Using TFTP server to backup and restore

Answered Question

I'm having trouble locating the backups. I installed 3CDaemon TFTP. Started the server. When to cmd and log in to the switch. enabled it, typed: copy running-config tftp: then clicked enter. entered ip address of my computer, entered filename. Where does it put this file? I'm missing something...

Thanks,

DJ

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 9 months ago

DJ

One thing I notice is that the new switch is hard coded for speed and duplex but the router is not. From what you posted from the router I am guessing that it is set to negotiate speed and duplex. It can cause problems on a connection when one device is set to negotiate and the other device is hard coded. I suggest that you change the switch to negotiate

config t

interface Gig0/1

no duplex full

no speed 100

end

You can do show interface gig0/1 and see what it says about speed and duplex. Hopefully it will say auto or negotiated. (and in fact it may negotiate for Gigabit speed which might improve performance).

In your testing it is probably less important whether you can ping the switch (especially if you think that something might not be right in configuring the address on the switch). I would start testing with the command show cdp neighbor. CDP is a Cisco protocol and if the uplink is working and connection is established then both devices should see each other as CDP neighbors. If you see CDP neighbors it is a sign that the uplink is working.

Good luck in the morning.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Richard Burts Mon, 02/25/2008 - 12:06

Donna

I am glad that you found it. I believe that on the C drive is the default for 3Cdaemon. It is configurable and you can specify whatever directory you prefer. I find that software to be very useful, very dependable, and easy to use.

HTH

Rick

Now, I've got to restore the file from backup. So, I boot up the new one and set it up with net work settings and then copy the back up of running config to the new one? Is that it?

I'm going to hook the new one to my laptop and do all the config stuff, so when I that the other one offline, I can just bring the new one up. Is there anything else I need to do?

Thanks,

DJ

Richard Burts Mon, 02/25/2008 - 20:24

DJ

There are a couple of options for how to load the config file from the TFTP server to the switch/router. When you have the config on the hard drive of your router you are able to edit the config file (I like word pad for this) and copy and paste from the PC to the switch/router in config mode. Or as you say you can do enough initial config to assign an IP address to the interface and then do a copy tftp to get the config from the server to the switch/router. Note that to do this you must initiate the copy from the switch/router (you can not initiate the copy from the server). Also note that if you are doing a copy tftp that you can either copy it to running config or you can copy to startup config. Assuming that all the interface names and numbers are the same this is all there is to it.

HTH

Rick

Does it matter that the switches are different models? The new one will replace the old one, so It will be using the same settings/interfaces except I will be connecting the new switch with fiber that runs to the severroom.

New Switch:

Cisco Catalyst 3560 with Standard Image, 48 - 10/100 Power over Ethernet (PoE) Ports and 4 -SFP GBIC Ports

Old Switch:

Cisco Catalyst 3550 Series Switch - 24 ports

Thanks,

DJ

Richard Burts Tue, 02/26/2008 - 10:09

DJ

In this situation you probably can not just use the old configuration directly in the new switch. Most of the settings will be the same but there are some differences between the switches that you will need to account for. In particular the old switch had only 24 ports while the new switch has 48. I am assuming that the uplink from the old switch was a copper based access port while the new switch will be doing its uplink on one of its GBICs with fiber. The new switch supports Power Over Ethernet - it is not clear whether you intend to use it or not but that could also make a difference.

My advice now that you have the config from the old switch on the server is to make a copy of the config (you want to save an archive copy of the old config) and then edit the copy to create a config for the new switch. In editing you can create entires for the new interfaces, you can set up the uplink, and you can make any other changes that seem appropriate.

I would suggest that you boot up the new switch - without connecting any of its ports. Then connect to the console port and login to the switch. Then get into privilege mode and do a show run. This will display the basic (mostly empty) config for the new switch. It will confirm for you what the interface names are. And if there are any new features that are in the code of the new switch but are not in the code of the old switch you can decide whether any of them need to be put into the new config that you are building.

After you have edited the new config file then I would suggest cut and paste into the switch in config mode as the way to load the new config.

HTH

Rick

Richard Burts Tue, 02/26/2008 - 10:26

DJ

I am sure that there will be more questions. Just go ahead and post them as they come up.

HTH

Rick

Richard Burts Wed, 02/27/2008 - 09:12

DJ

I see that you started a new thread about how to paste the config. I have posted an answer which I hope is helpful. If you still have questions about that feel free to ask some more.

I have looked at the config that you posted and believe that most of it can be pasted to the new switch. There are only two things that I would not paste and a couple of things you need to evaluate before pasting.

- I would not paste the line:

version 12.2

the new switch may or may not be at the same code level and the switch will put what it needs. so do not paste this.

- I would not paste the certificate information from the old switch. It is specific to the switch (especially since it is self signed). If the new switch needs certificate information it will have it.

