All know how important to have fresh copy of device configuration. Especially if device is suddenly bricked or configuration is corrupted and you need to replace it with another device in short amount of time. We will talk about automatic configuration backup for Cisco routers and switches.
My example will include configuration for Apache 2 web-server and Cisco 800 series router.
To configure automatic backup of your Cisco routers and switches simply follow these steps:
- configure Apache 2 web-server
- set-up WebDAV service
- configure router for scheduled backup
- check backup creation
Configure Apache 2 web-server
I will pass this section, as web-server configuration is a personal thing. For testing purposes default settings is enough.
Set-up WebDAV service
First of all, check if you have enabled WebDAV modules. You can check that by looking into /etc/apache2/mods-enabled directory. If you have there sybmolic links @dav.load and @dav_fs.load then you're good. Otherwise enable these modules running this commands:
sudo a2enmod dav
sudo a2enmod dav_fs
Create authentication file with user secrets, that will be used to authenticate routers on WebDAV. Create directory where auth file will be located:
mkdir -p /usr/www/apache
cd /usr/www/apache
htpasswd -c wd_auth.users router_1
After last command you will be prompted for user password. If you willing to create multiple authentication records you can do that by simply typing htpasswd wd_auth.users router_x ammending -c as you already have auth file.
Choose where your WebDAV directory will be located. Devices configuration will be stored in that directory. Lets assume that you've created /usr/www/webdav directory. Go to /etc/apache2/sites-enabled and edit 000-default.conf. We will add WebDAV configuration in our default site. Append these lines in your <VirtualHost *:80> section:
Alias /backup /usr/www/webdav
<Directory /usr/www/webdav/>
Options Indexes
DAV on
AuthType Basic
AuthName "Apache WebDAV"
AuthUserFile /usr/www/apache/wd_auth.users
Require valid-user
</Directory>
Here we created alias /backup and directory section pointing to our WebDAV directory that also protected by auth records located in wd_auth.users file.
Configure router for scheduled backup
Here's sample configuration on router to perform scheduled backup:
archive
path http://1.2.3.4/backup/$h_$t
ip http client username router_1
ip http client password <YOUR_PASS_HERE>
ip http client source-address Loopback0
kron policy-list kp-backup
cli archive config
kron occurence ko-backup at 20:00 recurring
policy-list kp-backup
Here 1.2.3.4 is your host running Apache 2 with WebDAV. $h_$t - is a placeholder that will be automaticaly transformed to hostname of your router ($h) and current time ($t).
Notice: ip http client password stored in configuration as weak password 7 encryption.
Then we configured kron policy that will execute command archive config every day at 20:00. Also check that your router have correct time and it's synchronized with your organization's NTP servers or public NTP servers.
Check backup creation
To check if all works correctly, enter your router CLI and execute in enable-mode archive config. When router completes command, run show archive. You will see output similar to this:
c880-router#show archive
The maximum archive configurations allowed is 10.
The next archive file will be named http://1.2.3.4/backup/c881-router_Aug-28-17-16-57-EET-44
Archive # Name
1 http://1.2.3.4/backup/c880-router_Aug-19-20-00-03-EET-34
2 http://1.2.3.4/backup/c880-router_Aug-20-20-00-03-EET-35
3 http://1.2.3.4/backup/c880-router_Aug-21-20-00-04-EET-36
4 http://1.2.3.4/backup/c880-router_Aug-22-20-00-03-EET-37
5 http://1.2.3.4/backup/c880-router_Aug-23-20-00-03-EET-38
6 http://1.2.3.4/backup/c880-router_Aug-24-20-00-04-EET-39
7 http://1.2.3.4/backup/c880-router_Aug-25-20-00-03-EET-40
8 http://1.2.3.4/backup/c880-router_Aug-26-20-00-04-EET-41
9 http://1.2.3.4/backup/c880-router_Aug-27-20-00-03-EET-42
10 http://1.2.3.4/backup/c880-router_Aug-28-17-16-55-EET-43 <- Most Recent
As you see, I have already multiple backups saved for this router and the most recent under number 10.
In case if something went wrong you will see here error message. If error occured, analyze your Apache 2 logs and router configuration.
