All know how important to have fresh copy of device configuration. Especially if device is suddenly bricked or configuration is corrupted and you need to replace it with another device in short amount of time. We will talk about automatic configuration backup for Cisco routers and switches.
My example will include configuration for Apache 2 web-server and Cisco 800 series router.
To configure automatic backup of your Cisco routers and switches simply follow these steps:
- configure Apache 2 web-server
- set-up WebDAV service
- configure router for scheduled backup
- check backup creation
Configure Apache 2 web-server
I will pass this section, as web-server configuration is a personal thing. For testing purposes default settings is enough.
Set-up WebDAV service
First of all, check if you have enabled WebDAV modules. You can check that by looking into
/etc/apache2/mods-enabled directory. If you have there sybmolic links
@dav_fs.load then you're good. Otherwise enable these modules running this commands:
sudo a2enmod dav sudo a2enmod dav_fs
Create authentication file with user secrets, that will be used to authenticate routers on WebDAV. Create directory where auth file will be located:
mkdir -p /usr/www/apache cd /usr/www/apache htpasswd -c wd_auth.users router_1
After last command you will be prompted for user password. If you willing to create multiple authentication records you can do that by simply typing
htpasswd wd_auth.users router_x ammending
-c as you already have auth file.
Choose where your WebDAV directory will be located. Devices configuration will be stored in that directory. Lets assume that you've created
/usr/www/webdav directory. Go to
/etc/apache2/sites-enabled and edit
000-default.conf. We will add WebDAV configuration in our default site. Append these lines in your
<VirtualHost *:80> section:
Alias /backup /usr/www/webdav <Directory /usr/www/webdav/> Options Indexes DAV on AuthType Basic AuthName "Apache WebDAV" AuthUserFile /usr/www/apache/wd_auth.users Require valid-user </Directory>
Here we created alias
/backup and directory section pointing to our WebDAV directory that also protected by auth records located in wd_auth.users file.
Configure router for scheduled backup
Here's sample configuration on router to perform scheduled backup:
archive path http://18.104.22.168/backup/$h_$t ip http client username router_1 ip http client password <YOUR_PASS_HERE> ip http client source-address Loopback0 kron policy-list kp-backup cli archive config kron occurence ko-backup at 20:00 recurring policy-list kp-backup
Here 22.214.171.124 is your host running Apache 2 with WebDAV. $h_$t - is a placeholder that will be automaticaly transformed to hostname of your router ($h) and current time ($t).
ip http client password stored in configuration as weak
password 7 encryption.
Then we configured kron policy that will execute command
archive config every day at 20:00. Also check that your router have correct time and it's synchronized with your organization's NTP servers or public NTP servers.
Check backup creation
To check if all works correctly, enter your router CLI and execute in enable-mode
archive config. When router completes command, run
show archive. You will see output similar to this:
c880-router#show archive The maximum archive configurations allowed is 10. The next archive file will be named http://126.96.36.199/backup/c881-router_Aug-28-17-16-57-EET-44 Archive # Name 1 http://188.8.131.52/backup/c880-router_Aug-19-20-00-03-EET-34 2 http://184.108.40.206/backup/c880-router_Aug-20-20-00-03-EET-35 3 http://220.127.116.11/backup/c880-router_Aug-21-20-00-04-EET-36 4 http://18.104.22.168/backup/c880-router_Aug-22-20-00-03-EET-37 5 http://22.214.171.124/backup/c880-router_Aug-23-20-00-03-EET-38 6 http://126.96.36.199/backup/c880-router_Aug-24-20-00-04-EET-39 7 http://188.8.131.52/backup/c880-router_Aug-25-20-00-03-EET-40 8 http://184.108.40.206/backup/c880-router_Aug-26-20-00-04-EET-41 9 http://220.127.116.11/backup/c880-router_Aug-27-20-00-03-EET-42 10 http://18.104.22.168/backup/c880-router_Aug-28-17-16-55-EET-43 <- Most Recent
As you see, I have already multiple backups saved for this router and the most recent under number 10.
In case if something went wrong you will see here error message. If error occured, analyze your Apache 2 logs and router configuration.