1. Discovering Devices with CDP and LLDP
“Automate network topology mapping and device discovery using CDP and LLDP protocols for real-time insights”
2. Synchronizing Time with NTP
“Ensure precise time synchronization across network devices with NTP for accurate log correlation.”
3. Monitoring Devices with SNMP
“Monitor network performance and automate alerts using SNMP for proactive device management.”
4. Capturing Logs with Syslog
“Centralize network logging with Syslog for comprehensive visibility and rapid troubleshooting.”
5. Managing Configurations and Backups
“Automate network configuration backups and version control for consistency and disaster recovery.”
Network Management
A Practical Guide to Discovering, Maintaining, and Monitoring Your Network
Managing Configurations and Backups
In networking, being proactive about configuration backups is more than a best practice, it’s a safeguard against unexpected failures, misconfigurations, and upgrade hiccups. A single misconfigured command or failed upgrade can bring down critical network services, making robust backup strategies essential for maintaining network availability.
The Cost of Poor Configuration Management
Real-world scenario:
– 3 AM network outage
– Configuration corrupted during upgrade
– No recent backup available
– 4-hour restoration time
Cisco IOS Configuration Management
Essential File System Commands
| Command | Purpose | Example |
|---|---|---|
| show file systems | List available file systems | Shows flash, nvram, tftp, etc. |
| dir [filesystem:] | List directory contents | dir flash: |
| cd [directory] | Change directory | cd flash:/configs/ |
| pwd | Show current directory | Display current path |
| delete [filename] | Delete file | delete flash:/old-config.txt |
| mkdir [directory] | Create directory | mkdir flash:/backups/ |
Backup Methods and Examples
1. TFTP Backup (Most Common)
# Save running config to TFTP server
copy running-config tftp://192.168.1.100/router01-config-2024-07-09.txt
# Restore from TFTP
copy tftp://192.168.1.100/router01-config-2024-07-09.txt running-config
2. USB Drive Backup
# Check USB drive availability
show file systems
# Backup to USB
copy running-config usbflash0:/router01-backup-20240709.txt
# Restore from USB
copy usbflash0:/router01-backup-20240709.txt running-config
3. Local Flash Storage
# Save multiple configuration versions
copy running-config flash:/configs/daily-backup-07-09-2024.txt
copy startup-config flash:/configs/startup-backup-07-09-2024.txt
# Create organized backup structure
mkdir flash:/backups/
mkdir flash:/backups/daily/
mkdir flash:/backups/monthly/
4. SCP/SFTP (Secure Methods)
# Enable SCP server (IOS 12.4+)
ip scp server enable
# Copy via SCP
copy running-config scp://[email protected]/backups/router01.cfg
Terminal Emulator Method
For quick manual backups, use terminal emulators with logging:
Tera Term Configuration
1. Setup → Terminal → Log to file
2. Choose filename: router01-config-2024-07-09.txt
3. Execute: show running-config
4. Save and close log file
PuTTY Configuration
1. Session → Logging → Session logging: All session output
2. Log file name: router01-&Y&M&D-&T.log
3. Execute: show running-config
Multi-Vendor Configuration Management
Command Comparison Table
| Function | Cisco IOS | Juniper JunOS | HP/Aruba | Fortinet | Dell OS10 |
|---|---|---|---|---|---|
| Show Config | show running-config |
show configuration |
show running-config |
show full-configuration |
show running-configuration |
| Save Config | copy run tftp |
save config |
copy config tftp |
backup config tftp |
copy running-configuration |
| File Copy | copy source dest |
file copy source dest |
copy source dest |
backup config |
copy source dest |
| Directory List | dir |
file list |
dir |
fnsysctl ls |
ls |
| Config Rollback | Manual restore |
rollback |
config restore |
restore config |
rollback |
Network Device Backup Commands
Juniper Junos Examples
Configuration Backup and Management
# Save configuration
admin@router> save config juniper-backup-2024-07-09.conf
# File operations
admin@router> file copy /config/juniper.conf.gz ftp://192.168.1.100/
admin@router> file show /config/
# Automatic rollback (built-in feature)
admin@router# commit confirmed 5 # Auto-rollback in 5 minutes if not confirmed
HP/Aruba Examples
Switch Configuration Backup
# Save configuration
HP-Switch# copy running-config tftp 192.168.1.100 hp-switch-backup.cfg
# USB backup
HP-Switch# copy running-config usb backup-20240709.cfg
# Startup config management
HP-Switch# copy running-config startup-config
Fortinet Examples
FortiGate Configuration Backup
# GUI backup: System → Configuration → Backup
# CLI backup:
FortiGate# backup config tftp filename backup-20240709.conf 192.168.1.100
# SCP backup
FortiGate# backup config scp backup-20240709.conf 192.168.1.100 admin scp-path
Automated Backup Solutions
1. Simple Bash Script (Linux/TFTP)
#!/bin/bash
# backup-network.sh
DATE=$(date +%Y-%m-%d)
BACKUP_DIR="/var/lib/tftpboot/backups"
DEVICES=("192.168.1.1" "192.168.1.2" "192.168.1.3")
for device in "${DEVICES[@]}"; do
echo "Backing up $device..."
