- How to Manage and Save Running Config on Cisco Devices
- Cisco Modes
- Basic CLI Commands
- Show
- Debug
- Hostname
- Where Configuration Files are Stored
- Copying, Erasing and Saving Running Config on Cisco Devices
- Rename a device
- Save running config on Cisco device
- Copy files
- Erase the contents of NVRAM
- Securing Login to Cisco Devices
- Initial Configuration of Cisco Devices
- Conclusion
- Cisco IOS: сохранение конфигурации
- Настройка оборудования
- Блог о модемах, роутерах и GPON терминалах Ростелеком
- Сохранение конфигурации Cisco
How to Manage and Save Running Config on Cisco Devices
The Cisco device stack uses the Internetwork operating system (IOS), which controls the device’s performance and behavior. The Cisco IOS defines an interface called the Command Line Interface (CLI), which enables administrators to enter commands into a terminal emulation program. The CLI can be accessed through three methods: the console, Telnet and Secure Shell (SSH).
Cisco Modes
Users can be logged in to a Cisco device using the following modes:
- Exec mode (user mode) — Allows the user to look around but not change anything. Accessing the CLI by any of the three methods logs the user into Exec
- Enable mode (privileged mode or privileged exec mode) — Allows the user to execute privileged commands, such as the reload command, which tells the switch to reboot the Cisco IOS. To enter this mode, the user runs the enable command mode.
- Global configurationmode — Allows users to enter nondisruptive commands and display some information. Unlike exec and enable mode, configuration mode accepts configuration commands — commands that tell the switch the details of what to do and how to do it. Commands entered in configuration mode update the active configuration file, but the actual changes in configuration take place only after the device reboots. To enter configuration mode, a user executes the configure terminal (conf t) command.
Configuration mode contains several sub-modes. One is interface configuration mode, which can be entered by running the interface FastEthernet 0/1 (int fa0/1) configuration command.
Basic CLI Commands
Show
The show command is one of the most helpful commands because you can find the status of almost every feature of the Cisco IOS. It reads the current configuration from the Cisco device’s RAM and lists the requested settings in the CLI. For example, the show version command displays information about the Cisco IOS version currently loaded on a device.
Debug
Like the show command, debug reveals information about the device’s settings. However, instead of just listing the current status, the debug command asks the device to continue monitoring different processes in it and send messages to the user when different events occur, showing the status of settings over time. As a result, the debug command takes more CPU cycles, but it lets you monitor what is happening in a switch in real time. In short, show is for reporting and debug is for monitoring.
Hostname
The hostname command assigns a network name to the Cisco device.
Use the ? command to get answers to your questions about other commands, such as their syntax and description.
Where Configuration Files are Stored
A Cisco device needs to use the configuration file to do its work. Cisco devices have random-access memory (RAM) to store data from the configuration file while Cisco IOS is using it, but the RAM loses its contents when the device loses power. In order to load all configuration data back after the device loses power, Cisco use several types of more permanent memory. The following list explains the four main types of memory found in Cisco switches or Cisco routers, as well as the most common use of each type:
- RAM — RAM is used by a Cisco device for working storage. The running configuration file is stored
- ROM — Read-only memory (ROM) stores a bootstrap program that is loaded when the switch first powers on. This program finds the full Cisco IOS image and loads it into RAM.
- Flash memory — This memory can be either inside the device or on a removable memory card. Flash memory stores fully functional Cisco IOS images and is the default location where the switch gets its Cisco IOS at boot time. Flash memory also can be used to store other files, including backup copies of configuration files.
- NVRAM — Nonvolatile RAM (NVRAM) stores the initial or startup configuration file that is used when the Cisco device is powered on or reloaded.
Copying, Erasing and Saving Running Config on Cisco Devices
To change the configuration of a Cisco device, you need to enter configure terminal mode and then use one or more of the following commands.
Rename a device
Use the command hostname newname to change the name of the device to the string you specify.
Save running config on Cisco device
Use the command copy running-config startup-config (copy run start) to overwrite the current startup config file with what is currently in the running configuration file.
Copy files
The copy command can be used to copy files on a Cisco device, such as a configuration file or a new version of the Cisco IOS. Files can be copied between RAM, NVRAM and a TFTP server. The syntax for the copy commands is as follows:
The first set of parameters in braces is the “from” location; the next set is the “to” location. When a file is copied into NVRAM or a TFTP server, the copy command always overwrites the existing destination file with the new file. However, when the copy command copies a configuration file into the running config file in RAM, the configuration file in RAM is not replaced; it is merged instead.
Erase the contents of NVRAM
You can use three different commands to erase NVRAM: write erase, erase startup-config and erase nvram. All of them erase the contents of the NVRAM configuration file, so if the device is then reloaded, there is no initial configuration and you have to begin initial device configuration.
Note that Cisco IOS does not have a command that erases the contents of the running configuration file. To clear out the running config file, simply erase the startup config file and then reload the device.
Securing Login to Cisco Devices
Cisco devices authenticate users as they log in, but the default configuration uses only simple password security and the enable password command defines the password for the current login. You can help protect enable mode by using the enable secret command instead. The older enable password command stores the password as clear text in the running configuration, and the only way to encrypt it is to use the weak service password-encryption command. The newer enable secret command automatically encodes the password using a Message Digest 5 (MD5) hash.
Initial Configuration of Cisco Devices
Cisco switches leave the factory with the following default settings:
- All interfaces are enabled.
