CFG
Managing Configurations and Backups
Automate network configuration backups and version control for consistency and disaster recovery
Contents
In networking, being proactive about configuration backups is more than a best practice; it's a safeguard against unexpected failures, misconfigurations, and upgrade hiccups. A single misconfigured command or failed upgrade can bring down critical network services.
A robust backup strategy covers not just what to back up, but how frequently, where to store it, and how to verify and restore it. Configuration management without a tested restore process is not configuration management; it's false confidence.
Real-World Scenario: The Cost of No Backup
3 AM network outage. Configuration corrupted during upgrade. No recent backup available. 4-hour restoration time rebuilding from memory and change logs. This is entirely preventable with automated daily backups.
IOS File System Commands
| Command | Purpose | Example |
|---|---|---|
show file systems | List available file systems | Shows flash, nvram, tftp, usb |
dir flash: | List directory contents | dir flash:/configs/ |
mkdir flash:/backups/ | Create directory | Organize backup folders |
copy run tftp: | Backup running config | Most common backup method |
copy tftp: run | Restore from TFTP | Recovery from backup server |
delete flash:/filename | Delete file | Clean up old backups |
Backup Methods
1. TFTP Backup (Most Common)
Cisco IOS — TFTP Backup and Restore
# Save running config to TFTP server copy running-config tftp://192.168.1.100/router01-config-2025-07-15.txt # Save startup config too copy startup-config tftp://192.168.1.100/router01-startup-2025-07-15.txt # Restore from TFTP copy tftp://192.168.1.100/router01-config-2025-07-15.txt running-config
2. SCP / SFTP (Secure — Recommended)
Cisco IOS — SCP Backup
# Enable SCP server on the router (IOS 12.4+) Router(config)# ip scp server enable # Copy via SCP from external system scp [email protected]:running-config ./backups/router01-2025-07-15.cfg # Or push from router via SCP copy running-config scp://[email protected]/backups/router01.cfg
3. USB Drive Backup
Cisco IOS — USB Backup
# Verify USB is available Router# show file systems | include usb # Back up to USB Router# copy running-config usbflash0:/router01-backup-20250715.txt # Restore from USB Router# copy usbflash0:/router01-backup-20250715.txt running-config
Multi-Vendor Command Reference
| Function | Cisco IOS | Juniper JunOS | Fortinet |
|---|---|---|---|
| Show Config | show running-config | show configuration | show full-configuration |
| Save Config | copy run tftp | save config | backup config tftp |
| Rollback | Manual restore | rollback 1 | restore config |
| Commit Confirm | Not built-in | commit confirmed 5 | Not built-in |
Juniper JunOS — Commit Confirmed (Auto-Rollback)
# Commit with 5-minute auto-rollback if not confirmed user@router# commit confirmed 5 # Must confirm within 5 minutes or config rolls back automatically user@router# commit # Confirms and makes permanent # Save configuration to file user@router> save config backup-2025-07-15.conf
Automated Backup Solutions
Python with Netmiko
Python — Automated Backup Script
from netmiko import ConnectHandler
from datetime import datetime
devices = [
{'device_type': 'cisco_ios', 'host': '192.168.1.1',
'username': 'admin', 'password': 'password', 'hostname': 'router01'},
{'device_type': 'cisco_ios', 'host': '192.168.1.2',
'username': 'admin', 'password': 'password', 'hostname': 'switch01'},
]
for device in devices:
conn = ConnectHandler(**device)
config = conn.send_command('show running-config')
date = datetime.now().strftime('%Y%m%d-%H%M')
filename = f"backups/{device['hostname']}-{date}.cfg"
with open(filename, 'w') as f:
f.write(config)
print(f"Backed up {device['hostname']} -> {filename}")
conn.disconnect()
Commercial Backup Automation Tools
Oxidized — Open-source, Git integration, multi-vendor
RANCID — Legacy but proven, CVS/SVN integration
SolarWinds NCM — Change detection, compliance checking
ManageEngine NCM — Mid-size networks, change alerts
Ansible — Playbook-driven config management
File Naming Convention
Recommended Naming Standard
# Format: DeviceName-YYYY-MM-DD-HHMM-Type.cfg router01-2025-07-15-0200-daily.cfg switch-core-2025-07-15-0200-daily.cfg firewall01-2025-07-14-pre-change.cfg # Before a change window firewall01-2025-07-14-post-change.cfg # After a change window
Best Practices
Key Recommendations
- Automate daily backups; manual backups will be forgotten before the outage that needs them
- Always backup before any change window, maintenance, or upgrade
- Store backups off-device; a TFTP server or Git repository, not just flash
- Test restores quarterly; an untested backup is not a backup
- Use Oxidized or RANCID for automated multi-device backup with version history
- Implement change detection alerts; know when a configuration changes unexpectedly
- Keep 30 days of daily backups minimum; retain pre-change backups indefinitely
- Use Juniper's
commit confirmedor equivalent for safe configuration testing
Subscribe
0 Comments
Oldest