Several suggestions for backing up network configuration files

After the network administrator has spent a few days building up the enterprise network, if for some reason (such as large-scale power failure and the enterprise does not use UPS and other equipment ), the configurations stored in the flash memory will be lost. If the network administrator does not back up the configuration, you can imagine that the network administrator may regret it. Therefore, it is necessary to back up the network configuration file. I will take the Cisco router as an example to provide some suggestions for the backup job.

1. Related configurations must be saved before they can exist permanently

Generally, any modifications made to the vro configuration by the network administrator are initially stored in the Running-config configuration file. However, this file is saved in the flash memory of the router. That is to say, when the router is overloaded or powered off, the modified content will be lost. The previous work done by the network administrator is in vain. Therefore, I suggest that the network administrator back up the relevant configuration information by some means. For example, use the Copy Run Start command.

However, I need to note that I do not recommend you back up the configuration after it is adjusted. Because the new backup will overwrite the original configuration. In my opinion, after modifying the network configuration, make sure that the modification is correct and save the modification. In fact, this is similar to modifying the document. After modifying the document, if it is not saved, you can also use the return function to cancel the modification. On the contrary, if it is saved, the Undo function cannot be used. For this reason, the configuration file is saved only after the relevant configuration is confirmed.

Ii. verification before backup

Before backing up a backup file, I think the network administrator needs to verify the relevant content again. Although this step is optional, I suggest you do a good job. During the backup process, the latest configuration will overwrite the original configuration. Therefore, this verification mainly involves two files. One is the configuration file running in the current system (the name is generally running-config), and the other is startup-config. As shown in, you can use the show command (sh) to view and verify the current configuration.

This command can display a lot of useful information, including the current version of the router and related configurations (such as IP addresses, enabled interfaces, and other useful information ). The network administrator can also use the command sh startup-config to query information in the startuo-config configuration file. When the vro configuration is changed (for example, the IP address is changed), the network administrator can use the copy run start command to save the modification to the startup-config file. The next time the vro restarts, it will start with the parameters in the startup-config configuration file. In this case, even if the router crashes or suddenly loses power, you do not have to worry about the loss of related configurations.

In practice, such repeated verification may be troublesome. For convenience, the network administrator wants to directly overwrite the startup configuration file with the current configuration file. In this case, you need to confirm that the two files are the same. If it cannot be confirmed, run the following command.

In this form (enter the file name directly after the copy command), you can ensure that the files are the same. This helps verify that two files are identical without manual verification.

3. Back up the configuration file outside the vro

Note that both the startup-config file and the running-config file are stored in the vro. Only the former is stored in NVRAM (information will not be lost after power failure or restart), while the latter is stored in DRAM (data will be lost after power failure or heavy load ). In this case, if the router fails and cannot be restarted, the configuration file will still be lost. Therefore, when backing up the configuration file, you also need to back up it remotely.

In fact, this is similar to the configuration of servers such as databases. To improve data security, you need to remotely back up data elsewhere. Although this is a waste of resources, this investment is worthwhile in terms of data security. In Cisco's network environment, a common method is to create a TFTP server on another host. Then, run the command to upload the configuration file to the TFTP server for backup. The commands used here are copy running-config tftp and copy startup-config tftp.

In this operation, I think you need to pay attention to the following details.

First, how do I name a file after it is copied? In the above command, we can see that the name of the file not specifically specified to be copied to the TFTP server. Generally, when copying a file, we use the format of the target file name of the copy source file name. If the target file name is omitted, the source file name is used by default. However, this rule does not work on Cisco routers. When the above command is used to copy a file, the system automatically names the target file. Generally, if the network administrator has set a name for a vro, the command automatically uses the parameter after-config as the file name. This design makes sense. Because there may be more than one vro in the enterprise network. If you have three vrouters and you need to back up the configuration files on the TFTP, a conflict may occur. If you want to set the vro to start with the configuration file on the TFTP server, the vro will find the corresponding configuration file based on its own name. Therefore, I think this rule is very reasonable. The network administrator needs to pay attention to this rule in actual work. This helps them maintain these configuration files.

Second, you should note that although you can directly back up the run-config file to the TFTP server, I do not recommend this. Generally, the run-config file is saved to the start-config file and then saved to the TFTP server. By default, the vro is started using the start-config configuration file. If the network administrator directly saves the run-config file to the tftp server, a problem may occur. If the network administrator forgets to save the configuration to the start-config file (just save it on the TFTP server ). When the vro is reloaded next time, the content in the start-config configuration file is used. That is to say, all previous configurations are lost. For this reason, we recommend that you back up the configuration file in this order.

4. Other Details

First, pay attention to the security of the TFTP server itself. The TFTP server adopts a simple text transfer protocol. Specifically, it does not have any security mechanisms and can be accessed without any user name or password. Although the access is convenient, it is obvious that there are many security risks. Therefore, the network administrator must take some measures to improve the security of the TFTP server. For example, you can back up the configuration files on the TFTP server.

Second, if there are many routers in the Enterprise, you can use the TFTP server to simplify management. For example, an enterprise now has 10 Internal routers. If you need to upgrade the IOS software and related configurations, you need to complete it on one platform. Obviously, this workload is a little heavy. In this case, you can use the TFTP server to simplify the workflow. That is, when the vro is started, it is started from the TFTP server. In this case, you only need to upgrade the content on the TFTP server to complete the upgrade action for the entire network environment.

Third, I need to emphasize again the differences between the configuration files on the run-config, start-config, and TFTP servers. In fact, these configuration files are like Word documents. When you start editing a Word document, the modified content is saved in the memory. If it is not saved in time (equivalent to not running the copy startup-config command), the changes will be lost after the restart. You can only change the configuration after running the Save command to save it to a physical file on the hard disk. Saving the configuration file to the TFTP server is equivalent to saving the Word document as a command. However, when you change a file and use the Save As function before saving it, the related configuration will not be saved to the local configuration file. If you open a local file next time, the network administrator will find that the original configuration is not saved. This requires special attention during remote backup. This is also the reason why I have repeatedly stressed backup in order. Save the configuration to the local startup-config file, and then back up the configuration to the TFTP server.