Configuration restoration Question

Answered Question
Aug 21st, 2009

Hello. I have some routers installed on some branch offices. I have access to them through ssh. I have created a new configuration that i want to install on all of them. The old configuration has to be erased. How can i do that without using erase start and rebooting because that will leave me without ssh access? I want the new config to replace the old one keeping none of the old stuff. Is restoring through ftp going to do what i want? Thanks a lot in advance.

I have this problem too.
0 votes
Correct Answer by pompeychimes about 7 years 3 months ago

"Configure replace" is the way to go. Also, if you are worried about ssh you should enable telnet temporarily. Enabling config manipulation and router reloads via snmp (v3 if possible) is also a good idea.

To avoid such worries in the future I highly recommend provisioning out of band access (Modem and phone line) to your remote routers.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mmacdonald70 Fri, 08/21/2009 - 06:28

To me knowledge, it can't be done as you request. On the ASA you have the option to "clear configure" but this would remove all configuration (including SSH access).

The best be that I can see would be to copy a new config into the running config that overwrites the old config. You will need to be sure to not delete the parts required for SSH. For instance if the old config is:

ntp server 10.0.0.1

interface fa0/0

description Address required for SSH

ip address 192.168.1.1 255.255.255.0

interface fa0/1

description another interface

ip address 192.168.2.1 255.255.255.0

it could be fixed by creating the config:

no ntp server 10.0.0.1

interface fa0/1

ip address 10.0.0.1 255.255.255.0

no shut

and copying it to running config (or just writing it as you go.

The other option would be to copy the full new config to startup-config and rebooting although you would need to make sure that you have it right (make sure that you have no shut on the interfaces).

If you decide to modify the running config instead of the startup, you can use the command "reload in x" to automatically reload the router in x miniutes in case you mess up. "reload cancel" will stop the reload when you are sure that it works.

I believe you can use the following command to accomplish what you seek:

Router#configure replace

I have used this with success to rollback changes. This is how it would work. If the new config was in flash:, then it would look like this:

Router#configure replace flash:config.new

There are some options to force the changes/etc. It works fairly fast and you can do it through ftp/tftp/flash/nvram/etc.

Richard Burts Fri, 08/21/2009 - 13:23

Theofanis

The configure replace sounds like a very interesting option. I have not used it and can not speak to how well it will accomplish what you need.

But I have used a technique that I believe will accomplish what you need. If you have created the new config file you can use tftp and copy it to startup rather than to running (copy tftp startup). TFTP to startup does a complete replacement (not like TFTP to running which does an overlay). so if you copy the new config to startup and then reload the result is that the old config is completely gone and the new config is running.

There is a caution I will give you about this technique: there is no syntax checking when you do the copy. The only syntax check is when the reload is loading the new config. So if there is a flaw in the new config you will not discover it until you reboot. If the flaw were to impact the interface to which you connect or were to impact SSH then you might find that you are locked out of the router when it loads the new config.

But if you are careful and the new config is correct then this technique will result in the complete removal of the old config and the use of the new config.

HTH

Rick

Correct Answer
pompeychimes Mon, 08/24/2009 - 20:16

"Configure replace" is the way to go. Also, if you are worried about ssh you should enable telnet temporarily. Enabling config manipulation and router reloads via snmp (v3 if possible) is also a good idea.

To avoid such worries in the future I highly recommend provisioning out of band access (Modem and phone line) to your remote routers.

Actions

This Discussion