# Use expect or similar tool to automate CLI interaction
timeout 30 ./backup-device.exp $device $BACKUP_DIR/$device-$DATE.cfg
done
2. Python with Netmiko
from netmiko import ConnectHandler
from datetime import datetime
devices = [
{
'device_type': 'cisco_ios',
'host': '192.168.1.1',
'username': 'admin',
'password': 'password',
'hostname': 'router01'
}
]
for device in devices:
connection = ConnectHandler(**device)
config = connection.send_command('show running-config')
filename = f"{device['hostname']}-{datetime.now().strftime('%Y%m%d')}.cfg"
with open(filename, 'w') as f:
f.write(config)
connection.disconnect()
3. Commercial Solutions
| Solution | Features | Best For |
|---|---|---|
| SolarWinds NCM | Automated backups, change detection, compliance | Enterprise networks |
| ManageEngine OpManager | Config backup, change alerts, rollback | Mid-size networks |
| Oxidized | Open-source, Git integration, multi-vendor | DevOps environments |
| RANCID | Legacy but proven, CVS/SVN integration | Traditional networks |
Best Practices for Configuration Management
1. Backup Frequency Strategy
2. File Naming Convention
# Device-YYYY-MM-DD-HH-MM-Type.cfg
Examples:
- router01-2024-07-09-14-30-daily.cfg
- switch02-2024-07-09-09-15-preupgrade.cfg
- firewall01-2024-07-09-16-45-postchange.cfg
3. Storage and Retention
# Organize backups by date and type
/backups/
├── daily/
│ ├── 2024-07-09/
│ └── 2024-07-08/
├── weekly/
│ ├── 2024-W28/
│ └── 2024-W27/
├── monthly/
│ ├── 2024-07/
│ └── 2024-06/
└── emergency/
├── pre-upgrade/
└── incident-response/
4. Version Control Integration
# Git-based configuration management
git init /network-configs
cd /network-configs
# Daily backup script adds and commits
git add router01-config.cfg
git commit -m "Daily backup: router01 - $(date)"
git push origin main
# Track changes over time
git log --oneline router01-config.cfg
git diff HEAD~1 router01-config.cfg
Disaster Recovery Procedures
Emergency Restoration Steps
- Assess the situation – Determine scope of configuration loss
- Locate latest backup – Check backup repositories and timestamps
- Prepare for restoration – Ensure network connectivity to backup source
- Execute restoration – Use appropriate copy command
- Verify functionality – Test critical services and connectivity
- Document incident – Record what happened and lessons learned
Quick Recovery Commands
# Emergency config restore (Cisco)
copy tftp://backup-server/emergency-config.cfg running-config
# Partial config restore (specific sections)
copy tftp://backup-server/acl-backup.cfg running-config
copy tftp://backup-server/routing-backup.cfg running-config
# Verify restoration
show running-config | include [critical-settings]
Testing Your Backup Strategy
Regular Testing Checklist
- Monthly: Verify backup automation is working
- Quarterly: Test restore procedures in lab environment
- Annually: Full disaster recovery exercise
- After changes: Validate backup integrity
Backup Validation Script
#!/bin/bash
# validate-backups.sh
BACKUP_DIR="/var/lib/tftpboot/backups"
TODAY=$(date +%Y-%m-%d)
echo "Validating today's backups..."
for backup in $BACKUP_DIR/*-$TODAY.cfg; do
if [ -f "$backup" ] && [ -s "$backup" ]; then
echo "✓ $(basename $backup) - Valid"
else
echo "✗ $(basename $backup) - Missing or empty"
fi
done
Conclusion
Effective configuration management is the foundation of network reliability. By implementing automated backup procedures, maintaining proper file organization, and regularly testing restoration processes, network administrators can significantly reduce downtime and simplify troubleshooting.
Remember: The best backup strategy is one that’s consistently executed and regularly tested. Start with simple manual backups, then gradually automate and enhance your processes as your network grows.
Subscribe
0 Comments
Oldest