Scheduled Cisco router backup to WebDAV

All know how important to have fresh copy of device configuration

3 min read
By prox

All know how important to have fresh copy of device configuration. Especially if device is suddenly bricked or configuration is corrupted and you need to replace it with another device in short amount of time. We will talk about automatic configuration backup for Cisco routers and switches.

My example will include configuration for Apache 2 web-server and Cisco 800 series router.
To configure automatic backup of your Cisco routers and switches simply follow these steps:

  • configure Apache 2 web-server
  • set-up WebDAV service
  • configure router for scheduled backup
  • check backup creation

Configure Apache 2 web-server

I will pass this section, as web-server configuration is a personal thing. For testing purposes default settings is enough.

Set-up WebDAV service

First of all, check if you have enabled WebDAV modules. You can check that by looking into /etc/apache2/mods-enabled directory. If you have there sybmolic links @dav.load and @dav_fs.load then you're good. Otherwise enable these modules running this commands:

sudo a2enmod dav
sudo a2enmod dav_fs

Create authentication file with user secrets, that will be used to authenticate routers on WebDAV. Create directory where auth file will be located:

mkdir -p /usr/www/apache
cd /usr/www/apache
htpasswd -c wd_auth.users router_1

After last command you will be prompted for user password. If you willing to create multiple authentication records you can do that by simply typing htpasswd wd_auth.users router_x ammending -c as you already have auth file.

Choose where your WebDAV directory will be located. Devices configuration will be stored in that directory. Lets assume that you've created /usr/www/webdav directory. Go to /etc/apache2/sites-enabled and edit 000-default.conf. We will add WebDAV configuration in our default site. Append these lines in your <VirtualHost *:80> section:

	Alias /backup /usr/www/webdav
	<Directory /usr/www/webdav/>
		Options Indexes
		DAV on
		AuthType Basic
		AuthName "Apache WebDAV"
		AuthUserFile /usr/www/apache/wd_auth.users
		Require valid-user

Here we created alias /backup and directory section pointing to our WebDAV directory that also protected by auth records located in wd_auth.users file.

Configure router for scheduled backup

Here's sample configuration on router to perform scheduled backup:


ip http client username router_1
ip http client password <YOUR_PASS_HERE>
ip http client source-address Loopback0

kron policy-list kp-backup
	cli archive config

kron occurence ko-backup at 20:00 recurring
	policy-list kp-backup

Here is your host running Apache 2 with WebDAV. $h_$t - is a placeholder that will be automaticaly transformed to hostname of your router ($h) and current time ($t).
Notice: ip http client password stored in configuration as weak password 7 encryption.
Then we configured kron policy that will execute command archive config every day at 20:00. Also check that your router have correct time and it's synchronized with your organization's NTP servers or public NTP servers.

Check backup creation

To check if all works correctly, enter your router CLI and execute in enable-mode archive config. When router completes command, run show archive. You will see output similar to this:

c880-router#show archive
The maximum archive configurations allowed is 10.
The next archive file will be named
 Archive #  Name
   10 <- Most Recent

As you see, I have already multiple backups saved for this router and the most recent under number 10.

In case if something went wrong you will see here error message. If error occured, analyze your Apache 2 logs and router configuration.