- Auto-negotiation is enabled for ports that can use it (duplex auto and speed auto).
- All interfaces are a part of VLAN 1.
All you have to do with a new Cisco switch is make all the physical connections — Ethernet cables and a power cord — and it starts working.
- Enter VLAN 1 configuration mode using the interface vlan 1 global configuration command.
- Assign an IP address and mask using the ip addressip-address mask
- Enable the VLAN 1 interface using the no shutdown
- Add the default gateway with ip default-gateway
- Add the DNS server using the ip name-server command to resolve names into IP addresses.
After the initial configuration, you can look at the IP address and mask information using the show interface vlan x command, which shows detailed status information about the VLAN interface. If you use DHCP, use the show dhcp lease command to see the leased IP address.
You can see some of the details of the interface configuration using the show running-config command or the handy show interfaces status command, which lists each interface on a single line that shows the first part of the interface description and the speed and duplex settings.
The show port-security interface command lists the configuration settings for port security on an interface, along with several important facts about the current operation of port security, including information about any security violations. The switch can be configured to take one of three actions when a violation occurs using the following command: switchport port-security violation . All three options cause the switch to discard the offending frame, but some of the options make the switch take additional actions, such as sending syslog messages to the console, sending SNMP trap messages to the network management station, or disabling the interface.
Conclusion
As you can see, it is very easy to save the running config, copy it to a tftp server and perform the initial configuration for a Cisco device. Before changing the running config, be sure to make a backup.
Jeff is a former Director of Global Solutions Engineering at Netwrix. He is a long-time Netwrix blogger, speaker, and presenter. In the Netwrix blog, Jeff shares lifehacks, tips and tricks that can dramatically improve your system administration experience.
Cisco IOS: сохранение конфигурации
Конфигурация вашей сети Cisco хранится в двух основных местах: одно находится в ОЗУ, а другое — в текущей конфигурации (running configuration). Когда вы вводите команды, они активируются немедленно и сохраняются в текущей конфигурации, которая хранится в ОЗУ.
Поэтому при выключении питания конфигурация теряется. Чтобы сохранить эту конфигурацию, скопируйте ее в загрузочную конфигурацию (startup-configuration), что означает, что она хранится в энергонезависимой ОЗУ (NVRAM), чтобы конфигурация сохранялась при выключении питания.
Вы можете использовать две команды для сохранения вашей конфигурации: команду записи или команду копирования. Команда записи устарела, но будет выглядеть так:
Router#write memory Building configuration. [OK]
Более новая версия команды — это команда копирования, которая выглядит как:
Router#copy running-config startup-config Destination filename [startup-config]? Building configuration. [OK]
Команда копирования предлагает больше гибкости и возможностей. Вы можете не только скопировать данные текущей конфигурации в файл начальной конфигурации, но и скопировать их в файл на флэш-памяти или на TFTP-сервер в вашей сети.
Для любой команды вам нужно набрать столько букв, сколько требуется IOS для однозначной идентификации команды. Например:
Настройка оборудования
Блог о модемах, роутерах и GPON терминалах Ростелеком
Сохранение конфигурации Cisco
Сохранение конфигурации IOS Cisco.
Грамотный администратор никогда не брезгует лишний раз сохранить конфигурацию подшефного оборудования после очередного её изменения. Эта процедура совсем несложна, но в случае системного сбоя либо какой-либо неполадки, она серьёзно сократит время на восстановление работоспособности оборудования.
В этой статье я приведу самый простой способ — коннект по ssh или с помощью telnet к железяке и далее делаем бекап на tftp-сервер. Это можно оформить в виде скрипта. Минус такого способа в том что он затрачивает много времени при большом количестве обслуживаемых маршрутизатором. Но зато он самый надёжный.
В маршрутизаторах Cisco предусмотрено две конфигурации:
running configuration — рабочая конфигурация — активная конфигурация маршрутизатора(коммутатора). Рабочая конфигурация храниться в оперативной памяти маршрутизатора. При любой настройке оборудования — изменения записываются в рабочую конфигурацию.
startup configuration — стартовая конфигурация или конфигурация запуска. Данная конфигурация загружается при включении маршрутизатора, а посему храниться она в постоянной энергонезависимой памяти устройства. Система IOS организована так, что напрямую внести изменения в стартовую конфигурацию у вас не получится, так как все вводимые команды будут записаны в текущую рабочую конфигурацию. Но рабочий конфиг можно скопировать в конфиг запуска.
Для этого используется следующая команда:
#copy running-config startup-config — эта команда копирует текущую рабочую конфигурацию в стартовую;
Destination filename [startup-config]? — здесь система спрашивает имя для конфигурации — оставляем по-умолчанию и нажимаем Enter.
Building configuration…
[OK]
Теперь сделаем резервную копию(backup) текущей рабочей конфигурации. Для этого нам понадобится TFTP-сервер в сети (например TFTP32).
Далее на нашем маршрутизаторе выполняем команду:
#copy running-config tftp://10.0.0.1 — здесь tftp://10.0.0.1 — адрес вашего TFTP-сервера.
Address or name of remote host [10.0.0.1]? — система спрашивает еще раз правилен ли адрес — проверяем и нажимаем Enter.
Destination filename [router-confg]?
.
5460 bytes copied in 1.14 secs (2900 bytes/sec)
Итак, наша конфигурация сохранена и теперь можно спать спокойно 😉