- beyond that you should verify that the numbering of interfaces is the same between the switches (on the new switch is the first interface fastethernet0/1? If so the interfaces should translate directly. If not you may need to adjust the interface numbering.

- currently you have a trunk on interface fastethernet0/1 which appears to be your main trunk. Your post talks about the new switch doing that over fiber. So do not paste this interface config into fast0/1 of the new switch but make it the proper gig port.

- interface fastethernet0/17 has some aspects of an access port configuration and some aspects of a trunk configuration. It would be nice to clean this up before transfering to the new switch.

- as I mention in my other post the old switch has 24 ports and you indicate that the new switch has 48. If you are only going to use the first 24 for now you do not need to worry about configuring the last 24 (not until you need them).

HTH

Rick

Thank you so much for all you help!

I'm attaching the configs for the new switch. Take a look and see if I need to remove anything or add anything.

I also removed any ip address info with *.*.2.* because this is left from the old network.

I'm not sure why interface 17 was configured that way. or way interface 22 is different. And vlan5 has to be from the old configs, because we know longer use those ip's.

Richard Burts Wed, 02/27/2008 - 13:25

DJ

I have looked at the config that you posted for the new switch and I believe that it is ok.

HTH

Rick

Richard Burts Wed, 02/27/2008 - 20:48

DJ

It may be that it did not add the warning about access is logged because it may not have recognized the delimiter characters in the message. If it did not add it when you pasted the config it will not add it once you place it on the network. I suggest that you go back and manually add the message. The command is:

aaa authentication banner

and I believe that it is then looking for a delimiter character (a character which appears at the beginning and at the end of the message and does not appear in the text of the message). When it sees the delimiter it treats it as the beginning of the message and when it sees the next delimiter character it treats it as the end of the message. If you are confused about this, then I suggest that you access the switch, go into privilege mode, enter the command config t to enter configuration mode. In configuration mode you can enter partial commands and then use the ? to get on line help about the command.

I suspect that the problem with ip subnet-zero through not file verify was caused by the issue with the banner message. I believe that if you cut and paste those particular commands again that they should take. And if for some reason they do not take then you should be able to just type them into config mode.

HTH

Rick

Richard Burts Thu, 02/28/2008 - 04:26

DJ

I thought that I addressed the issue about DHCP in the last paragraph of my previous response. I think it is highly unlikely that if the DHCP info is not there now that the switch will pick it up when you put it on line. I believe that you should cut and paste the missing statements:

ip subnet-zero

ip domain-name it.abbe-lib.org

ip name-server 10.3.50.240

ip name-server 10.3.50.241

ip dhcp-server 10.3.50.240

back into the switch. Or if there is some issue with cut and paste for these commands then you can type them directly into config mode on the switch.

HTH

Rick

Richard Burts Thu, 02/28/2008 - 10:00

DJ

I am glad that you got the banner and ip subnet-zero and DHCP stuff back. Not too very bad was it?

There are several ways to get immediately to enable mode. The most simple is to simply asign privilege level 15 to the interfaces. Since that was in place for the vty lines in the config that you posted, am I correct in assuming that your question relates to console access? if so just include this command under line con 0:

privilege level 15

I am not sure that I understand your question about viewing aaa settings. There was not much aaa in the config that you posted (an authentication banner, an authentication fail banner, and authentication to use local passwords or line passwords). You can login to the switch and use the show running-config command to view the config and view the aaa lines. Are you looking for something else?

HTH

Rick

Richard Burts Thu, 02/28/2008 - 11:33

DJ

here are my comments about the differences.

the clock commands allow you to set some parameters about the clock on the switch. The clock timezone command is especially important if the switch is learning time from an NTP server. Since NTP was not in the config that you posted I assume that it is not important to you. This command sets the identifier for time as UTC and you might want to change it to EST (assuming that you are in the Eastern time zone) change UTC to EST in this command.

Clock timezone UTC -5

The clock summertime command causes the switch to automatically change for Daylight Savings time (and sets the time identifier). It might be good to put this into your switch (and I would suggest changing ITC to EDT)

Clock summer-time ITC recurring

I am not so familiar with the system mtu routing command. I believe that it is something that the code inserts into the config. I would not worry about it.

I would not worry about the certificate information that was in the old switch and not in the new switch. I do not believe that it is anything that you would use.

I would not be concerned about the spanning-tree optimize command not being in the new switch.

I would be concerned about this command not being in the new switch and suggest that you should put it in:

aaa authentication login default local line

I suspect that it was dropped by the same issue that dropped the ip subnet-zero and other lines. This line controls authentication when users login to the switch.

The exec-timeout 0 0 was under line con 0. If it is there the console will not log you out based on inactivity. Without this command the console will logout a session after 10 minutes of inactivity. Since it was in the old config you probably want it in the new config. But it is not significant one way or the other.

