R1 # reload
R1 # show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M),
Version 15.2 (4) M3 , RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 26-Feb-13 02:11 by prod_rel_team
ROM: System Bootstrap, Version 15.0 (1st) M15, RELEASE SOFTWARE
(fc1)
R1 uptime is 1 hour, 2 minutes
System returned to ROM by power-on
System image file is "flash0:
c1900-universalk9-mz.SPA.152-4.M3.bin "
During boot, the bootstrap code analyzes the boot configuration file in the NVRAM to detect boot system commands that specify the name and location of the Cisco IOS software image to load. Several boot system commands can be entered sequentially to provide a boot plan that has fault tolerance.
If there are no boot system commands in the configuration, by default, the router loads and runs the first valid Cisco IOS image in flash memory.
