How to select a proper location to store the switch configuration file (1)

The configuration file is the core of Cisco network devices. The configuration file is like the Registry file of the operating system. If the registry is damaged or the configuration is inaccurate, the operating system cannot be started or run stably. If the vswitch is used. If an error occurs in the configuration file, the switch and other network devices will not work properly. In this article, I will talk about how to manage the vswitch configuration file to eliminate some security risks related to the configuration file to maximize the security of the configuration file.

I. Location of the configuration file

As shown in, the configuration file of the Cisco switch is usually stored in three locations, namely RAM (switch memory, which will be lost after power failure) NVRAM (another kind of memory inside the switch, non-volatile random access memory), TFTP server. These three locations can be used to store the switch configuration files, but their functions are different. Before talking about their specific differences, I think it is necessary for the network administrator, especially the technical staff of the just basic Cisco network equipment, to understand two basic concepts: startup configuration and running configuration. The STARTUP configuration, as the name implies, is the configuration of the switch during the startup process, that is, the Initialization Configuration. The running configuration is the configuration of the switch during operation. For example, some so-called dynamic parameters can be directly modified during the switch operation. After understanding these two concepts, it is easier to understand the above.

When the switch is started, it reads the initial configuration file of the switch from NVRAM (non-volatile random access memory. Use the content specified in this initial configuration file to initialize the vswitch. Note that the configuration files in the RAM memory will be lost after the power-off, so there is no content in RAM before the switch starts. During the startup process, the switch RAM reads the configuration file from NVRAM, generates a copy of the configuration file in its own RAM, and then uses the content in the copy for initialization. That is to say, before initialization, the switch will first copy the configuration file from NVRAM to its own RAM. Instead of initializing through the configuration file in NVRAM. In this case, we can regard the configuration file in NVRAM as the startup configuration file. The configuration file in RAM is regarded as a running configuration file.

Note that the startup configuration file is generally the same as the running configuration file. However, if you change the vswitch configuration file during startup, the startup configuration file may be different from the running configuration file. In fact, this is similar to the database initialization parameters. Database parameters include dynamic parameters and static parameters. Dynamic parameters can be changed in the database running status. However, the database design is better than Cisco's IOS design. It can be controlled to change the content in the memory when changing the dynamic parameters (equivalent to the switch operation configuration file) or change the content in the memory and the initialization parameter file (equivalent to the startup configuration file of the switch) at the same time ). When changing some dynamic parameters, a vswitch only saves the changed content to RAM. However, after a power failure, the RAM will be lost after the switch is restarted. That is to say, the IOS system of the switch will use the startup configuration file again to initialize the next time the switch is restarted. However, the last modification is not saved in the startup configuration file, so the last update will be lost. The network administrator may need to reconfigure it. Obviously, this is what the network administrator does not want to see.