I am puzzled that these two lines are not there:

privilege level 15

transport input telnet

and I am wondering: in the original config there was line vty 0 4 with these lines and also there was line vty 5 15 with these lines. Is it possible that in the new config there is only line vty 0 4 and not line vty 5 15?

If they are missing under line vty 0 4 I would probably put them in. The command for privilege level 15 is the command that I mentioned in an earlier post that will put you directly into privilege level.

I notice one other thing that I will comment about. The aaa authentication login command specifies that it will prefer to authenticate with the userID and password configured on the switch and will use line passwords as a backup. I see that the console does have a password configured. I see that the vty lines do not. I would suggest putting a password (perhaps the same password that is on the console) on the vty lines.

HTH

Rick

I'm starting to understand what your talking about... image that!

Does it matter that under the line con 0, line vty 0 4, line vty 5 15 that they now have privilege levels and/or password settings?

it looks like this:

line con 0

exec-timeout 0 0

privilege level 15

line vty 0 4

privilege level 15

password xxx

transport input telnet

line vty 5 15

privilege level 15

password xxx

transport input telnet

And does this really go to a log file some how? and if so, where?

Thanks again,

DJ

Richard Burts Thu, 02/28/2008 - 14:07

DJ

I think that it is neat that you are starting to understand.

Assuming that the intent is for anyone who logs in to the switch (on console or via telnet to the vty) to go immediately to privilege mode (without requiring any further password) then the configuration of console and all vty looks ok.

I am not clear about your question about a log file. Perhaps you can clarify?

If it is about the configuration file there is not any log file that records configuration. But that does remind me of a couple of things to mention. One of which is that there is a running-config and a startup-config. The running-config is (as the name implies) the config that governs the running of the switch. When you have been making config changes the changes are in the running config. The running config is stored in RAM and like most computer memory if the switch power cycles or reboots for some reason the running config is lost. The startup-config is stored in non-volitle memory and is read when the switch boots to create the running config. So it would be a good thing that after you have made changes to use the command copy running-config startup-config (usually abbreviated as copy run start) to copy the config from RAM to NVRAM.

Also after you have made the config changes and things are stable on the new switch it would be a VERY good thing to use TFTP and make a copy (or several) that are stored somewhere other than on the switch.

HTH

Rick

Richard Burts Fri, 02/29/2008 - 12:04

DJ

Can you be a bit more specific about what was a no go? You did not list the IP address as a difference in the configs so I assumed that it was there. And frankly even if the IP address was not there it should not have impacted the switch ability to forward traffic. The IP address provides the ability to telnet to the switch to manage it remotely. But it does not impact bacis functioning of the switch.

My guess is more likely that there was a problem with the uplink from the switch. Can you tell me whether there was connectivity over the fiber?

HTH

Rick

I switch out the switches and I couldn't ping the switch and the pc's that use the ports for this switch could not reach the network. I changed the config info for the new trunk by changing the interface for the fiber.... Maybe I didn't config that correctly. I'm gonna go through the config file for the router.

for the fiber port, I enter the following configs on the router:

interface GigabitEthernet2/0/4

switchport trunk encapsulation dot1q

switchport mode trunk

on the new switch:

interface GigabitEthernet0/1

description Connection to 50-CoreSwitch-1

switchport trunk encapsulation dot1q

switchport mode trunk

duplex full

speed 100

I'll be troubleshooting it first thing in the morning. I'll try to update any thing I think might be of inportance. I don't know if there was connectivity over the fiber. The cable guy tested all of it and said it was ready. I'll verify for myself in the morning.

Thanks,

DJ

Correct Answer
Richard Burts Sun, 03/02/2008 - 15:17

DJ

One thing I notice is that the new switch is hard coded for speed and duplex but the router is not. From what you posted from the router I am guessing that it is set to negotiate speed and duplex. It can cause problems on a connection when one device is set to negotiate and the other device is hard coded. I suggest that you change the switch to negotiate

config t

interface Gig0/1

no duplex full

no speed 100

end

You can do show interface gig0/1 and see what it says about speed and duplex. Hopefully it will say auto or negotiated. (and in fact it may negotiate for Gigabit speed which might improve performance).

In your testing it is probably less important whether you can ping the switch (especially if you think that something might not be right in configuring the address on the switch). I would start testing with the command show cdp neighbor. CDP is a Cisco protocol and if the uplink is working and connection is established then both devices should see each other as CDP neighbors. If you see CDP neighbors it is a sign that the uplink is working.

Good luck in the morning.

HTH

Rick

Richard Burts Mon, 03/03/2008 - 12:22

DJ

I am glad that you got it working. Sometimes it is the very simple low level things like are the connectors oriented correctly that trip us up.

Getting the old switch to a different location will take a few things differently than replacing the old switch with the new switch. In particular you will need to change IP addresses and perhaps default gateway. There probably will be questions as you work through that. Feel free to post those questions here as they come up.

Thanks for the rating and good luck as you do the next switch.

HTH

Rick

Actions

This Discussion